Cybercrime can hit any business. More and more businesses are falling prey to cybercrime and the methods used are constantly evolving. Fortunately, there are many ways you can protect your business.
In 2017, cybercrime accounted for $600 billion in global losses. In Canada alone, nearly half of SMEs are victims of this type of attack. Unfortunately, this trend is on the rise—the cybercrime rate climbed 45% between 2014 and 2016, according to McAfee, an antivirus software company.
The techniques are numerous and rapidly evolving, making them difficult to prevent. Fraudsters “generally target a specific person within the company, like the CFO,” says Cyrille Aubergier, head of security management at SITAONAIR and cybersecurity lecturer at Polytechnique Montréal. Here are some of the most common types of cybercrime:
CEO fraud: Fraudsters collect a lot of information about the targeted company, its processes, reporting levels, the names of those who hold the purse strings, and so forth. Then they send an email to the company’s CFO or accountant, claiming to be the CEO. The message asks that a large sum of money be immediately transferred to a specified account to finalize an acquisition that must remain confidential. “Scammers generally play up the ‘urgency’ of the situation, sending out the message at 5 p.m. on a Friday, when only a few employees are still at the office and it’s harder to verify,” says Cyrille Aubergier. In general, fraudsters strike when the CEO is away, ideally on a business trip abroad.
Ransomware attack: A malicious software that blocks a company’s IT system. To remedy the situation, the fraudsters demand a ransom.
Phishing: Fraudsters trick victims into thinking they are dealing with a trusted institution, such as a bank, to obtain personal information such as their passwords, credit card numbers, etc.
They then attempt to introduce a malicious software program, commonly known as malware, into the employee’s computer through an Internet link or a file in an email. The malware then looks for and collects information (banking details, account numbers, names of financial officials with signatures, etc.) and searches through the browsing history to check in particular whether the victim has used the computer to access their bank accounts. The malware may also install a key logger in keyboards to recover passwords.
Fake email: Fraudsters claim to be one of your suppliers, asking you to switch your payments to a new bank account going forward. The ploy is only discovered when the real supplier complains that they haven’t been paid.
Protection begins with being aware of the risk. Next, establish a prevention plan that covers all areas of the company. “There’s nothing worse than buying an app to protect user access and it’s useless because it’s misconfigured or the alerts aren’t monitored. It creates a false sense of security,” warns the expert.
Natasha Rocheleau, Senior Manager, Commercial Cash Management Solutions at National Bank, stresses how important it is to raise employee awareness of cybercrime and establish good practices internally. “With CEO fraud, there are red flags to watch out for: emergency situations, confidentiality, the fact that the beneficiary is not known to the person making the transaction, etc. Putting in place verification and identification procedures is key to ensuring that the request did indeed come from the top,” she suggests.
For high-risk transactions, she recommends using an authentication solution such as a SecurID key or an authentication token. These devices produce passwords that change at fixed intervals. To continue navigating, the user must enter the displayed code. This provides further protection by blocking access to the site for anyone who does not have the authentication solution on hand.
“Enhanced security” is an additional security measure that restricts access to websites by linking user codes or user names to specific computers. When a session is opened on an unregistered computer, the system will ask the user to confirm their identity by answering one of the personal questions created in their user profile.
“When it comes to transactions, you can also set monetary limits for each employee or require additional authorizations by another person internally, for instance,” says Rocheleau.
It’s easy to be tricked. Fraudulent emails are now better designed, well translated, and free of spelling mistakes, and the subjects discussed are designed to pique the reader’s curiosity, sympathy or surprise. Be on guard!
Any reproduction, in whole or in part, is strictly prohibited without the prior written consent of National Bank of Canada.
The articles and information on this website are protected by the copyright laws in effect in Canada or other countries, as applicable. The copyrights on the articles and information belong to the National Bank of Canada or other persons. Any reproduction, redistribution, electronic communication, including indirectly via a hyperlink, in whole or in part, of these articles and information and any other use thereof that is not explicitly authorized is prohibited without the prior written consent of the copyright owner.
The contents of this website must not be interpreted, considered or used as if it were financial, legal, fiscal, or other advice. National Bank and its partners in contents will not be liable for any damages that you may incur from such use.
This article is provided by National Bank, its subsidiaries and group entities for information purposes only, and creates no legal or contractual obligation for National Bank, its subsidiaries and group entities. The details of this service offering and the conditions herein are subject to change.
The hyperlinks in this article may redirect to external websites not administered by National Bank. The Bank cannot be held liable for the content of external websites or any damages caused by their use.
Views expressed in this article are those of the person being interviewed. They do not necessarily reflect the opinions of National Bank or its subsidiaries. For financial or business advice, please consult your National Bank advisor, financial planner or an industry professional (e.g., accountant, tax specialist or lawyer).