Businesses can sometimes fall foul of fraudulent e-mails, because they’ve managed to bypass the spamfilter, or, because employees have mistakenly released them from the spamfilter, thinking they were genuine messages that had been blocked in error.
Phishing attacks can be so sophisticated now that the National Cyber Security Centre warns that organisations can’t reasonably expect staff to spot them every time. However, staff training reduces the risk of your business being compromised.
Do staff know what to do if they are suspicious?
Ideally, staff should have the confidence to pause and investigate anything that they feel suspicious of, even if it appears to have come from a high-ranking member of the organisation or customer representative. They need to know who to report their suspicions to, so the procedure should be documented, and all staff should be trained in it.
Do they know what to look out for?
Here are some common scams that catch people out:
Intercepting invoices from suppliers and changing the bank details. Check with your supplier directly whether the bank details have changed. Look at the sender’s address very carefully – is the domain name subtly different?
Is the message telling you that you have been a victim of crime or asking you to take urgent action? These can be tactics used by fraudsters to frighten you into acting rashly and giving away information.
Is the message appearing to come from someone with authority, asking you to transfer large sums of money to a bank account? This is a common scam, so if this is the sort of request that might be made legitimately in your organisation, you need to have some practice in place for authenticating the requests.
Invest some time in considering what you want your staff to do if they are suspicious of an e-mail, get a procedure written up and make everyone aware of what to do – it might just prevent you from falling victim to a costly con.
Get in touch if you want us to visit your organisation to discuss Cyber Security: firstname.lastname@example.org