It might not be nice for you if someone else is trying to be naughty with your company’s money!

Most people will know by now that if you receive an email from a Nigerian prince asking for money you should definitely not send it.  But with scammers becoming increasing clever in their tactics, even the most savvy may be lured into a false sense of security.

“CEO fraud” is on the rise, with the National Cyber Security Centre describing it as one of the “biggest risks facing businesses”.  Criminals are often masquerading as a senior executive, conning junior staff into thinking they’re in an email exchange with the boss, when actually it’s a fraudster, who doesn’t even need technical knowledge to scam your business out of thousands.  So not only do you need to know the risks, but you need to provide your employees with up-to-date training about email scams.  You may think that if your employee is the one that is conned, then they should be the ones that will have to pay, but that’s not necessarily the case.

In a recent case at Scotland’s Court of Session, a fraudster posed as the company’s managing director and asked an employee to make payments to an unknown company, which she did.  Her employers were furious (as you’d expect) and sued her to get back the missing £193k.  The court decided in the employees’ favour, although she is still likely to have had some significant legal fees, not to mention the stress and worry.

Part of the employees’ defence was that her employers had not trained her on how to identify fraud properly.  She was also able to show that she had followed the procedure as she was told to. So how can you protect your business from email scams?

1. Staff should be wary of out-of-character emails from senior management

Scammers often impersonate people in positions of power to gain psychological leverage over their victims. Encourage employees to be mindful of who they’re receiving emails from and consider whether or not the communication is out of the ordinary.

2. Requests to bypass policies

Most organisations have strict procedures in place to ensure that money or sensitive information is protected (and if they don’t, now’s a good time to fix that!). Employees should be very wary of any emails that ask them to bypass these procedures, they are there for a reason!

3. Review processes

Implementing policies with multiple checks and controls can help to protect organisations from attacks. All employees, including management and directors, should know and follow clearly defined processes for handling financial transactions and important requests.

If you need help keeping off the naughty list, or just want a good excuse for a catch up, drop me a line and we’ll find time to discuss who is on our nice list.

Kleyman & Co Solicitors.  The full service law firm.  Because legal advice is not just for Christmas.