Data or system breaches are potentially the number one risk for many businesses. The threat is just as real for small business owners as it is for enterprise leaders – whether it be from theft, disruption or damage, malicious or accidental. Some threats are easier to manage than others – but there is one source of potential malice that is notoriously difficult to stay ahead of: Social Engineering, otherwise known as CEO Fraud.
The cybercrime networks are getting more advanced and sophisticated by the day and one of the ways they may attack your business is by targeting the most senior people in organisations. By using social media to thoroughly research an organisation, often with automated bots and crawlers, criminals can find out company directors, suppliers and other information and then use these insights to successfully fool unsuspecting (smart!) people. Some of the possible outcomes? Virus infection, lost or frozen data or lost money.
As the owner of your business, it’s vital that you stay informed, this is the first step in retaining control.
Social engineering is an ever-evolving concept. And while it’s tempting to think, ‘That would never happen to me’, the truth is it can. No business is immune. We dealt with an established professional services firm whose finance department transferred funds to a hacker, thanks to a well-crafted email that correctly referenced a particular project, staff and customer details. Scary stuff.
As step one in keeping you informed, here is a brief overview of the terminology you may have seen referenced – sometimes interchangeably. While there are some differences, the terms are all related, and all refer to scams that try to access data and steal information or money.
Before you think ‘I or my team wouldn’t fall for that’, think again. No business is immune to fraudulent attacks. Even technology giants Google and Facebook fell victim to social engineering.
Facebook and Google were hacked by a perpetrator impersonating a large Asian-based computer manufacturer – a regular supplier to both companies. Using social engineering, the hacker generated fake email addresses, invoices and corporate stamps. The result? Over a two-year period, USD$100 million was siphoned to various Eastern European bank accounts.
In one of the largest data breaches ever seen, Equifax admitted that hackers stole personal information from up to 143 million US consumers. Following the public announcement in September 2017, company shares plummeted and several C-level executives exited and were later investigated by the Federal Trade Commission.
Closer to home, we worked with a law firm that was compromised when a well-crafted email reached the finance department. By referencing the right customer and project details, the finance team were fooled into transferring funds to another account. It can and does happen.
The good news is that when it comes to IT security, small steps can make a real difference. And we can help. Our simple, actionable checklist highlights the top security-related priorities for a business running on Office 365 and is a valuable first step in helping you take control. Download the checklist here or get in touch today.