The FBI advises businesses to follow a number of self-protection strategies to avoid being a cybercrime victim. They include:
- Avoid free Web-based email accounts. Establish a company domain name and use it for company email accounts.
- Be careful about posting information about job duties and descriptions on social media and company websites.
- Be suspicious of requests for secrecy or pressure to take action quickly.
- Consider additional IT and financial security procedures, including the implementation of a two-step verification process for financial transactions. For example, establish other communication channels, such as telephone calls, to verify significant transactions and arrange them outside the email environment.
- Immediately report and delete unsolicited email (spam) from unknown parties. DO NOT open spam email, click on links in email or open attachments. These often contain malware that will give subjects access to your computer system.
- Do not use the “Reply” option to respond to business emails. Use “Forward” and type in the correct email address or select it from your email address book to ensure the intended recipient’s correct email address is used.
- Consider implementing two-factor authentication for corporate email accounts.
- Beware of sudden changes in business practices — if a business contact suddenly asks to be contacted via their personal email address when all previous official correspondence has been through company email, the request could be fraudulent.
- Create intrusion detection system rules that flag emails with extensions that are similar to company email.
- Register all company domains that are slightly different than the actual company domain.
- Confirm requests for transfers of funds. Know the habits of customers, including payment amounts and reasons.
A complete list of protection strategies is available on the Department of Justice website www.justice.gov in the publication “Best Practices for Victim Response and Reporting of Cyber Incidents.”
