You’re no stranger to solving complex puzzles when it comes to your business. But staying protected against common scams and cyber attack threats shouldn’t leave you stumped. Here are six tried and tested steps to keep your business (and your revenue) safe from would-be hackers.

Implement robust employee training

Train employees to recognise and resist business email compromise attempts, emphasising the importance of carefully scrutinising unusual requests. For example:

When vendors or suppliers request changes to account details:

• • Confirm all requests by calling the vendor or supplier directly, using a known, previously provided phone number
  • Before making any changes, notify someone other than the requestor
  • Require supervisory review of all requests before any changes are made

If the request is from a vendor, check for changes in business practices, such as:

• • Changes in invoice delivery methods (e.g. mail to email)
  • Changes in payment methods (e.g. check to wire transfer)
  • Requests to be contacted via personal email addresses when previous correspondence used company email addresses
  • Differences in the address or bank account information used for payments

Beyond this, it should be standard procedure to implement multi-factor authentication (MFA), regularly complete anti-fraud and anti-phishing training, and forward any suspicious emails or financial requests to the relevant team.

Avoid password recycling

No, “Password123” isn’t going to cut it here. Ensure your employees have a clear understanding of good password practices, including the importance of using unique passwords for different accounts. Using a password manager can help employees create, manage, and store strong, unique passwords.

Recognise the signs

“Hello [name] it’s your boss here , pls send me account details for urgent transaction.” You’ve probably been sent more than one message like this in your career – but not all scams are so easy to spot. 

Train employees to identify spoofed domain names, misspelt subdomains, or suspicious links. And always encourage them to verify unusual or secretive requests through another communication platform or via the relevant team.

Keep an eye out

You can’t catch what you’re not looking for. Remember to actively monitor for signs of compromise early, as financial losses may not be noticed immediately.

You can do this by restricting login attempts and setting alerts for multiple failed MFA prompts, and monitoring changes to logging and configuration – such as unusual rule changes or new forwarding rules, which can indicate business email compromise activity.

Improve email security

Main inbox filling up with spam? Time to up the ante.

• Implement phishing-resistant MFA, such as FIDO2 hardware tokens
• Block legacy email protocols that lack modern authentication
• Block emails from newly registered domains
• Patch any on-premises email servers you might have

And of course, make sure you’ve got the right Cyber Insurance in place should the worst happen…

Send would-be hackers packing.

While we all wish we could wave a magic wand and banish scammers to a far corner of the internet, it’s not quite that simple. But by providing your team with the right training, implementing robust MFA policies, and having sufficient insurance in place, you’re on your way to a scam-free inbox.

Unsure whether your business is compliant with the current data protection laws and regulations? Get in touch with RiskBox to check you’re covered.

Photo by Stephen Phillips – Hostreviews.co.uk on Unsplash