The financial services industry is a prime target for bad guys because they have access to the type of data criminals want. Unfortunately, many financial firms make their client's data too easy to obtain.
Why? Because humans are predictable!
- We typically re-use the same passwords across multiple sites. So if LinkedIn gets breached, then the bad guys can quickly use those same passwords to log into Office 365.
- We are curious – and we want to help. If you get an email from a colleague asking to collaborate on a file or to help with a payment, we typically take action without confirming that the request is legitimate.
The bad guys use these tactics to help steal your log in information – which can then be used to siphon money and data out of your company.
Here are 7 simple and free things you can do to help mitigate your risks.
- Set up a wire transfer policy that requires voice confirmation before a wire is executed or approved.
- Set up a custom log in page for Office 365 or Google that helps the employee quickly identify that the page they are logging into is really your company page.
- Review your Admins (in Office 365 they are called Global Admins). If you have any end users that are using their day to day account as a Global Admin, set up a separate account (such as firstname.lastname@example.org) that is used for administrative activities. This can protect your tenant in case the employee’s email gets compromised. (Global Admins don’t have to have licenses assigned, so this is free!)
- While you are at it, set up MFA for your Global Admins. Consider setting it up for all users (recommended!). There are free and paid options.
- Remind your staff, frequently, that security starts with them and they should think twice before clicking that link or authorizing that wire.
- Have your insurance provider review your coverage for cyber security and social engineering fraud coverage.
- Check the dark web to see if your account has been compromised in a data breach.