How to protect your business from cyber fraud?
Small business security and cyber checksFortunately, there are several steps you can take to protect your business from an attack. Some of these are quite simple. For example, staying informed regardless of your industry or the size of your business is sensible, inexpensive, and does a lot to ward off attacks. When industry bodies talk about cyber fraud and other crimes, listen, and when they don’t, keep an ear to the ground and talk to colleagues anyway. When a competitor suffers a breach, find out how it happened and make sure your team knows to defend against the same kind of breach. Knowing what’s affecting businesses this month and what will be affecting them next month is critical.?
Understanding CEO fraudCyber attacks are multifaceted and evolving. By the time this article is published, it’s almost certain that some new variety of intrusion will have been discovered either by hackers or by their victims. That’s why vigilance is so important.A company may not be able to protect against everything, but if they pay attention, they can at least make sure it isnt easy for would-be cyber attackers. Certain kinds of small business cyber fraud are common. There are variations, but the theme remains largely the same. CEO fraud, for example, usually follows the same pattern. An email is sent from someone purporting to be the company’s managing director (or a similarly authoritative figure) to another member of staff with instructions to authorise a payment immediately. Your employee, who sees the urgent request, naturally authorises the payment immediately and without question. If the hacker has done their homework (read the articles you’ve had published online, stalked your online profiles) it may well sound remarkably like something youd actually write. But it isnt you, and the payment isnt legitimate. It comes from outside your company (or from your own compromised email), and your employee has sent the funds to a fraudster’s dummy account. Being a bank transfer and one that will clear virtually instantly the money will be incredibly hard to retrieve. So how do you safeguard against it? it’s a uniquely frustrating situation, but it’s one that’s resolved easily enough with the proper precautions. Setting up dual authorisation can allow you to detect fraud quickly and easily. If you insist that another member of the business must ratify your payment requests, you can ensure that no money changes hands unless it’s supposed to. If you’re not comfortable like that, you can insist that all employees check with you on an internal messaging platform like Slack or Skype for Business before authorising a transaction.
Understanding invoice fraud?Invoice fraud is another common variety of cyber attack. Again, it happens very simply. A supplier will email you an invoice with updated bank details an invoice you’ve been expecting and youll settle accordingly. Unfortunately, the invoice isnt legitimate, and nor are the details or the payment. An attacker has compromised the supplier’s account, and you’re placed in the awkward position where you’re responsible for retrieving the funds from the thief and paying the money you still owe. So how do you safeguard against it?
This is also quite simply resolved. Call your supplier for all changes to bank details. Inform them that any change in bank details will need to be confirmed before payment is authorised. This is the sensible approach for almost every variety of cyber attack. Sophisticated technology is helpful. Beefing up your security infrastructure is always worth doing, including refreshing your antivirus protocols. But ultimately, the best way to prevent cyber fraud is to remain vigilant, and to impose the proper checks on your business? finances. Saskia Johnston is a foreign exchange expert at?Sable International. HMRC reveals fraudulent email red flags