How do you guard yourself against phishing
websites and scams, if you are a company operating in terms of reaching out to
potential prospects and customers? That is perhaps the biggest concern any
company facing the possibility of data breach considers. Governments currently
require companies to take security measures to avoid data breaches and exposure
to phishing websites that expose unencrypted personal data.
Importance
of Protecting Consumer Information
Companies have to take appropriate
administrative and technical security measures to protect consumer information.
Certain US states have even passed laws for this. Companies should definitely
train employees on critical importance of personal information security.
Failure to take out due diligence in avoiding data breaches and cyber incidents
increase exposure to litigation and government enforcement actions too. So, the
phishing websites and scammers should be detected in time, or a company can
face punitive actions. Perhaps the biggest price companies pay for taking the
bait of phishing websites is loss of customer trust. Damage to the brand is
another detrimental effect of falling prey to phishing websites and scammers.
Due
Diligence to Prevent Phishing
Prevalence of phishing attacks make it imperative
to take security measures to prevent data breaches. Companies have to undertake
basic precautions to prevent critical harm.
#1
Wire Transfers
Reviewing and strengthening control around
wire transfers and international wire transfers is an important step. Two step
authentication for mails and transactions is a must. Use a follow up phone call
to verify critical transactions. Don't fall prey to emails that plant phone
numbers to call though, as this could also be part of a spoof. Also check the number
of individuals who are authorized to make a transactions. Flag new individuals
with approval for authorization too. Make sure approval is taken by two
different parties from the requester to initiate the wire.
Authenticating the recipient party is essential
at the foreign vendor before internal authorization for a wire is issued.
#2
Training For Data Security
Regular and frequent education needs to be
provided to executives and employees on data security such as phishing websites
and other tricks used by cybercriminals to compromise business emails. Training
should be tailored to suit the job description of the employee so that he/she
is aware of the spoofing or phishing websites. The employee also needs to be trained to fully appreciate the dangers phishing websites and attacks pose.
Training needs to be repeated with regularity and new materials should be
periodically updated to account for fresh schemes and techniques.
For finance and accounting employees
processing payment transactions, training should be provided for any attempt by
cyber thieves to pressurize for payment. Employees should be encouraged to
raise issues regarding suspicious payments and report the same to the chain of
command. Confidential hotlines are needed to report questionable data security
behavior. Corporate policies and processes as well as contracts and agreements
should always focus on data security. For highly sensitive data, controls need
to be implemented on users with privileged access.
#3
Precautions While Using Web Based Email
The authorities have frequently issued
warnings regarding web based email accounts, as these are targeted by phishing
websites and scammers. Companies using Google docs or email service providers
should opt for 2 step verification to prevent others from logging in and using
the account. Encrypt usernames, passwords and other information to protect user
identity and customer information.
#4
Auditing, Testing and Improving Company Technologies
Anti-phishing software, OS and browsers can
protect your system from damage or unauthorized access. Another precautionary
step companies can take is to register internet domains that differ slightly
from the legitimate domain name of the firm. Opt for a system that checks
emails with extensions not identical to
but similar to it. Once technology has been invested, check through internal
audits and see if adequate safeguards are in place or not.
#5
Know Your Clients
Check regarding the frequency, amount, details
as well as reasons for payment practices of customers and also specify changes
in vendor payment location and confirmation of requests for payment to new
accounts.
Open communication, two-step authentication
and verification can guard the company against phishing websites and data
breaches. It is essential to have solid communication systems and security
measures in place, so that you don't become the target of a preying
cybercriminal out to make a fortune.
