The latest report of a successful cyber-crime attack reinforces just how important it is for businesses to ensure that their staff are adequately trained and that they have robust cyber-security policies in place.
In this latest case, an email sent from a law firm to its bookkeeper was intercepted, enabling the cyber-fraudsters to replace the intended recipient's bank account details with their own. The bookkeeper then transferred the €97,000 to the fraudsters' account, where it was immediately withdrawn.
In this case, the law firm was lucky because it appears that the loss will be covered by its cyber-crime insurance policy. However, not all businesses have such insurance policies, and even those that do may find that an insurer may attempt to deny cover if adequate safeguards were not in place.
For example, in this case, an internal policy requiring the bookkeeper to telephone the law firm to verify the bank account details before the payment was made would have been sufficient to reveal that the email had been tampered with.
The fraud occurred after an email sent by a solicitor to the firm's bookkeeper, containing instructions for the making of a payment, was intercepted and bank account details were changed.