In a recent article I addressed the risks to a company from within. There are also inherent external threats that, as technology advances, become more sophisticated and difficult to spot internally.
In today’s society, there is an increasing pressure to store more and more information online whether that be personally, such as Facebook or iCloud storage, or professionally, such as LinkedIn or cloud computing.
Fraudsters can use this information to infiltrate your internal systems and manipulate employees in what is termed ‘social engineering’. A common example would be fraudsters identifying key decision makers within a company, such as finance personnel and using this information to trick employees or customers into making payments or transfers. Social engineering does not require elaborate techniques or highly technical equipment.
Another fraud trend is emails, sent to individuals which are similar in terms of format, logos and layout of that of the purported sender, which is usually a recognised brand or body; recently reported examples include Amazon and HMRC. The emails usually require users to log into their accounts resulting in fraudsters gaining access to their personal information.
These phishing emails are becoming more difficult to identify and as such it is important that staff in your organisations are trained to spot them. Simple techniques can help protect your company from this type of threat; such as cross checking the email address to the sender, ensuring it is a recognised email address or seeking independent verification in regards to any request for information or payment. For example, confirming the genuine nature of the email via a telephone call to a known contact in the sending company.
Another technique used by the fraudsters to gain access to your company’s information is to target your employees via attaching malicious hyperlinks within the body of emails. These hyperlinks can be passed unknowingly through a number of mediums such as between email recipients, Facebook posts and instant messages. It is important that employees are aware of the risks associated with opening unknown links. By clicking on these links employees may release malware (malicious software) such as, ransomware, into your company’s systems restricting access to your company’s system until a ransom is paid.
These types of external threats are not confined to multinational corporations; fraudsters attack businesses of all sizes exerting relatively minimal effort for high returns. Therefore, it is important that a culture exists within your organisation which encourages employees to raise any concerns regarding potentially malicious emails or suspicious activity with a nominated and easily contactable representative.
Unfortunately, there is no quick fix or magic software to completely protect your company’s information from these types of threats. Only by ensuring your employee training and internal policies are reviewed and updated on a regular basis, along with employing appropriate IT infrastructure, will you be able to mitigate the loss to your company of these external threats.