Protecting your business from IT scams

Recent ransomware attacks have highlighted the need for businesses and their employees to be alert for IT threats and scams.

The WannaCry ransomware attack managed to hold over 220 000 computers hostage around the globe.

Phishing - what is it?

Many ransomware attacks come from email phishing where emails are sent to businesses with a link that when clicked downloads the ransomware in the business’s IT system. These emails may look like they have been sent by banks, postal services, or other genuine sources but are in fact created to infect a computer system and hold data until a ransom is paid.

Invoice fraud

Invoice fraud is another common scam where fake invoices are emailed to businesses to join online directories or to renew trademark applications.

Law firms have become especially alert to emails being intercepted by computer hackers, where the fraudster poses as the client and substitutes their bank account details into emails to steal the proceeds from transactions.

Fighting back with training and good policies

Many of these threats can be nullified by having good internal IT policies and training for employees. Employment agreements should detail how work computers are to be used. This would include policies around accessing websites for non-work purposes, and prohibiting the download of software applications to work computers without permission.

Staff should be trained to recognise suspicious emails. As a rule:

  • Don’t download attachments or click on links in emails from people you don’t know.
  • Don’t pay invoices that arrive unexpectedly via email, without investigating further.
  • Check that emails from organisations like banks and government departments are authentic. Bad logos, poor spelling, and sloppy formatting are dead giveaways of a scam.