Q: With the recent flood of unsolicited scam calls and phishing emails offering everything from free money to job opportunities, what can we do as an employer to protect against being scammed?
A: Number one, seek guidance from your IT pros for the best strategies—for example, when you should not answer at all, when it's best to follow the prompts to unsubscribe, and whether caller ID or call-blocker technology might be helpful.
Some phone schemes have a carefully crafted recorded script that appears to be a live conversation, asking, "can you hear me OK?"
Such calls are looking for a "yes" from your employee that can be recorded and later presented as an acceptance of a "deal." If you've answered the phone but are suspicious, rather than engage in conversation, ask "what is this call about?"
Second, develop a clear company policy covering who is authorized to respond to outside inquiries and what information should and should not be provided.
Certain information should never be provided, especially data that is used to steal identities, such as addresses, birth dates, and Social Security and bank account numbers.
In addition, establish who has the authority to commit the company to a purchase, and require that all such inquiries or transactions be documented.
Having formal protocols for such matters may not deter an irresponsible employee who acts beyond his or her authority but will give you a basis to discipline the employee.
And it may provide a more convincing response to an aggressive salesperson or collector claiming you've agreed to a transaction that actually failed to follow your internal official corporate purchasing guidelines.
Never hesitate to contact your banking partners or business associates to verify transactions, or the police, Consumer Protection Department, or Federal Trade Commission when criminal activity is suspected.