Data mapping is a key task in the preparation for GDPR and will help: - identify the Personal Data being handled by an organisation; how it flows, and is stored, within existing processes; and if it is shared with third parties. Once completed, the map will highlight the GDPR issues that need to be dealt with such as: - why the data is held (lawful basis); what is processed (minimisation); how is stored (integrity and storage limitation); as well as the identification of the risks associated with the data.
Here is a simple visual example - https://www.cyberstrategies.co.uk/gdpr
Don't underestimate these perpetrators
I have been contacted to help victims from this form of scam and what becomes clear is the degree of reconnaissance that has been undertaken.
The quality of the information and also grammar has been increasing more recently as the opportunities to extract cash is being fully understood by professional criminal gangs.
It is difficult to legislate for every payment scenario but a robust payment process requiring prompt invoice approval and dual authorisation of payments will help reduce the success of these scams - sadly many small companies have not invested in such processes and are more likely to fall prey to this growing scam.
Training all employees and management is key and keeping awareness will also help greatly.