Monday, June 30, 2014


Get Safe Online publishes online safety hints, tips and videos

Posted in ,
Experts say the government should get involved with tackling the challenge of social engineering scams

Research just published claims to show that more than £21 million has been lost in the UK to social engineering scams in the first five months of the year - with around 23 percent of people in the UK having received a cold call requesting personal or financial information.

To raise awareness of the issue, Get Safe Online (GSO) - the Internet safety and security agency - has produced a new series of informative videos offering advice and tips.

According to GSO – a sponsored agency that seeks to promote education on Internet safety - social engineering is the use of deceit to manipulate or trick victims into certain actions including divulging personal or financial information.

Examples, says the agency, include phishing emails and fraudulent phone calls asking for personal or financial information - known as vishing - or phone calls from fraudsters impersonating computer technical support agents.

Tony Neate, the agency's chief executive - who helped set up GSO in the mid-2000s after a lengthy career in the Police – says it is important that the public are aware of what social engineering actually is, as there are so many types which can lead to the theft of your money or identity.

It can be easy to fall prey to social engineering, he says, as schemes can be elaborate and highly convincing, with approaches usually made by somebody you think you should trust or who appears to be in authority.

"It's not just individuals who are likely victims, it's also businesses. We hope that by raising awareness of how to avoid becoming a victim of social engineering through our online videos and activity with our partners, we can help prevent it from happening to others," he explained.

The Head of the NFIB and Action Fraud, detective superintendent Peter O'Doherty, said that the face of crime has significantly changed in recent years, with much of today's offending being conducted over the phone and through a computer rather than face-to-face.

"People need to be aware there are ruthless, calculating criminals using social engineering scams to obtain personal and financial information that makes them a profit and makes individuals and businesses victims of crime. This multimedia Get Safe Online campaign will shine a light on these practices and help the public know when they are being targeted and the best ways to protect themselves," he explained.

Commenting on GSO's latest Internet user education move, Professor John Walker, a visiting professor with Nottingham Trent University's School of Science and Technology, said that social engineer attacks are popular, simply because cyber-criminals have a lot of attack surface area to exploit.

"They don't have to get that high a success rate before they generate the required revenue from their scams," he said, adding that the government, rather than sponsored agencies like GSO, needs to tackle what has become a growing problem.

The problem with the current government and its security education efforts, he noted, is that we are in a situation of the ill-informed talking to the uninformed, with predictable consequences.

"And we're not just talking about money here. Some of these scams have wiped out people's life savings and have directly affected people's health. It really is a serious problem," he explained.

Peter Wood, CEO of pen-testing specialist First Base Technologies, said that social engineering is now a continuing attack model that originally centered on home users of the Internet, but is now expanding into business attacks.

The good news, he says, is that his team at First Base is now starting to see a lot better awareness of the problem among clients, as their understanding of the threat has risen in recent times.

"It was the same with ISO 27001 - people gave us blank looks when we mentioned it. Now they understand and specifically ask for social engineering testing as part of their pen testing processes, which is good news," he said.

Tim Keanini, CTO with Lancope picked up on Walker's suggestion that government needs to act on the issue.

"I think it is worth pointing out that if we include the fraud that occurs online with email phishing, txt, instant messaging, online dating, and factor in that a certain percentage of these victims are still unreported, these numbers could easily approach 40 percent of the population," he said, adding that businesses need to establish - as a part of new customer enrolment - social and technical means of authenticating the communication.

"If not, it is just too easy for these attackers to impersonate that business and make these customers victims,” he explained.

Mark Sparshott, EMEA director at Proofpoint, said that the old 'vishing' (voice phishing) attacks have given way to large-scale email based social engineering attacks - most of which start with spear-phishing, long-lining and phishing emails - and which are so sophisticated they fool security software and humans alike into thinking the emails are genuine and that the malicious Web sites they link to harmless. 

"The most successful email lures are social networking, preying on the human desire for social interaction and belonging, financial account warnings and order confirmations (preying on the desire for financial stability) and breaking news stories (preying on human curiosity and compassion). However, fake LinkedIn Invitations are by far the most dangerous - achieving a click rate 4x that of any other type of email lure," he said, adding that Proofpoint's advice is to 'think before you click.'


Friday, June 27, 2014


How To Avoid The Perils Of Online Banking

Posted in
There are times — many, in fact — when I love online banking.

Then there are other times when I find it so frustrating — and costly — that I think maybe I should pull the virtual plug. That’s because I make careless mistakes in paying my bills.

Maybe you do, too. If so, I’d like to spare you some of the same pain, so I’m here to offer tips to help you avoid similar banking frustrations.

But first: How do I love online banking? Let me count the ways.

What I Love About Online Banking

First, there’s the ease of being able to check my balance at any time of day or night on my computer or smartphone. I also adore online banking’s simple bill-paying features. At one sitting, I can arrange my payments and schedule them for different days, often weeks in advance, closer to the due dates.

And just last week, my bank launched a mobile phone app that lets me deposit a check simply by taking a photo of the front and (after I endorse it) back. Zap, zip and it’s done.

What I Don’t Love About Online Banking

What’s not to love about online banking? Unfortunately, I’ve learned the hard way that it can sometimes be my nemesis. Three examples:

The forgotten click. Once, in my rush to complete a batch of electronic payments, I neglected to click the “schedule payments now” button. I discovered the error when the next batch of bills came due — with outstanding balances and penalty fees. (Fortunately, I got the fees waived after explaining the error; but if I made this faux pay again, I don’t think the companies would be so accommodating.)

The water torture. A few months ago, our public utility notified us that they were about to cut off our water since we hadn’t paid our quarterly bill. Turns out I’d entered the date for a month after it was due, so the payment failed to arrive.

Unfortunately, I didn’t open the notice until 5:15 p.m. on a Friday, after the utility’s office closed. So I nervously sweated out the error over the weekend. When the office opened on Monday, I went there to pay my bill.

Beyond my blues — Verizon. Once I sent my electronic payment for Verizon Wireless to my Verizon landline account. I discovered the mistake when the next Verizon Wireless bill arrived past due and with a penalty. I quickly paid up and asked Verizon to return my money from the landline account, but the company said I had to wait 60 (!!) days to get it.  Grrr.

Those mistakes are nothing compared to a friend who sent her health insurer $254,600 electronically for a $254.60 bill. You guessed it: She misplaced a decimal point. Fortunately, the insurer caught the mistake, notified her and never deposited the money. Still, the thought that it could have prompted both of us to have all sorts of nightmarish thoughts of bounced checks, overdraft fees and penalties.


Wednesday, June 25, 2014


Phishing Scam Ensnares Almost 2,000 Justice Department Staff

Posted in ,
OTTAWA - Many of the Justice Department's finest legal minds are falling prey to a garden-variety Internet scam.

An internal survey shows almost 2,000 staff were conned into clicking on a phoney "phishing" link in their email, raising questions about the security of sensitive information.

The department launched the mock scam in December as a security exercise, sending emails to 5,000 employees to test their ability to recognize cyber fraud.

The emails looked like genuine communications from government or financial institutions, and contained a link to a fake website that was also made to look like the real thing.

Across the globe, an estimated 156 million of these so-called "phishing" emails are sent daily, and anyone duped into clicking on the embedded web link risks transferring confidential information — such as online banking passwords — to criminals.

The Justice Department's mock exercise caught 1,850 people clicking on the phoney embedded links, or 37 per cent of everyone who received the emails.

That's a much higher rate than for the general population, which a federal website says is only about five per cent.

The exercise did not put any confidential information at risk, but the poor results raise red flags about public servants being caught by actual phishing emails.

A spokeswoman says "no privacy breaches have been reported" from any real phishing scams at Justice Canada.

Carole Saindon also said that two more waves of mock emails in February and April show improved results, with clicking rates falling by half.

"This is an awareness campaign designed to inform and educate employees on issues surrounding cyber security to protect the integrity of the department's information systems and in turn better protect Canadians," she said in an email.

"In this case, this exercise specifically dealt with the threat from phishing which is increasingly being used as an attack vehicle of choice by cyber criminals."

"As this project progresses, we are pleased that the effectiveness of this campaign is showing significant improvement."

A February briefing note on the exercise was obtained by The Canadian Press under the Access to Information Act.

The document indicates there are more such exercises planned — in June, August and October — and that the simulations will be "graduating in levels of sophistication."

Those caught by the simulation are notified by a pop-up window, giving them tips on spotting malicious messages.

The federal government's Get Cyber Safe website says about 10 per cent of the 156 million phishing emails globally make it through spam filters each day.

Of those, some eight million are actually opened by the recipient, but only 800,000 click on the links — or about five per cent of those who received the emails.

About 10 per cent of those opening the link are fooled into providing confidential information — which represents a worldwide haul of 80,000 credit-card numbers, bank accounts, passwords and other confidential information every day.

"Don't get phished!," says the federal website, "Phishing emails often look like real emails from a trusted source such as your bank or an online retailer, right down to logos and graphics."

The site says more than one million Canadians have entered personal banking details on a site they don't know, based on surveys.

In late 2012, Justice Canada was embroiled in a major privacy breach when one of its lawyers working at Human Resources and Skills Development Canada was involved in the loss of a USB key.

The key contained unencrypted confidential information about 5,045 Canadians who had appealed disability rulings under the Canada Pension Plan, including their medical condition and SIN numbers. The privacy commissioner is still investigating the breach.


Friday, June 20, 2014


Fraudulent transactions on lost or stolen cards are up

Posted in
Card fraud was up 16 per cent to $304 million in 2013, and the number of transactions on lost or stolen cards rose 26 per cent to $34 million.

The vast majority of the fraud was done online, accounting for $219.7 million, up 20 per cent on 2012, according to the latest figures from payments industry body the Australian Payments Clearing Association.

But since 2010, the number of fraudulent transactions for smaller amounts on lost or stolen cards appears to have jumped dramatically.

The total number of transactions made on Australian lost or stolen cards rose 94 per cent in 2013 to 162,896.

Since November last year, Victoria Police have maintained that data they have compiled shows the explosion in the use of tap and go cards in Australia is to blame for a rise in break-ins and bag snatching to steal contactless cards.

However – after extensive consultation with police – internet security experts, banks and card companies say they don’t agree.

A spokeswoman for MasterCard said an industry working group on contactless payments had compiled data on fraud using tap and go cards.

It said tap and go fraud accounts for “less than 2 per cent of total card fraud”, while contactless transactions have grown by 350 per cent between 2012 and 2013.

“We don’t see that in the statistics and it just doesn’t make sense to us that contactless is the driver of fraud,” said Chris Hamilton, chief executive of APCA. “Yes, contactless cards can be stolen and used for fraud, but they are no more likely to contribute to the fraud statistics than non-contactless.”

Mr Hamilton said the cap on the amount that could be withdrawn automatically limited the value of fraud on tap and go cards.

“You can’t go out and buy a flat screen TV with these cards, for instance” he said. “The proposition that they are driving fraud must derive from a proposition that criminals or fraudsters are targeting these cards, and can’t see that that is likely.”

He also pointed to a similar shift in fraud from card skimming to card theft in the UK when chip cards were brought in there. Unlike Australia, though, contactless cards were not brought in at the same time.
“Our suspicions are that it is more to do with the fact that counterfeit card skimming is under control,” he said.

Fraud from details skimmed from cards and used on counterfeit cards has fallen by 33 per cent since 2008, although it was unchanged at $37.2 million between 2012 and 2013.

Pat Boyle, Victoria Police’s head of fraud, told The Australian Financial Review earlier in June that he would review new contactless fraud data that banks are compiling.

“We need to build up trust and I need to build up knowledge, so I am confident I have the right information when I brief people,” ­he said.

Mr Hamilton said the main focus needs to be on online fraud because it is growing and accounts for the greatest amount. He said banks, merchants and individuals all had a responsibility and an interest in reducing fraud.

Alastair MacGibbon, Director of the Centre for Internet Safety at the University of Canberra, said business and individuals need to do more to detect fraud and secure credentials.“We need to secure our computers more, and importantly businesses need to be using better fraud detection technology to see if they are using stolen cards,” he said. He said the technology is readily available to do this.

“Businesses do need to develop their skill sets for online fraud. [They] are losing money through this type of fraud.”


Thursday, June 19, 2014


Protect yourself from phishing attacks

Posted in
The term 'phishing' derives from the idea of fishing -- fishing for information. It refers to a type of internet fraud that attempts to collect sensitive financial information. Typically, a fraudulent email is used for this. The fraud disguises as a trustworthy entity to trick people into revealing information such as user name and password, address and phone number, PAN card number, date of birth, ATM/Credit card number, card validation code, etc. They lure the unsuspecting into financial ruin.

According to the Anti-Phishing Working Group, an international consortium, there were at least 115,565 unique phishing attacks worldwide during the second-half of 2013. These attacks were carried out by using 82,163 unique domain names, which were registered maliciously. Top five top-level domains used for the purpose were .COM, .TK, .PW, .INFO, .NET, and .CF. The targets mostly included large and small banks in Latin America, India, and the Arab world. It appears that almost any enterprise with an online presence can be a phishing target -- the report adds.

Phishers use different disguises, methods and mediums -- they can approach you as a credit card company or an online shopping site. Besides deceptive emails, fax and phone calls can also be used. Sometimes great sounding offers are used as baits. They also try to steal data from your PC by injecting malware as email attachments or downloadable files. Sometimes, a link is mentioned and clicking on it can lead to a copycat website that is identical to your bank's website, and when you 'update' your information on that site, it goes to the phishers.

So, be cautious. Never disclose sensitive financial information to anyone, even if the mail appears to come from a bank or a business you usually deal with or  even when the website on which you are asked to provide information appears authentic. Never download files or open attachments sent to you from unknown senders. Don't get misled when you receive a message like this: "We recently upgraded our online banking security system, confirm your log-in details"; don't panic when you get a pop-up warning: "Your computer has been compromised! Click here to download a security fix!"; and don't get lured by offers like: "Win a free iPad!"

For a small business phishing attacks could mean financial ruin, so always follow strict online safety practices. Use an advanced security software package that detects not only viruses and spam but also malware and suspicious e-mail attachments. Always use strong passwords, encrypt all sensitive information, use appropriate backup solutions, and also educate your employees about internet safety and latest threats. And never forget the basic rule -- keep your secrets secret.


Wednesday, June 18, 2014


How To Protect Yourself Against World Cup Phishing Frauds

Posted in

Understanding the proclivities of the 2014 FIFA World Cup fans gives criminals an advantage. The World Cup provides a window of opportunity and a tremendous vehicle for online fraud such as phishing. Not only do the targets accept that they will receive a barrage of World Cup-related solicitations, but they often desire said solicitations and are excited to “click”.

This “perfect storm” isn’t specific to the World Cup. Phishing scams are often associated with current events such as:

§  Entertainment in the form of movie trailers, awards and celebrity photos
§  Sporting events with large, preferably global audiences
§  Natural disasters, political elections and military actions
§  Viral videos of animals seeing themselves in mirrors

Unfortunately for the targets of phishing, the fraudsters have nefarious ulterior motives. The fraudsters may be interested in identity theft, stealing credentials, stealing financial information, locking your system and holding it for ransom, or adding your device to their botnet army to be controlled at will. The results of phishing can impact individuals and organisations. The impact can be felt in a number of ways including depleted bank accounts, credit debt, sensitive/personal data theft, countless hours of negation with financial institutions, embarrassment, stress–the list goes on.

The risks to the criminals are low. This is because the likelihood of being apprehended and the severity of the punishment for phishing, and most cybercrimes depending on country, are low. Thus legal deterrence is ineffective.

Phishing Safeguards

While there is no anti-phishing panacea that will mitigate all threats, there are technical and non-technical controls that can reduce the risk of a phishing attack being successful. Here are 15 safeguards to consider:

1.       Verify before you click, download and open
2.       Use bookmarks instead of clicking on a link, or typing in a URL with potential misspellings; that URL could take you to a malicious site
3.       Don’t respond to emails with sensitive data
4.       Don’t enter sensitive data it into a form indiscriminately
5.       Don’t enter sensitive data into pop-up windows
6.       Understand criminal tactics and if in doubt pick up the phone – criminals will try to create a compelling event such as

§  Enter your password or all your cloud data will be corrupted
§  Click here to avoid your Internet service being disconnected
§  Final warning – download this anti-malware tool to avoid shutdown
§  You have five seconds to comply or your bank account will be frozen

7.       Your smartphones and tablets are computers too and the security best practices you apply to traditional computers like laptops should apply to them
8.       Keep your operating systems and applications patched and up-to-date
9.       Use web filtering software to disallow access to known bad sites — many are free
10.   Use browser phishing protection — common in most modern browsers
11.   Install and update endpoint security controls
12.   All legitimate websites requesting personal information such as your bank should be encrypting communications — look for “HTTPS” and or the lock icon in the browser’s URL field
13.   Keep an eye on your account activity — many sites provide last login date, location, and so on
14.   Use credit activity monitoring services
15.   Report suspicious activity and opt in to share threat intelligence via your security solutions — use the crowd as a force multiplier

With events like the World Cup where information is flooding our laptops, tablets and smartphones from all directions, it is important not to get so caught up in the moment and forget the criminals are working overtime.

By considering these 15 safeguards and successfully mitigating phishing attacks, you’re negatively impacting the criminal revenue stream and making this type of fraud less appealing.


Tuesday, June 17, 2014


10 Things You Probably Didn’t Know About Identity Theft

Posted in

Identity theft has become one of the biggest concerns for Americans. However, it is also one of the most misunderstood subjects among consumers. We are always looking for ways to protect ourselves from fraud. Credit card fraud or identity theft can turn your life upside down, especially if you have to spend time with law enforcement or incur legal charges. It’s always best to prevent identity theft instead of trying to fix problems once they start. There are plenty of ways that you can make yourself safer as a consumer. If you follow some of the steps below, you are much less likely to become a victim of identity theft.

Fake Wi-Fi Hotspots
While public Wi-Fi hotspots are extremely convenient, they can also be very dangerous. Make sure you avoid generic Wi-Fi hotspots names, such as “Hotel Wi-Fi” or “Airport Wi-Fi.” Once you log into a fake Wi-Fi hotspot, thieves can gain access to everything in your phone, tablet or computer. That means usernames, passwords, credit card numbers and any other important data that you’ve used online. You’ll want to be cautious about which public hotspots you use, and what information you disclose online in public areas.

Medical Identity Theft
Medical identity theft is an increasing threat. The medical field is growing every year, and more individuals are getting treatment, prescriptions and using health insurance. But when you enter your name and social security number online for these medical services, you can be putting yourself at risk. Make sure you only give critical personal information at medical centers, and do so in person. You’ll also want to check with your health insurance company on a regular basis to ensure that all charges are legitimate.

Mail Redirects
Are you receiving less mail then you used to? Are you getting calls and emails about products you’ve never ordered? You might be the victim of a mail redirect scheme. Mail redirect schemes occur when a thief uses your personal information to request an address change from the Post Office. The thieves change your mail to an address of their choosing, where they can collect your personal information and open up new accounts. Make sure you shred personal information and stop junk mail and other unwanted solicitations.

Search Engine Manipulation
Search engine manipulation, sometimes called search engine poisoning, refers to the act of thieves manipulating search engine results so that fake websites looking for your information show up in a higher position in the listings. Maybe you Google your bank’s name, and click on a phony website that shows up higher than usual. That phony website looks like the real thing, except it collects all of your entered personal information and feeds it to identity thieves.

Military Scams
Military men and women are constantly entering their personal information in different places, which makes them prime targets for scams. Identity thieves can pretend to be offering a new program for military members, only for those entering their information to find out that the entire thing was a scam. Military members should constantly check the validity of different military programs to make sure that their information is safe.

Theft Via Computer Games
Online games where individuals open accounts virtually is a new way for thieves to steal your personal information. Online thieves can issue phishing attacks against online games and payment systems in order to obtain critical information. Sometimes, thieves send fake emails in hopes of gamers inputting their personal data. Only log in from a secure website and be wary of emails that ask you for your information.

Unsolicited Emails
If someone sends you an unsolicited email asking you for personal information, you should immediately report it as spam. Financial service companies never send unsolicited emails asking for your personal or financial information. Make sure you only give out your financial information in conversations that you initiated.

Credit Cards Have Stronger Fraud Protection Than Debit Cards
Know that credit card protections offered are stronger than those offered by debit cards. Credit cards, due to federal law, restrict the amount you are liable for to $50. Depending on when you report the debit card theft, you can be liable for $50 up to the full amount.

Your Credit Card Number Can Get Stolen Without You Explicitly Revealing It
Even if just part of your personal information is stolen, thieves can use it to find the rest of your information. Make sure that you shred all important documents that you receive in the mail, especially financial statements.

Check Your Online Statements On A Regular Basis
Although financial statements are nice to get in the mail, they also leave you open to potential identity theft attempts. It’s better to go paperless, and then check your statements online. That keeps you more up to date on a regular basis, and it also prevents identity thieves from being able to get physical access to your information. If you are truly ready to prevent identity theft, then you should stop getting paper statements in the mail which contain your critical personal information.

As you can see, there are plenty of ways identity thieves can attempt to steal your personal information and credit card number. But if you avoid risky behavior, you can save yourself a lot of time, money and effort. It can be extremely difficult to go through the law enforcement and legal process after your identity has been stolen, and it can be frustrating not knowing if your identity is still compromised. By avoiding some of these traps, you will protect yourself and lessen the risk of your critical information falling into the wrong hands.


Tuesday, June 3, 2014


Hass and Associates Cyber Security Sound Business Advice: Seven tips to proactively prevent fraud

Posted in
The personal battle of owner-operators against fraudsters

For autonomous entrepreneurs, fraud is a truly ominous and pervading risk. Private businesses are very susceptible to the threat of fraud because of the character of their enterprises.

Majority have no corporate structure to identify and/or engage with an occurrence, choosing often to shrug their shoulders and let it go.

Yet, there is a lot businesses can do to protect themselves. Like any big company, owner-operators can take steps to detect the signs of fraud and reduce the damage within their group.

A KPMG report entitled, “Who is the typical fraudster?”, recently released findings based on 350 fraud investigations. It showed a “distinctive model” that describes qualities and work habits of fraudsters. Appreciating these telltale signs can help you establish a workable risk management approach.

The study also disclosed that most fraudulent events are either steps to cover up losses or low productivity, or includes the misuse of assets (misappropriation or purchasing fraud). A revealing fact derived from the study is that the main cause for majority of the proliferation of frauds remains to be the exploitation of faults in internal controls (a surprising 74% of all cases had such unstable internal controls). In short, the opportunity for fraud is potentially high.

One other reason clearly arises from human nature: motivation. Fraudsters are often enticed by personal desire to satisfy a need such as an addiction or driven by a pressing financial problem. Strongly related to that is psychological justification. This factor must be present to lead people to breach the law and to commit unlawful deeds. For instance, they rationalize and convince themselves they are being short-changed and tell themselves they are merely “taking out a loan” and are planning to pay it back anyway.

Once fraud is committed, usually it is personal; and being so, private businesses are very prone to considerable damages. And more importantly, the effects of duplicity can considerably ruin an environment wherein senior workers are also treated as intimate friends.

Dealing with our customers who are private firms, we observe so many common organizational qualities which engender the opportunities for fraud. First, there exist no internal control systems, whether due to lack of knowhow, time, or, simply, due to childish trust.

Second, business owners have a tendency to foster more intimate personal connections with their employees and tend to trust them with major tasks.

Which leads us to a third threat. Trusted employees in private business usually perform independently, and, in most instances, manage a variety of responsibilities. A big company would never give to one employee the tasks of handling deposits, mail, and bank statement reconciliation, for instance. It is obvious that one person handling both record-keeping and assets, subjects the person to the temptation of misusing assets and manipulating accounting records to hide the fraud.

What then can a private business do to reduce the danger of fraud?  Seven tips below will show you some best practices that can help you improve in your risk-management capability:

1. Never give the task of handling your assets to only one person. Doing so can place you in a very risky situation and allows that person to manipulate your assets in case the opportunity and motivation arise. Make sure your banking procedures (e.g., withdrawals, deposits, account reviews, etc.) are assigned to different employees.

2. Be watchful on your financial tasks. Make certain that have access to electronic banking and remittance activity records. Impose a monthly report of your financial statement as well reviews and check if numbers match the sub-ledgers.

3. Never sign blank checks. This seems an obvious mistake; but many enterprises practice this to simplify payments. Determine to whom those checks are for. Are they individuals or firms you know?

4. Conduct independent assessments of financial procedures and examine the figures. Oftentimes, entrepreneurs overestimate the loyalty of persons and stop scrutinizing these kinds of tasks.

5. Conduct background evaluation on new employees. Fraud is not limited only to long-standing workers. There are persons who have the modus operandi of shifting from one business to another in order to commit fraud.

6. Beware of the “red flags” with your personnel. These are telltale signs showing aggressive attitudes, secrecy, arrogance, emotional stress, desire to micromanage, passing on blame and intimidation, and many others.

7. Never let your desire to remain “lean and mean” cause you to disregard the value of legal counselling services. Hire someone with the ability to assist you on the vital task of identifying possible risks, apply controls and prevent likely damages.

Private businesses are prone to fraudulent schemes. These businesses often have a built-in culture of intimate personal relationships and confidence. Hence, although the amounts involved may seem smaller compared to other firms, the potential for fraud are significantly higher, and the resulting damages can be even bigger and much more tragic.