In our ever-evolving digital landscape, micro, small, and medium enterprises (MSMEs) face unique challenges in maintaining cybersecurity. With President Marcos set to issue an Executive Order (E.O.) mobilizing all government agencies to boost MSMEs under the 2023-2028 MSME Development Plan, Filipino businesses must take proactive measures to protect their data and assets in the online space.

MSMEs account for 99.6% of businesses in the country, and their success is critical to our economic development. However, as small businesses keep expanding and adopting digital tools for their everyday use, the threat of cyberattacks also grows, leaving many of them vulnerable to scams and data breaches. Therefore, cybersecurity should be an integral part of all MSME operations. By understanding common scams, recognizing warning signs, and taking protective steps, MSMEs can guard themselves against potential financial losses, reputational damage, and operational disruptions.

What are the common cybersecurity threats targeting MSMEs?

Cybercriminals use a variety of tactics to target businesses. Here are some of the most prevalent scams MSMEs should be aware of:

● Phishing Scams: Fraudulent emails or messages appear to come from legitimate sources (such as banks or suppliers) to trick business owners into providing sensitive information like passwords or credit card details.
● Fake Invoices: Scammers send invoices resembling those from legitimate vendors. MSMEs lose money to criminals if they pay those fake invoices without verifying their authenticity.
● Identity Theft: Criminals steal business identities to open fraudulent accounts, take out loans, or make unauthorized purchases, leaving businesses with damaged credit and financial losses.
● Overpayment Scams: This happens when a criminal claims to overpay for goods and services, then requests for a refund from a business. A MSME falls victim to this scam if they grant a refund, but eventually realize there was no payment that was made in the first place.

What do you do if your business falls victim to a scam?

Despite your best efforts, your business may still be targeted by cybercriminals. If that happens, immediate action is crucial. First, notify all relevant authorities, such as your bank, the National Bureau of Investigation (NBI), or the Cybercrime Investigation and Coordination Center (CICC), as well as any other regulatory body. Next, change passwords, close compromised accounts, and monitor all transactions to prevent further losses. Lastly, if customer data has been compromised, transparency is key. Inform affected parties to minimize reputational damage and fulfill legal obligations.

What are other tips for MSMEs to strengthen their cybersecurity?
MSMEs can take several steps to protect their business from cyberattacks. By following these practices, businesses can minimize risks and ensure their digital safety:

● Regularly train staff on the latest cybersecurity threats and ensure they understand how to identify phishing scams, fake invoices, and other fraudulent activity. Awareness is your first line of defense.
● Invest in firewalls and antivirus software to remove malware and other computer viruses. You should also add spam filters to your emails to immediately block emails meant for phishing scams.
● Always cross-check invoices with official records and contact suppliers directly to verify any unexpected invoices. Be cautious of urgent requests that pressure you to make payments without verification.
● Identity theft can often go unnoticed until significant damage has been done. Regularly monitor your business’s credit reports for suspicious activity or unauthorized transactions.
● Avoid conducting business through personal emails. Ensure all communications related to transactions are done through official business channels to reduce the risk of unauthorized access.
● Cybercriminals continuously evolve their methods, as scammers are now using unclickable links with special characters, making it harder to detect phishing attempts. Staying updated on new tactics and adapting accordingly will help businesses stay ahead of threats.

As the government works to boost the MSME sector through the MSME Development Plan and by fostering a more collaborative ecosystem, businesses must also take their own steps to protect themselves from digital threats. By staying vigilant, adopting strong cybersecurity measures, and keeping abreast of the latest scams, Filipino MSMEs can thrive in the digital economy with confidence!