Cybersecurity Tip #1: Bank Wire Process

My degree in grad school was in computer science, but my focus was cybersecurity. I’m going to try to give out some tips on how to be safer online.

When I work with companies on cybersecurity, and when I talk to friends about their experiences, I hear about a wide variety of issues. The one I hear most often, though, is about phishing. For those who don’t know, “phishing” is a term for emails designed to convince the reader to take some action: click a link, download a file, or take some business action.

What I often hear about is a very particular type of phishing: emails are sent to employees which look like they come from the CEO of the company. Hackers accomplish this by spoofing the email address or name of the boss and instructing people within the organization to send some amount of money, say tens of thousands of dollars, to a certain entity. The employee thinks this is a command from their boss, but it’s really a criminal directing funds to their offshore account.

This “hack” can be prevented without anything more than a proper process and system around large payments. Instruct persons with access to bank accounts to verify via phone or in person with their manager/superior any transactions over a certain threshold. That threshold could be as low as $1,000.

In building and manufacturing, they say “measure twice, cut once.” Make sure that your employees use proper process, and encourage them to double-check actions or emails they find suspicious.