4 x author on securing #nonprofits, #SMEs, Associations and Charities from cyber events using enhance #cybersecurity concepts. Start now, do the self assessment and get your baseline!
Using the 2 person rule for security How does an internet scam work? The most important part of any scam is making you believe, above everything else, that what they say is true. Protecting a business from that eventuality can be achieved with a couple of very simple rules: 1 - Always go back to your own point of truth! What do you do if you get an email from whom you believe to be a client or supplier with details to change their payment details. Do not use any information on the email but go back to your point of truth, your CRM or your accounting system and use that information to check out the request. 2 - Pick up the phone. Most of us have those details right there. Call them to confirm. 3 - In larger organisations make a 2 person rule. For certain details make it that one person checks that the change is required using your point of truth and another makes the changes. Create a 2 person rule (policy, process, procedure) for your organisation to ensure that you never fall for that type of scam Do you think this would help protect your business from a scam? #ExecutivesAndManagement, #AccountingAndAccountants, #cybersecurity
Simple
Verify verify verify!
Thank you for sharing, Roger Smith. I particularly like the 'two person policy', however, that's going to require folks to slow down their process. Lately it seems that 'convenience' outshines 'security'. I'd be interested in hearing your views on how to navigate a fast paced environment without sacrificing safe security practices.
Great tips. Next week I test the ideas with a client.
Good tip Roger. Mostly the scams work because of human error and it might be down to an individual who opened an unsolicited email by error (for example). We think awareness training employees is important. Coupling that with compliance policies and processes as you described will make business more secure.
This is very good advice. Never be afraid to check. Pick up the phone and call a known contact directly.
Entirely agree, particuarly about organisations having certain policies in place which prevent "accidents" from happening e.g. always having phone verification for a change of bank details.
Excellent tip Roger Smith! These basic practices can save organizations from huge losses. But what we see humans make silly mistakes after getting into complacency. Tight processes, good awareness and training for the respective staff and supporting technology controls should help
Another great tip, Rogere.
Roger Smith great points. When in doubt do nothing. The person will make it seem urgent and that you have to take the action fast. Slow down the process or do nothing. They will lose interest once they figure out you will not take any action. Don’t play by their rules.