Scammers are increasingly sophisticated in how they use email to obtain information from you they can make emails look like they have been sent from within your business, from your customers, from your suppliers and even from you.
Doing business these days has never been easier. We can pay suppliers online, via smartphones and apps. We can check emails on the go using the same technology. And as consumers, we are used to being able to transact 24/7.
However, the very technology that enables us, is the same that can completely disable our businesses in one wrong click.
The UKs Office for National Statistics reported an estimated 2.5m cybercrimes took place in England & Wales in 2014, the first time that such crime statistics were officially published. This is seen as the tip of the iceberg with many instances going unreported to the police.
Phishing has become more sophisticated and is subject to two way traffic. In some instances, emails can be made to look like they come from you to obtain information from your customers.
In other instances, they are inbound and made to look like they are coming from suppliers, and in other instances they are seeking to access your bank accounts and divert funds out of your business.
All organisations should make staff aware of what to look out for, what to be suspicious of and when to be cautious. I have heard of a business where an employee transferred 45,000 out of the company account after receiving an email that looked like it came directly from the companys bank.
Homebuyers are also being targeted when sending money to complete house purchase transactions. They receive Hotmail or Gmail emails advising them that the corporate email is down and requesting they send completion monies through a link.
And yes, these are scams.
Scammers can copy your corporate image and email templates and, as a result, can send emails that are made to look as though they are coming from legitimate sources.
Read more on cyber security and be prepared for threats:
- Star Wars: How to protect your imperial intelligence
- 8 ways British SMEs can fight hackers and prevent cyber crime
- As cyber crime soars one SME is offering companies a new way to keep safe
Scam emails will usually include a link to direct you to input details which enable access to your bank account. Or a link may lead you to install a Trojan (spyware) onto your computer, which then sits and watches activity on your machine, indicating to the remote scammer when and how is the best time to approach you.
If successful, money is usually transferred to an account outside the UK and can’t be traced.
Sadly, IT can only ever be one step behind scammers, but businesses can take steps to minimise the chances of being targeted. Simple as it sounds, staff training is key to securing your email, system and data.
The following steps can be taken to improve email security:
1. Tighten up internal processes have strict authorisation processes, only allow certain people to have access to the company bank account, and limit the number of people authorised to transfer money.
2. Ensure a daily clean out process , which can search and remove Trojan software and other spy programmes.
3. Conduct regular penetration tests of your system and include servers and data. These can also include having people ring up and pretend to be the bank but they should also test physical access into your building(s).
4. Train your staff to detect email scams. This can be done in small bite-sized online training modules as well as more formal in-person training sessions.
5. Empower staff to challenge people and ask the right information before imparting information, this is particularly true of scam calls (also known as vishing) into your business.
6. Install a centrally managed IT system and secure it to ensure better control of technology systems.
7. Move to thin client technology so that staff do not need to physically carry programmes and information on their pcs, laptops and smart devices.
Andrew Taylor is the technical director of Converge Technology Specialists.