Do You Know What the “The CEO Scam” Is? Bearingstar Cyber Security Tip #1
The Department of Homeland Security sends a clear message to business owners: You need to take charge of your company’s cyber security and work with qualified professionals to secure all devices, networks, and data.
Cyber attacks are prolific these days, and, according to the FBI, widespread, sophisticated cyber crime is not just a threat at the highest levels of our nation but also to individuals, businesses of all sizes, and other organizations in the private and public sector.
As your commercial insurance partner, Bearingstar’s role is always to help you safeguard your business, your employees, your facilities, and, ultimately, the customers who use your products or services. A cyber attack can jeopardize the safety and reliability of all of these, so we want to provide you with a series of four key cyber security recommendations that you, and your entire team, can initiate today. If you’d like to check out the other blogs in the series, you can find them here:
- Secure Passwords and Best Practices To Protect Your Business.
- Why It’s Important To Know How Third Party Vendors Protect Your Company Information.
- Three Easy Steps To Defend Against A Cyber Attack.
Cyber Security Recommendation #1: Start At The Very Top By Stopping The CEO Scam
According to the FBI, business email compromise (BEC), also known as the “CEO Scam,” is an emerging global threat, costing businesses billions of dollars worldwide. The CEO Scam is a type of payment fraud that involves the compromise of legitimate business e-mail accounts – often belonging to either the chief executive officer or the chief financial officer – for the purpose of conducting unauthorized wire transfers.
These emails often look something like this:
You may think you and your employees are smart enough to outsmart a BEC attempt, but today’s cyber criminals are much more savvy than the scammers of the past. These fraudsters first do a lot of research on you, other company executives, and your company. Then, to lessen the likelihood of raising suspicions, they use your company’s own language in the fraudulent email, request wire transfers in dollar amounts that seem legitimate, and gain access to e-mail threads about billing and invoices.
The days of being alerted to a scam email due to misspellings, poor grammar, or odd phrases are long gone. And once a wire transfer occurs, the window of time to expose the scam and recoup your company’s funds is very brief.
Instead, it’s critical to ensure that you and your company do not fall victim to the CEO scam in the first place. Bearingstar suggests starting with the following five cyber security tactics:
1. Establish a two-step verification process for wire transfer payments, eliminating the ability for one person to authorize transfers on their own
2. Implement significant controls over your bank accounts and consider if your wire transfer dollar limits are too high
3. Review your transfer system’s passwords for length and complexity, and use a two-step authentication (versus just requiring one username and password for login)
4. Educate your employees, especially those with access to company funds or have the authority to send transfers, that requests for secrecy or pressure to take action should alert them to a scam
5. Work with your financial institutions to implement the security services they offer
BEC is a relatively simple crime to commit, and so it is likely to continue to grow in popularity among cyber criminals. By setting up a system of checks and balances for wire transfers or payments of any kind, you can improve security of your company’s internal control systems and close your company’s doors to fraudsters immediately.
Stay up to date on the latest scams at the FBI’s Internet Crime Complaint Center.
Do you know what is covered under your business insurance policy in case of a security breach at your company? At Bearingstar, your agent will make sure you understand your policy, what protections it provides, and that the coverage is exactly suited to your specific line of business. Most important, our professional team will walk you through the claims process so you will be prepared just in case. Contact us at one of our 18 Massachusetts or Connecticut offices for a complimentary business insurance quote.