The recent bank failures may trigger additional cyber risks and threats to businesses, particularly if you need to transition to new banking partners. Please be aware of the heightened risk of cyber bad actors using social engineering techniques and phishing attempts.
In an effort to help you, we recommend the following best practices to combat the heightened risk and remain vigilant. Following these best practices can help reduce the probability of a social engineering claim and reduce your total cost of risk, not only during these challenging times, but also for your organization’s overall risk mitigation efforts.
With respect to requests for wire transfers or changes in payment instructions it is imperative to institute a secondary means of authenticating the transaction, with strict enforcement. Anytime you receive an email requesting to change wire instructions the request should be a red flag. Your accounting team should call back the internal stakeholder, vendor, or client at a pre-established phone number to confirm the legitimacy of the transaction and the wiring instructions. We would also recommend having a process internally that requires sign-off from multiple parties before any wire transaction is initiated.
Training employees is the number one line of defense against social engineering attacks. Implementing a regular stream of security awareness training along with periodically testing your employees with fake social engineering emails helps to determine where additional training is necessary in today’s environment. Supplemental training is recommended in light of the expected increase of social engineering threats.
Direct employees to check the email address if they get a suspicious or “legitimate-looking” email requesting sensitive information. It might have a known contact’s name in the address, but does it follow the company or vendor’s email format? If an employee receives a suspicious email, they should immediately report it to the IT department. Once made aware of a circulating email scam, alert all employees to be on the lookout for similar emails and provide instructions for what to do if they receive it: don’t click anything, mark as spam, delete.
Additional Risk Strategies resources are available below: