According to cyber insurer Edmund, the fastest growing fraud threat for small business is social engineering fraud.
These attacks occur when criminals pretend to be customers, suppliers or high-profile individuals within businesses and trick staff into paying large sums of money into the attackers’ bank accounts
Falling victim to a cyber attack is unpleasant and costly for businesses.
Here are Edmund’s 7 tips for avoiding social engineering fraud:
- Minimise the number of people in your business who control bank transfers.
2. Implement a two-person authorisation process for ALL payment requests.
3. All employees, Managers and Directors requesting a transfer must verbally confirm their request before finalising the transfer. I.e. – call them (Get verbal confirmation from a person within your organisation before you pay any invoices from a new supplier.)
4. When a supplier advises that their bank account details have changed, seek verbal confirmation that the request is genuine from a phone number you already hold on file.
5. Beware red flags; such as emails sent from executives who are known to be out on business trips, or any urgent or immediate payment requests.
6. Talk to your IT security adviser, who may be able to recommend authentication technology solutions to prevent communication with imposters.
7. Importantly, when in doubt – don’t send it out. Wait until you are 100% certain that it’s not fraud before transferring any money.