Understanding Social Engineering, the manipulation technique that exploits human error to gain private information, is the first step to avoiding being a victim of an attack. The second step is to learn how you can best protect yourself and your business from it.
Changes to the vendor remittance details (changing the account money is transferred to or the payee) or employee payroll data should never be modified at the direction of an email. Reach out to the employee or vendor by phone, text, or internal safe communication channels to ensure the change was requested by them and not a hacker.
Do not use the same password across multiple systems--and change passwords regularly. You could even go so far as to schedule a specific time for your company to update them twice a year.
A password is no longer enough to secure your accounts. Use an additional layer of protection such as a security question, SMS confirmation codes, or QR authentication.
Make sure your business has its spam filters set to high. Doing so will help keep a large portion of spam out of your inbox.
Do not click on unknown links in emails or messages--EVER!
This is a vital step. Create a document detailing these necessary procedures. But it’s only useful if it is followed. It’s also important to take the time to make this document available to all employees and vendors, and educate them on it! At BudgetEase, we tell our employees and vendors that we follow very specific procedures and it’s important they are followed. We then share our document with them. Here’s our procedure.
Let’s face it, your team is human. If you follow all the steps recommended here and your company is compromised, it's best to have appropriate insurance in addition, so at least the financial loss is covered. Call your insurance provider today to make sure you are covered. You will still be faced with considerable time and emotional loss from the fraud. But insurance can help ease the pain.
We have assisted numerous businesses to implement and follow safety procedures specific to their business. Let us know if you need a security tune-up! We would love to help you author procedures specific to your growing business and help keep you protected.