As you may be aware the instances of scams is ever increasing in volume and complexity. The ability of these scammers is getting better and anyone could be caught out.
Below is the recent example where one of our clients has been significantly impacted by scammers. This example shows that it can happen to anyone and care is required.
- The client was dealing with business as usual and had no idea that something had gone dreadfully wrong. It was only because a customer of the client rang, querying a discount offer that they had received by email.
- The client had no idea about what the customer was referring to.
- It turned out that our clients email account had been hacked and unknown to them the scammers had identified the client customer details and had sent out emails to all their customers advising that the bank details had changed and that if they paid promptly to the new account they would receive a discount.
- The client had lost control of the business email account and despite promptly contacting as many of their customers as possible, payments were made to the bogus account.
- Even whilst our client was contacting their customers, further emails were being sent and it took some time for the client to regain control of the business email account.
As you can imagine an event such as this has significant ramifications and real loss.
What are some of the actions you can do to minimise the risk of these kinds of malicious events from happening to you.
- Always use secure connections when accessing your information and accounts.
- Maintain strong passwords. Use complex and non generic passwords and ensure they are never the same between different forums.
- Use multi factor authentication where ever possible (refer below).
- Where possible use appropriate software, including anti-spam filters, antivirus and malware.
- Ensure all software and operating systems are kept up to date.
- Take care when accessing email that you are unsure about. When in doubt call the sender of the email to confirm the email is legitimate. If this action had been taken in our above example the transfer of funds to the bogus account could have been prevented.
– if you receive an email from a bank or government organisation, never enter in any passwords, personal or banking details.
– where ever possible try to avoid utilising hyperlinks embedded in emails and instead type the legitimate web address directly into your applicable web browser.
- Educate and train all your users to reduce the risks.
- Make sure you maintain full backups of all your data. Ensure backups are tested regularly and keep offsite or away from where your primary data is kept.
- Review your insurance coverage for such events.
Other areas you should know about in relation to cyber security of your business are as follows.
Multi factor authentication (MFA)
Multifactor authentication (MFA) is a system that requires more than one method of authentication of a user’s credentials to verify their identity for a login or other transaction. The goal of MFA is to make it more difficult for an unauthorized person to access accounts and information.
MFA can use various methods to add an extra level of authentication on top of a password. Some examples include SMS, email, an authentication app, security token and even biometric verification. Each method has pros and cons and care should be taken when setting up your MFA.
In the event of a data breach you should be mindful of the potential obligation to report the details of the breach under the privacy legislation.
We recommend that you review your current insurance coverage to ensure you are adequately covered against all your business risks. In particular a review of Cyber insurance should be undertaken. Cyber insurance can offer a broad range of cover.
Cyber insurance may cover
- Financial losses suffered by your business as a result of a cyber-incident
- An incident manager to help your business recover.
- Business interruption costs
- Investigation and data recovery costs
- Third party liability.
- Extortion costs
How we can help
If you have any concerns in relation to the issues raised above we can help review your IT systems, accounting software and discuss what is the best way to deal with your concerns. If you have any questions please contact your client manager.
Kreston Stanley Williamson Team