However, even in light of these kinds of trends, there is still a fallacy that small businesses have less to worry about than their larger corporate counterparts. This mistaken belief comes from the assumption that big corporations have a bigger target on their backs because they have more of the things that are worth stealing (sensitive information, customer data, money, and so on). But what this line of thinking fails to consider is that larger companies also typically have more safeguards in place to protect their assets. Big corporations typically have not only the technology needed to be more buttoned up, but also the policies, procedures, and personnel in place to better protect themselves. As a result, cybercriminals are increasingly targeting smaller organizations. In fact, in his book "Fire Doesn't Innovate," Kip Boyle reveals that a ransomware attack on a small business these days costs the organization an average of $4M. 
​
As cyber security threats continue to evolve businesses and their employees must be on guard at all times. Organizations of all sizes, but especially small-to-medium sized businesses (SMBs), need to be able to identify today’s most common cyber scams and equip their staff to prevent them! 

The internet is buzzing right now with the high profile story of Ernst & Young (EY) being forced to pay an unprecedented $100M fine by the SEC after it was discovered that hundreds of its auditors cheated on ethics exams to obtain or maintain their CPA licenses. To say that this has rocked the accounting world would be the understatement of the century!

This astronomical fine is the highest ever imposed by the SEC and likely reflects the fact that EY allegedly was aware of the cheating, which occurred over a four-year period, and covered it up instead of reporting it. In fact, the fine is twice what competitor KPMG paid in 2019 after cheating was discovered by SEC regulators. Speculation has it that the hefty fine is also meant to act as a signal to other accounting firms that the commission is not going to tolerate ethics violations, given that the auditors cheated on the ethics portions of the exams (of all things!).

In the wake of this very public news, accounting firms nationwide are being met with a dubious eye from current clients and prospects, who are questioning their ethics as well. And who can blame them? 

The IRS lays out a set of six best practices that tax professionals must abide by to protect taxpayer data, referred to as the “Security Six.”

​While the phrase Security Six applies specifically to tax accountants, tax preparers, and tax auditors, anyone can (and should) follow these same safeguards with sensitive data. Additionally, if you are outsourcing your financial functions to a third-party bookkeeper or accountant, they should be taking these precautions on your behalf as a component of your overall cyber security strategy.

Ask yourself what kind of security measures you have in place to protect your financial information and your customers’ information. How many of these Security Six protections are you using right now?

Cybersecurity is always vital, but in recent months it has become more critical than ever before. In the wake of the COVID-19 pandemic, hackers and fraudsters have capitalized on the disruption and increased their efforts to steal personal and business data. According to Jeff Bathurst, cybercriminals have used this as an opportunity to prey on companies that were not fully prepared to work in a completely remote environment. The pandemic quickly magnified any cybersecurity weaknesses that businesses had, and immediately after the pandemic hit, there was a 40% increase in cyberattacks. In April alone, criminals stole a staggering 220 million company and personal records.
​
But pandemic or not, cybersecurity should be a top priority for every company. Understanding where your business is vulnerable and what it can do to stay protected will help you avoid cybersecurity issues. 

Billing fraud is the most common type of fraud that small businesses experience, accounting for 27% of all fraudulent activity.
​
Billing fraud primarily occurs in one of three ways, when employees:

1. Submit fictitious invoices for a vendor that does not exist (also known as a “shell company scheme”)
2. Inflate invoices for a real vendor that is unaware of the fraudulent activity occurring
3. Invoice the purchase of personal items

​While employees may justify their illegal actions due to need or entitlement, billing fraud ends up costing small businesses billions of dollars every year.