13, December 2017
What I talk about when I talk about cyber security.
The latest episode of Dagens Industri’s Swedish podcast Digitalpodden is now out. It is the second out of three that Ports Group are sponsoring.
In this episode, my colleague Patrik is interviewed on the subject of email fraud in general, and “CEO frauds” in particular.
This topic is one that we have touched upon a lot lately. I myself was for example interviewed in Dagens Industri a few weeks ago regarding how companies can act proactively in order to minimise the risk of fraud.
The reason we keep bringing this up is that we strongly feel that there is overall far too little knowledge on how you can, and should, act proactively in order to protect your own organisation – and others’ – against fraud.
We are painfully aware of the problem that when you mention the words “email fraud”, most normal people stop listening. However, that would be making a mistake.
It is really not that complicated, let us break it down:
- The standard email protocols lack mechanisms for authenticating that the stated sender is the actual sender.
- In practice, this means that an email can be sent with a falsified sender that to the receiver looks exactly like the person that the fraudster is impersonating, including the email address your email client (such as Outlook, Apple Mail and so on) states is the sender of the email.
- Despite the widespread misunderstanding that there is nothing to be done about this, there are security mechanisms to be implemented.
- However, it is important to stress the fact that the responsibility lies with the SENDER, i.e. your company, to protect your company’s identity against attempts to fraud that are directed against your employees or (perhaps even worse) your clients and/or suppliers. A receiver cannot, and should not, bear the responsibility to ensure your identity.
- The vast majority of all large Swedish companies are currently lacking these types of security mechanisms, and are therefore risking having their identity “borrowed”.
- The damages that can occur from an email fraud are of course of financial nature, but there is little or no discussion on the potential damage to the brand. It is very common that attempts to fraud occurs by the fraudster uses the identity of one company as a mean of contacting other companies and/or individuals in order to get his or her hands on money, sensitive information and/or spread malicious code.
The most important thing to take away from this is that the power to secure your digital identity lies in your own hand, no one else’s.
My firm recommendation is that you do this today.
We are happy to tell you more about how a tailored solution for doing that can look like.