As far as cyber security good practice is concerned, it is becoming increasingly important never to take anything at face value – particularly emails. If a message from the CEO drops into your Inbox, it may well be a hoax. The days of crude bogus mass mail shots are passing, to be replaced by individual spear phishing excursions that are more sophisticated, carefully targeted and harder to detect.
Emails are an unavoidable part of business life. Whether handled in-house or outsourced, they are better protected now than ever before. Despite this, it is estimated that phishing scams, or business email compromise, have yielded over $5bn worldwide. The attacks are also better disguised than ever before. The larger and richer the company, the more likely it is to be the victim of a ‘whaling’ attack. Attackers now research their targets carefully and plan their sorties meticulously; often using the plausible impersonation of a senior manager to request a money transfer or commercially sensitive information.
So, what can we do? It’s not enough merely to install technological protection, although this is improving all the time. It is vital that all staff are properly briefed, regularly trained and tested, and remain on their guard – especially against requests for payments or fund transfers. They should always double check authenticity before responding – for instance via a phone call or text. Companies should install all new anti-phishing protection as it becomes available. It’s inevitable that some attacks will get through, so a company also needs to have a response plan in place. If the worst comes to the worst, they should report a breach to the relevant authorities as soon as possible.
Watch our video about wire transfer fraud on our YouTube channel: https://youtu.be/H3l6zCwylOc