An industry survey found that nearly 7 out of 10 organizations were targeted last year in business email compromise (BEC) scams.1 As disturbing as that is, consider that another study says nearly 1 out of 5 of BEC attempts are successful.2
Here's what business owners and managers need to understand about these findings: The only way a BEC attack succeeds is if your employees get fooled. And the best way to prevent employees from being fooled is to regularly and effectively train them. Indeed, training employees to increase their cybersecurity awareness is critically important for business success.
Educating Employees to Recognize Scams
A major emphasis in training should be to equip employees to spot cyber scams, particularly those that rely on what security specialists refer to as “social engineering.”
One form of social engineering is impersonation, the kind fraudsters use in business email compromise assaults. In a typical BEC attack, a fraudster sends an email to an employee authorized to move money. The fraudster purports to be a company executive, such as the owner or CFO, or in other cases claims to be a vendor. The email typically instructs the recipient to wire a payment to a new bank account number, or even to a different bank. The fraudster hopes the recipient will comply without investigating and confirming the legitimacy of the request.
Training gives employees a much better chance of spotting the ruse. Businesses need to regularly exhort employees to thoroughly vet any such requests before acting on them. Specifically, employees should be trained to verify any new wire instructions directly with the person making the request, and to do so through a different communication channel — generally, if not in person than by phone using a proper contact number on file, not a number listed in the received request.
Employees should be advised on how to spot an array of common scams and how to respond when they do. Research suggests the organizations that train their employees to recognize cybercrime are five times less likely to fall victim to ransomware and four times less likely to take a hit from business email compromise.3
Promote Consistent Use of Best Practices
You also want to train employees to use bank security tools effectively.
It does the business no good, for instance, if you provide financial managers with online access to bank accounts but they don’t regularly monitor those accounts to identify fraudulent transactions.
Similarly, a bank tool like ACH positive pay won’t curb fraud unless your financial team is reviewing exception items daily.
At Hancock Whitney, we are committed to seeing our clients succeed. We know a major cybersecurity fraud loss can devastate a budget and even threaten a company’s survival. So, we offer a variety of online resources designed to educate everyone in an organization about fraud dangers and security best practices.
We invite you to visit our Cybersecurity Awareness page, where you will find educational white papers and infographics, as well as information about products and services designed to assist a business in combating fraud. The page also offers helpful articles on topics such as curbing blue-box check fraud and defeating card-not-present transaction crime.
The theme of national Cybersecurity Awareness Month is “See yourself in cyber.” Training is central to ensuring your employees see themselves as part of the solution to the ever-evolving threat of cybercrime.
1 2022 AFP Payments Fraud and Control Survey, https://www.afponline.org/publications-data-tools/reports/survey-research-economic-data/Details/payments-fraud
2 Strategic Treasurer Treasury Fraud & Controls Survey Report 2020. https://strategictreasurer.com//files/2020_Treasury_Fraud_Controls_Survey_Infographic.pdf
3 Strategic Treasurer Treasury Fraud & Controls Survey Report 2020. https://strategictreasurer.com//files/2020_Treasury_Fraud_Controls_Survey_Infographic.pdf