Close panel

Close panel

Close panel

Close panel

Cybersecurity 28 Oct 2019

How to protect your company from the ‘CEO fraud’

These are some of the strategies that a company can implement to prevent this increasingly popular kind of cybernetic scam which can affect any kind of business, both SMEs and large multinational firms.

CEO fraud”, also known as “Business Email Compromise” (BEC), is a scam that is used more and more frequently due to its profitability and relative simplicity for criminals. However, it is also rather easy for companies to protect themselves from this scam. Following the advice below in the company culture can help prevent businesses from falling victim to this scam.

The advice can be divided into three main areas:

1. Defining payment processes

      • Documenting how payment processes should be carried out step by step in the company.
      • Documentation should include routine and special procedures, such as the absence of those who usually give permission or urgent requests so that employees know how to act at all times, thus preventing the scam.
      • Establishing a double approval process for large transactions or those that are not common in the organizational culture.

2. Robust configuration

      • Install email scanning tools to detect and block emails from domains that are not generally used or those that contain malware.
      • Evaluate the deactivation of the html viewer for critical email accounts in order to see the links and original addresses.

3. Training and raising awareness among employees

      • Conduct training session so employees are very familiar with the procedures required to perform their job.
      • Raise awareness among employees so that they never ignore procedures due to pressure.
      • Foment a culture of transparency for processes and transactions so that fake emails and fraudulent requests are evident.
      • Verify the origin of the email addresses in messages.
      • Never reveal passwords or sensitive information online.
      • Explain to employees the risks of publishing information on their professional lives online and how to protect themselves.

Even the most secure systems are not safe if the doors are left open to criminals. Remember: You are the best defense!