How You Can Help To Protect Your Business

By Suzie Cowling|11th July 2017

Phishing Cybersecurity

I recently attended a seminar hosted by the Yorkshire & Humber Regional Cyber Crime Unit on how to protect your business from the growing threat of social engineering cyber-crime.

Social engineering is when criminals manipulate people to gain confidential information from them.  It is human nature to be helpful and these confidence tricksters exploit your natural inclination to trust them and can fool you into giving them your password, bank details or other confidential information.

You can put a myriad of safeguards into your IT systems and these will reduce your exposure but the weakest link will always be the employee who accepts a person or situation at its face value without questioning.  Security is all about knowing who, what and when to trust.

Over 80% of first contact will by e-mail and you need to be on your guard.  Some e-mails can look quite professional, using logos and e-mail signatures that appear to be genuine.  A good guide is to check the e-mail on your PC as some phishing e-mails can appear very plausible on the mobile.

Departments within a company that are particularly susceptible to being attacked and examples of how the cyber-criminal will try and get information are:

The Accounts Department:

  • You receive an e-mail from a supplier, with a PDF attachment purporting to be a statement or an unpaid invoice.  The supplier is known to you, so you automatically click on the link without checking the URL of the website or hovering over the link they are asking you to click.
  • The CEO or managing director is away on holiday and you receive an urgent e-mail from him asking you to release some funds and send the payment to an account, enclosing the details.

HR & Payroll Department:

  • E-mails are sent appearing to be from a director asking for a list of employees’ tax information including reference numbers and NI Numbers.
  • You receive an email from HMRC asking for personal or payment information.  HMRC will NEVER use e-mail or text to inform you about a tax rebate, penalty; ask for personal or payment information or provide a link to a secure login page asking for information.

Some key tips to help keep you safe are:

  • PASSWORDS – HAVE A LONG PASSWORD, MAKE IT EASY TO REMEMBER, DIFFICULT TO GUESS
  • SET UP POLICIES & PROCEDURES REGARDING OUTBOUND PAYMENTS AND CHANGES IN BANK DETAILS
  • EMPOWER STAFF TO ASK QUESTIONS
  • BE VERY WARY OF ANYONE ASKING FOR IMMEDIATE ACTION IN AN E-MAIL.
  • IF IN DOUBT, RING THE PERSON SENDING THE E-MAIL, DO NOT USE ANY TELEPHONE NUMBERS OR WEBSITE ON THE E-MAIL YOU HAVE BEEN SENT, GO TO THE OFFICIAL WEBSITE FOR THE DETAILS.
  • LOOK AT PROVIDING AN ONLINE CYBER SECURITY AWARENESS TRAINING COURSE TO ALL STAFF