When did you last speak with your team about IT security?
We have published articles before about the “human aspect” when it comes to vulnerabilities in your technology systems, but the actions of the people within your business remain a significant threat.
There are many security measures that can be implemented to help keep your business safe – including:
- A good firewall
- Data encryption
- A strict password policy
- Multi-factor authentication
- A robust backup solution
However, it has been reported that over 90% of cyber attacks start with an e-mail, and the human actions that result from it.
Whether that is an e-mail encouraging the recipient to open an attachment or click on a link, or whether it is the start of a communication trail which is aiming to divert funds from your bank account, the busy employee can be your weakest link.
We have all heard the advice not to act on e-mails unless we are certain that they are genuine, but when people are juggling lots of things at once, and are perhaps feeling under pressure, a momentary lapse of focus can have significant results.
Below are some of the scams which could potentially damage your business. How recently did you last remind your employees to be vigilant?
1. “Just click here.” Beware the e-mail which asks the recipient to click on an attachment or a link as this is a common way to let a virus into your system. If in any doubt, don’t click! If someone does let a virus in, unplug their computer from the network immediately and inform your IT support company.
2. Change in supplier bank details. You receive a communication purporting to be from one of your regular suppliers, advising that their bank details have changed, and asking you to amend your banking records. The new bank details are not genuine, and the next time you are due to pay that supplier you actually pay the fraudsters. Your supplier will still be owed the money and you end up paying twice. If you receive any instructions to change beneficiary bank details, always verify these by making a phone call to a known contact at the supplier company – using a phone number that is already known to you.
3. The “bogus boss”. This scam has now been well-publicised and hopefully you are already aware of it – but please remind all relevant staff about it regularly. It starts with an e-mail to one of your employees which appears to come from you, or a senior colleague. The e-mail name looks correct, although if you hover over the name, you will see that it comes from an unknown e-mail address. The e-mail often starts by asking something such as “Are you in the office today because I’ll need you to send an urgent payment later?” If the recipient replies, an e-mail exchange will ensue, which leads to the fraudster instructing an amount to be sent by bank transfer to a bank account which they supply the details for. Often the e-mail instruction says that the transaction must be kept confidential as it relates to a very sensitive business deal. Make sure you’re not the next victim – set up a policy in your business that says payment instructions cannot be sent by e-mail.
4. “I’m calling from your Broadband provider.” This telephone scam is a call purporting to be helping you avoid fraud! The caller claims that they are from your Internet Services Provider and says that they can see a suspicious transaction in your network. Their aim is to get you to allow them to remotely access your computer – after which they may be looking to load malicious software or steal data. Don’t allow them access!