Cybersecurity: 4 Point Plan

Cybersecurity: 4 Point Plan

Cybersecurity: 4 Point Plan

With unprecedented and continued government warning to the financial sector (from the FBI, GCHQ & EU Regulators, to name but a few) the need to mitigate cyber fraud has never been greater. But have you covered the basics? Don’t be complacent – act now and follow our 4 Point Plan:

Make it difficult for criminals to impersonate you

  • Avoid free web-based email accounts: Establish a company domain name and use it to establish company email accounts in lieu of free and / or web-based sources.
  • Register all company domains that are slightly different than the actual company domain.
  • Take extra care and responsibility when posting to social media and company websites, especially job duties and descriptions, hierarchal information, and out-of-office details.

Remain vigilant

  • Treat requests for secrecy or pressure to take action quickly with caution and care.
  • Beware of sudden changes in business practices. For example, clients suddenly using personal email addresses.
  • Know the habits of your customers, including the details of, reasons behind, and amount of payments.
  • Scrutinise all email requests for transfers of funds to determine if the requests are out of the ordinary.
  • Report and delete unsolicited email (spam) from unknown parties. Never open spam email, click on embedded links or attempt to open attachments.
  • Don’t use “Reply” to respond to sensitive emails. Instead, use the “Forward” option and either type in the correct email address or select it from the email address book to ensure the intended recipient’s correct e-mail address is used.

Double check

  • Verify changes in vendor payment location by adding additional two-factor authentication such as having a secondary sign-off by company personnel.
  • Establish other communication channels, such as telephone calls, to verify significant transactions. Arrange this early in the relationship and outside the email environment to avoid interception by a hacker.
  • Confirm requests for transfers of funds. When using phone verification as part of two-factor authentication, use previously known numbers, not the numbers provided in the e-mail request.

Let technology help

  • Use two-factor authentication for corporate resources.
  • Where possible, entities on each side of a transaction should utilize digital signatures.
  • Implement robust web and email filtering technologies.

John Gracey – VP Cybersecurity

Leave a Reply

Your email address will not be published. Required fields are marked *