Protecting confidential data against phishing

Case study: A hacker sends a fraudulent e-mail to one of your employees. With this e-mail, he manages to obtain the access data for your payment software. Operating in the background, the cyber criminal then transfers CHF 25,000 to an account abroad. Despite rapid intervention, the money cannot be retrieved.

What is phishing?

Fraudsters use fake websites, e-mails and text messages to attempt to obtain confidential data from unsuspecting Internet users. This may include access data for e-mail accounts, login details for online auction platforms such as eBay or even access data for e-banking.

Five preventive measures

Take these five measures to protect your business and train your staff to deal with cyber risks.

• Introduce the principle of dual control for the transfer of large sums of money (e.g. joint verification).
• Schedule multi-factor authentication for critical systems.
• Install technical protective measures such as firewalls, virus scanners, etc. and a password policy.
• Set up a continuous and timely patch and update management system to install the latest patches/security updates from the operating system and software manufacturers. 
• Define and install appropriate triggers (e.g. limits and conditions) with the banks in question to intercept fraudulent payments.

It is also particularly important to train staff to recognize fake e-mails where possible. Helvetia offers free security training for SMEs and their employees. Learn more about how to behave correctly online and handle confidential data.

Cyber Insurance covers the costs arising from…

• A loss analysis including forensics to determine the cause and extent of the insured loss.
• Financial loss resulting from the fraud.

In the event of a claim, Helvetia also provides access to a network of experts consisting of IT security specialists and others.