A New Dimension in Cyber Liability Exposure

When it comes to cyber liability there are many driving forces challenging businesses today. One major challenge concerns regulation and rules. The challenge is that standards and legal requirements only go so far in addressing the liability. And,  oftentimes are regulations are only internally focused. The missing dimension that isn’t adequately addressed relates to your customers and partners. Yes, there are specific requirements addressing personally-verifiable information and financial details of your partners and customers. However, there are no requirements on the extent, to which, you help the customer or partner avoid being caught by nefarious cyber schemes. Suffice it to say that today, when a company falls prey to a scam, that company, as a victim, is left on its own.

A Sample Cyber Scheme

An all-too-common scenario is our customer gets an invoice, which, outwardly, appears to be from us. They “miss” or do not have the tools or expertise to see that it is a fake invoice and they pay it. They lose the funds. They are in a hole that, hopefully, they can dig out of. 

I have personally seen this happen all too often. Many of our suppliers provide guidelines, policies, and procedures to address this risk. Some of our suppliers do not. There is no consensus on the responsibility as most businesses do not have a legal responsibility. At the end-of-the-day, the protection of customers, against their own limitations, is left to chance (and their ability to spot a scam).

A Smart Industry Security Measure

One example of an industry undertaking an aggressive posture to protect customers is the Association of International Certified Professional Accountants (AICPA). They have done the heavy security lifting and created a new top-level domain .cpa.

At Lead I.T. Consulting we have been helping CPAs make this transition for their own security as well as that of their customers.

More Secure Email

Another process underway in the email industry is the arrival of the date for having more secure email traffic by requiring secure records for sending emails.  Back on October 3, 2023, Google and Yahoo announced requirements that bulk senders must have DMARC in place beginning February 2024. The recognition of successful business email compromises (BEC) has grown to where these industry players are now requiring this in order to process emails.

This effort is having an impact on many small to medium businesses that use email for marketing as the threshold is very low. You can check your domain here MxToolbox DMARC checker.

Providing Peace-to-Mind for our Customers

For our customers, we deliver and implement a mix of software applications, domain and email security settings, and business processes as the solution to protect their customers and clients. The details and specifics of each program vary from client to client. Foundationally, we aim to help our clients improve the security of their business communications. For more specifics or to see how we can help either book a free consultation, call or email us. We’ll be happy to discuss how we might help you.

Scroll to Top