In order to strengthen the awareness for compliance, SEKISUI CHEMICAL Group annually organizes compliance months around the world. This year the months are focused on cyber security. There is a message from the Japanese Headquarters that we would like to share with all European employees.
At SEKISUI CHEMICAL Group, we continuously strengthen the topic compliance at all sites around the world. In the so called ‘compliance months’ starting in October we will execute lots of programs around the world and are kindly asking you to pay attention for compliance issues.
Business email compromise attacks (BEC), a form of cyber crime which uses e-mails that fraudulently represent a CEO or customer/supplier to cheat companies out of their money, have been increasing in recent years. The fraud group has a cross-border network and the amount of financial damage worldwide is estimated to be more than 10 billion euro. Therefore, it is essential to know that this kind of email fraud is happening and to take measures to prevent becoming a victim of this crime.
In a BEC exploit, the attacker typically uses the identity of a company executive or business partner by creating an account with an e-mail address that is very similar to the real one – asking for money transfers to the attacker’s account. Technically, it is not difficult to display the same real address as the reply-to-address. There is a very high risk that one attack will spread to the entire SEKISUI CHEMICAL Group and its business partners.
Methodologies to break security and undertake cyber-attacks are becoming more sophisticated day by day. Therefore, we kindly ask all SEKISUI employees to follow the counter measures mentioned below.
- Do not only check displayed name and e-mail address when you receive an email but also check the ‘header’.
- In case you receive information on a bank account change, ask to reconfirm the change by any means other than e-mail, e.g. telephone.
- A payment must always get the approval from the approver defined within the organization.
- Watch out when opening attachment files or clicking links embedded in an e-mail.
- Do not reuse the same password.
- Keep updating the security software and OS (operating system).
- Please also report to your organization immediately in case there is any suspicious aspect in a received e-mail.
Thank you for reading this message and keeping your awareness for compliance and cyber security.
Hiroyuki Miyazaki,
General Manager of Legal Department
Kazuya Hara,
General Manager of Information System Group, Business Strategy Department
