With the best software, firewalls and spam filters installed, you may believe you are protected from cybercriminals. Think again! Even tech giants like Facebook and Google have been recently scammed by a fast-growing threat known as business email compromise (BEC). BEC relies on the oldest trick in the book: deception.
Since employees are usually the target, equip them with the skills and tools to spot threats and respond effectively.
Don’t just rely on email. Encourage employees to actively verify money transfer requests, for example, by walking into senior executives’ offices or by speaking to them directly on the phone.
Have systems in place to validate all changes in vendor payment details. If this is done by phone, ensure previously known phone numbers are used, not those in the email request.
Independent third-party verification systems such as EFTsure’s “Know Your Payee” Solution automate payment checking and supplier verification, saving time on manual processes and reducing human error.
The FBI advises establishing intrusion detection system rules that flag emails with extensions that are similar to company emails. Also create an email rule to flag email communications where the “reply” email address is different from the “from” address shown. And introduce colour code virtual correspondence so emails from employee/internal accounts are one colour and emails from non-employee/external accounts are another.
Tools exist to help you assess how vulnerable your company is to phishing and malware and where improvements should be made.