Becoming a victim of executive impersonation is costly and time-consuming. It uses up company resources that could better be spent elsewhere, not to mention the extra legal fees involved. There are several ways to prevent, or at least cut back on the risk of, executive impersonation fraud.
- Focus on training. Make sure that all employees who are involved in wire transfers are trained in data security, with a focus on business email compromise (BEC) scams. Make this training ongoing, in the form of periodic webinars or meetings. One-time training may be forgotten, while ongoing education reinforces the importance of this topic. Encourage employees to question emails that look suspicious, and don’t be short with them when they do. Establish programs and procedures to verify wire transfers. Remind employees that they can report suspicious activity anonymously.
- Employ cybersecurity consultants. These consultants can identify, monitor, and mediate against BEC scams and other attacks. They will also be able identify attacks on social media, find and remove fraudulent and impersonating accounts, monitor key accounts for compromise, and investigate attacks being planned against your company.
- Review and refine policies for requesting, initiating, and approving wire transfers. Don’t allow wire transfers through email requests only; they should be verified through a phone call. Require two employees to approve wire requests and authenticate the identity of the proposed recipient of the transfer before its release.
- Conduct a risk assessment of company systems to identify and fix weaknesses. The use of a cybersecurity firm is highly recommended for this job. The firm can conduct testing of the company’s email, firewalls, security software, operating systems, and internet browsers. Consultants will flag incoming email with similar but not identical domains and register them in the company’s name to prevent hackers from using them.
- Discuss obtaining cybersecurity insurance with your insurance agent. It may be a good investment for your organization especially if you have liability exposure to third-parties.
We hope you have found this series useful in educating yourself about executive impersonation fraud, how to cope if you’re targeted, and how to proactively protect yourself and your business. Please don’t hesitate to contact us with additional questions!