Security update: We’re not here to scare you, but…

As Director of Operations at Hudson Contract, the buck stops with me when it comes to online safety and security. As you’d expect, we continually monitor our systems to ensure all our data is kept secure and review our processes to keep our team safe from threats.

What kind of threats? Well according to a new report from insurance giant AIG, cyber crime that results in financial loss arrives most frequently by way of a business email compromise:

Thanks to behind-the-scenes protection from SSL and TLS – which uses encryption to protect the transfer of data – email itself is a lot more secure than it used to be.  But the weakest link is the user, and this type of cyber crime has leapt from 17% of online frauds at the time of AIG’s previous survey, in 2017.

What happens most often is that someone gets a ‘phishing’ email with a link or attachment and when the recipient clicks on it, the perpetrator gains access to their inbox and can send and receive emails from the victim’s email address while frequently deploying malware to spread the scam to contacts in the victim’s inbox.

Attackers often target people who are responsible for sending payments, sending them an email that appears to come from a superior, instructing them to transfer funds, in the hope that the business has no procedures in place to prevent this from happening.

For someone like myself, this is frustrating, because it’s not so difficult to keep one step ahead of the scammers. Here’s some basic guidance:

Ten ways to stay safe from email fraud:

1. Ensure your systems, stand-alone PCs, networked PCs and the associated servers are protected by up-to-date subscriptions to an anti-virus and anti-malware product.
2. Change passwords on a regular basis and ensure everyone has their own login.
3. Never open email attachments that appear unusual, even if the email seems to have come from someone you know.
4. Don’t click on emailed links to familiar websites that require a secure login. It could easily be a fake website, designed to look like the real thing. Instead, go directly to the known website address, and make sure your login details haven’t been tampered with.
5. Always double check with a phone call to your known contact when changes to supplier payment details are received via email/post.
6. Check that websites asking for sensitive information display https:// in the address bar and display a padlock. It means you have a secure connection.
7. Ensure your company data is regularly backed-up. It’s the only way to get it back if you experience a ransomware attack (don’t pay the attacker – they will only pursue you as an easy target).
8. Invest in a professionally installed and managed firewall to protect from outside intruders.
9. Avoid public WIFI connections if possible. If not, consider subscribing to a VPN service which puts a layer of security between your device and the network you are connected to.
10. Review your security regularly, because complacency is the biggest gift you can give to the criminals who want to steal your money. If you don’t have a policy you are at risk.

For further help and information take a look at these guides: