Why do CFOs have to have cyber security awareness?:
Cybercrime organisations make a pretty good living out of sending targeted emails to personal and business email accounts. If you are an individual who holds a finance position or has access to company finances, well then you are considered a holy grail to these organisations. If they can convince you that one of your main vendors or suppliers have changed their bank account details and that you need to pay a bill urgently, then they are in for a pretty nice payday.
In the past, these emails, otherwise known as phishing emails were sent to a whole bunch of unsuspecting victims just hoping that someone would open them. Although these were quite successful like everything else in today's world, these emails have evolved.
Nowadays, cybercriminals are little more crafty and do their research before sending out targeted, well-designed emails for a particular person. Cybercrime organisations will go above and beyond to give themselves the best shot at getting hold of your cash.
It’s also important to note that not all phishing emails will try to trick you into installing software.
For this reason and many more, people in finance need to have some cyber security awareness tips to recognise the difference between phishing emails and a genuine ones.
tip #1 Check the email address
Cyber criminals will find and purchase domains similar to your companies to trick you or your colleges into thinking an email has a Director or Partner of the company approving a purchase.
Can you spot the difference between these email accounts?
Lachie.firstname.lastname@example.org and this account Lachie.email@example.com
Did you notice the evolve.it? Pretty difficult huh? Well, that’s not even the start of it.
The email will more than likely come with a email chain from one of your main vendors or suppliers detailing that you have not paid a bill, their bank account details have changed and that a partner has approved it.
tip #2 Pick up the phoneIf you are transferring once off large transactions to third parties, it is important to have a couple of steps in place to ensure your money is going to the right place. My recommendation is that one of these steps is a phone call.
- Call the Vendor or Supplier – then follow up with an email.
- Speak to contact you are familiar with at the organisation.
- Confirm the email was sent.
- Confirm the bank details have been changed.
- Confirm all changed details with someone in your office.
- If in doubt confirm again.
TIP #3 Invest in a good spam filter
On Average Evolve IT blocks over 7,100 emails per day through its hi-tech spam filters. These emails are from cybercrime organisations trying to lure unsuspecting victims into sending them money or holding their data to ransom with Cryptolocker. A good spam filter if setup correctly will pay for itself on a daily basis.
TIP #4 Have a purchase policy
Being prepared is the key to fighting cybercrime. For example, if you were to go on leave, would you be comfortable that your team would make the same decisions as you in a given situation? In all cases it is best to have a purchase policy. Something that all of the team can refer to in the instance that they might have to transfer money or pay for something. Knowing which credit card to use or who can approve the purchase if the finance team is away are all great examples of detail that could be in your purchase policy.
TIP #5 Train your Team
Training your team on what to look for when it comes to phishing emails can be a very effective way to ensure your money doesn’t find it’s way into a Cybercriminals bank account. Getting your team in the room to identify what a phishing might look like and what to do when you receive one is a great start. Evolve IT is big on this and our team love getting out to educating end users out cybercrime and how they can fight back.
How Evolve IT can help
At Evolve IT, we specialise in helping CFOs fight back against cybercrime through quality ICT solutions. We focus on your specific needs and create customised solutions to suit