Cyber Security is Everyone’s ResponsibilityPosted by
The fake-invoice epidemic is worsening. It’s vital your people always think twice before clicking on links or opening attachments. When it comes to cyber security, even seemingly innocent-looking emails can be trouble.
Business scammers have been working overtime recently. They have unleashed a deluge of bogus invoices designed to sneak past your defences. It’s not that they look too good to be true, such as promising you’ve won the lottery. Rather, these emails aim to look too mundane to be fake. They pose as an outstanding invoice, unpaid utility bill or unclaimed tax return. The hope is that someone in your business will unwittingly take the bait.
These kinds of emails come in all shapes and sizes. However, the underlying scams are the same. Some are bogus invoices for goods never delivered or services never rendered. The scammer hopes you’ll pay without giving it a second thought. Others masquerade as legitimate emails from your service providers. They link to a spoof login page in the hope of stealing your passwords.
The most insidious are cryptolocker ransomware attacks. They hope you’ll open the attachment or click the link to infect your computer. At that point, the virus spreads through your organisation, encrypting precious business files and demanding payment for their release.
Spam filters, anti-virus scanners and other technological countermeasures offer some protection against these threats. However, they aim to exploit human weaknesses rather than technical flaws. As such, your best defence is to cultivate a strong security-conscious culture within your business. Make it clear that cybersecurity is everyone’s responsibility.
Your staff need to develop a healthy sense of paranoia when it comes to checking their inbox. They should assume every email that contains a link or attachment could be a threat. Security training can also help them spot fakes. They should always check the sender’s email address and mistrust .zip and .exe attachments.
Developing policies is key
At the same time, the business should develop strict policies for dealing with emails. This could mean insisting that all finance-related emails be forwarded to specific staff members who are authorised to process payments and trained to spot fakes. Scammers hope to strike an untrained staff member. They hope that staff member will respond to an important email without stopping to consider the consequences.
That healthy sense of paranoia should also extend to emails that appear to come from senior people within the business. If they are making unexpected requests, such as urgent overseas money transfers, that’s a red flag. Known as Business Email Compromise scams, scammers are known to hack into email systems to impersonate senior managers. They hope to dupe staff into transferring money or handing over sensitive information such as customer lists. Staff should be encouraged to question such requests without fear of rebuke, knowing their actions might save the day.