Businesses have been warned to keep their eyes peeled for signs they’re being targeted by a huge business email compromise (BEC).
Organisations undergoing early transitioning to remote or hybrid work practices are particularly easy prey for cyber attacks in the form of email scams and phishing scams, which can compromise their sensitive business information and financial security.
If your company has been on the receiving end of online scams before, you’re even more vulnerable. As they become more sophisticated and knowledgeable about an organisation’s inner systems and data, cyber attacks can be more detailed and believable, making it easier for workers to get caught out.
Online scams are becoming highly targeted and complex. At the moment they’re taking cruel advantage of heightened uncertainty and risk by plainly exploiting the current coronavirus crisis.
So, let’s talk about how these scammers are infiltrating our business’ and what you can do to prevent potential breaches of your cybersecurity network.
When a company’s cybersecurity becomes vulnerable, scammers can hack into your vital information, records and funds.
It’s challenging to get accurate numbers that show how big the problem is because most BEC and cyber attacks go unreported, due to their highly personal nature and precise targeting.
However, in a press release issued last year by the Singapore Police Force, it is reported that Singaporean businesses lost a hefty $32 million to BEC in 2019.
A cyber attacks’ (also known as whaling or CEO fraud) first line of assault on your company data typically comes as personalised emails where cybercriminals pose as senior executives or staff from a business partner. These emails usually demand urgent action—they can come in the form of making unapproved financial transfers or asking an unsuspecting employee to reveal confidential information.
A wide range of online scams also target employees via ‘familiar looking’ apps. For example, phishing scams is a highly dangerous online scam where hackers impersonate an employee’s colleague emailing through seemingly vital information that requires recipients to access information through commonly used business apps, like Office 365.
When the unwitting recipient clicks on the email’s attachment, they grant hackers access to their personal and business accounts via the web application. From there, the cyber attack can do even more damage.
A cyber attack essentially uses psychology to manipulate its targets—and that makes online scams, email scams and phishing scams a people problem, not a technology problem.
Current cybersecurity scams are exploiting the fragile mental state of those dealing with sudden workplace challenges. Working alone form home, navigating the changes triggered by the ongoing COVID-19 pandemic, and with less security on their home networks means these people are more susceptible, easier targets.
Cyber attacks that target remote workers play on the possibility that employees can’t immediately contact their colleagues to verify the legitimacy of any unexpected, urgent requests.
Even intelligent, cyber-savvy CEOs and senior executives aren’t safe. A cleverly-worded, socially-engineered email can convince management they need to act fast and, as custodians of large amounts of valuable data and financial information, they’re particularly lucrative targets for an unscrupulous hacker.
With digital transformation becoming compulsory for maintaining business continuity during coronavirus outbreaks, companies have had to push their IT teams to fast-track a secure, remote network for employees to work from home.
The sheer speed of this transformation and the rushed demand on IT teams means mistakes can be made, and it might not be clear that a few crucial boxes haven’t been ticked until it’s too late and a hacker has already breached your system.
That’s why it’s crucial that organisations review their cybersecurity measures now if they’re to remain secure from online scams and cyber attacks.
A multi-layered approach is fundamental to ensuring your cybersecurity defences are up to scratch, especially for email systems. Called a ‘defence in depth’ approach, it uses a cascade of different methods for building a defence against would-be attacks. If one method fails, the approach suggests ancillary defences may stop the threat dead in its tracks.
Education is key. Ensuring all employees are aware of formal transfer procedures in place to keep data safe and what to do if they receive unusual, unexpected requests will go a long way to preventing data loss.
Show your employees what fraudulent emails look like. Describe real-life cyber attack examples and ask how they would have responded. Executives should also learn to take special care when posting and sharing information related to work schedules on social media sites.
Organisations must recognise the incipient threat and move to eliminate it by increasing their software defence and training staff to better spot scams.
Global vulnerability to phishing scams makes it attractive to cybercriminals. And, with the disruptions to business created by coronavirus, you can bet these attacks are only going to get worse.
Staying alert to the possibility of data breach while your organisation transitions to the new normal is the key to ensuring your company’s cyber defence strategy remains vigilant.
Chat with our Servcorp IT team today about which options and strategies are best for your business.
