Business emails are being hijacked every day, and fraudulent alterations are costing New Zealand business millions. There is also the reputational damage to businesses! With the CERTNZ Cyber Smart Week kicking off next week we thought it was timely to discuss the threats out there and offer some solutions to help mitigate your risk.
When a sophisticated outfit like Team NZ get taken for more than $1 million, you sit up and take notice. Then you read about an Auckland sailmaker and a string of other copycat email hi-jackings and you know it is getting serious.
The most recent data from NetSafe shows that in 2018 New Zealanders reported more than 13,000 instances of online scams and fraud and $33 million in losses up from $10.1 million. The average loss was $21,140, with the highest being $5 million.
Microsoft report that one in five Kiwis are affected by cybercrime each year and that worldwide cybercrime is now bigger than the global drug trade.
No-one is immune from electronic fraud
We are constantly hearing about assaults on computer networks themselves. In recent weeks there has been a lot of publicity as big businesses like Lion, F&P Appliances and Toll have suffered at the hands of ransomware gangs. This is very public, which is why it’s good fodder for the daily press and bad publicity for those affected.
Chris Keall, writer for NZ Herald recently wrote about how Spark, Vodafone and 2Degrees have tightened protections after a spate of sim card hijacking scams cost 20 Kiwis more than $1 million. These scams let an offender take over users' mobile phones, allowing them to pretend to be the phone owner, and also receive text confirmations that can allow the scammers, for example, to change the password on bank accounts and then authorise the removal of funds.
Business email remains top of the list for scammers
As email is the most common business communication method today, it will continue to be heavily targeted by the scammers. We are all reasonably cautious of the clumsy scammers, but hackers are now intercepting business emails and they can look totally authentic, which in part many are, but with a few subtle changes!
As a “sender” you are not going to be the compromised party. That is more likely to be your important customer or key prospect! Yet many businesses remain reluctant to make the very small investment in an email security solution like Cumulo9’s “Track & Trace”.
At just a few cents per user per day, this is a very small investment in return for some significant “peace of mind”.
In the USA, where there is much more comprehensive reporting, it has been estimated that email scamming is now causing $700 million a month in business losses.
New Data Privacy laws will require businesses to adopt best practice
The NZ Privacy Act has been reviewed and when rolled out in December this year, the revised Act will prescribe a range of new obligations relating to how businesses should secure their data and deal with the growing complexity that exists around electronic customer communications.
It’s time to ask some hard questions within your business:
- Has the right Disclosure Statement been appended? Can I prove it?
- Was the right attachment attached?
- Am I using up-to-date security and authentication measures like TLS, DKIM and DMARC to ensure my email communications get through without being altered or spoofed?
- Did the document go out at all?
- If it did get sent, did it bounce and why? Do I have an automated default process set-up?
What’s required to protect your email services?
Cumulo9 has a solution called “Track & Trace” that deals with the very problems referred to above.
You do not need to alter the way you send and receive your emails – you can continue to use your current Office 365, GSuite or Exchange environments and the emails are simply routed through the secure Cumulo9 system, before they reach the end recipient, allowing the system to apply DKIM and provide comprehensive reporting on all processed emails.
Simply get your network administrator to make a small change to your email server configuration, along with a minor addition to your DNS records and you have enabled Cumulo9’s NZ-hosted “Track & Trace” application. It is just that easy, and you also get the added benefit of “silent” email receipts and a supporting dashboard.
Now your emails will incorporate best-practice security features like DKIM, which shows the recipient server that the email hasn’t been tampered with. SPF that will clearly identify that your email is legitimate, and TLS connections ensure your correspondence is being sent over a secure line. It all comes with a reporting dashboard that includes proof of “opens” which is now a critical element in the customer interaction process.
Let’s not forget GDPR, a regulation that is top of mind for many larger businesses, as fines are significant if communications are in breach of the GDPR guidelines. Then there are other standards like ISO27001 and the NZ Privacy Act that all require your emails meet certain obligations.
The need for more decisive action to address security issues
Organisations like Netsafe are doing a great job in informing the public about email scammers and a branch of MBIE called CERTNZ is also in the business of informing the public about scams and fraud.
The NZ Police website has detailed warnings for the public, Ministry of Justice and INHOPE (International Association of Internet Hotlines) are promoted as sources of information. There is CFFC (Commission for Financial Capability) that actively promotes safe internet and email interaction. There are also financial bodies like the FMA, Insurance Council and Bankers Association that provide a level of governance - but with all this advice, why aren’t business deploying the security solutions that are now available?
Cumulo9 are so confident that once tried “Track & Trace” users will become long-term supporters, that a 90-day free trial period is being offered.
For more information simply complete the inquiry form in the link shown below.