Cyber fraud can cause profound and potentially terminal damage to a growing business with narrow margins. Here, Saskia Johnston, a foreign exchange expert at?Sable International, tells readers some steps they can take to protect their business from attack.
If you’re running a small business, cyber fraud might not be your highest priority. New business, HR, account management, investor pitching these things, and everything else, will occupy much of your time and most of your energy.
But if you think your company is too obscure to be the target of an attack, think again, as 43 percent of all hacking attempts target small businesses, costing substantial amounts of time and money in the process.
Small business security and cyber checks
Fortunately, there are several steps you can take to protect your business from an attack.
Some of these are quite simple. For example, staying informed regardless of your industry or the size of your business is sensible, inexpensive, and does a lot to ward off attacks.
When industry bodies talk about cyber fraud and other crimes, listen, and when they don’t, keep an ear to the ground and talk to colleagues anyway. When a competitor suffers a breach, find out how it happened and make sure your team knows to defend against the same kind of breach.
Knowing what’s affecting businesses this month and what will be affecting them next month is critical.?
Understanding CEO fraud
Cyber attacks are multifaceted and evolving. By the time this article is published, it’s almost certain that some new variety of intrusion will have been discovered either by hackers or by their victims.
That’s why vigilance is so important.A company may not be able to protect against everything, but if they pay attention, they can at least make sure it isnt easy for would-be cyber attackers.
Certain kinds of small business cyber fraud are common. There are variations, but the theme remains largely the same. CEO fraud, for example, usually follows the same pattern.
An email is sent from someone purporting to be the company’s managing director (or a similarly authoritative figure) to another member of staff with instructions to authorise a payment immediately.
Your employee, who sees the urgent request, naturally authorises the payment immediately and without question.
If the hacker has done their homework (read the articles you’ve had published online, stalked your online profiles) it may well sound remarkably like something youd actually write. But it isnt you, and the payment isnt legitimate. It comes from outside your company (or from your own compromised email), and your employee has sent the funds to a fraudster’s dummy account.
Being a bank transfer and one that will clear virtually instantly the money will be incredibly hard to retrieve.
So how do you safeguard against it?
it’s a uniquely frustrating situation, but it’s one that’s resolved easily enough with the proper precautions. Setting up dual authorisation can allow you to detect fraud quickly and easily. If you insist that another member of the business must ratify your payment requests, you can ensure that no money changes hands unless it’s supposed to.
If you’re not comfortable like that, you can insist that all employees check with you on an internal messaging platform like Slack or Skype for Business before authorising a transaction.