You can’t ignore the growing threat of business email compromise anymore, especially with the rapid increase in the continent’s cybercrime. Specifically, this cybercrime can severely affect your business and its stakeholders. So, it’s crucial to position yourself with the knowledge and skills with a view to preventing business email compromise (BEC).
What is a BEC?
It’s a type of cybercrime that involves tricking your business’s personnel (employees, contractors, directors) into sending sensitive information to the incorrect recipient or making unauthorised financial transfers. The attacker typically gains access to the victim’s email account through phishing or other methods. Then, they send fraudulent messages that appear to be from a trusted source, such as a supplier or vendor. In this way, they gain access to information or money.
BEC attacks often target businesses that handle large amounts of money or sensitive information, such as law firms, real estate companies, financial institutions, medical companies, and ECSPs. The attacker will use the compromised email account to request funds transfers, steal sensitive information, or spread malware.
The risks to your business
- Financial loss. BEC attacks often involve tricking people into making unauthorised financial transfers, which can result in significant financial losses for the business.
- Reputational damage. The fact that you’ve experienced a BEC can damage your business’s reputation, as customers and other stakeholders may question your information security.
- Legal liability. If a BEC results in an unauthorised funds transfer, you may face legal action from the affected parties. This point is demonstrated in the case of Harwardien v ENS.
- Disruption of operations. It can disrupt your normal operations. How? Your personnel would be forced to devote time and resources to resolving the issue and recovering from the attack.
- Loss of sensitive information. BEC attacks often involve the theft of sensitive information, such as confidential business data or personal information of employees and customers. The theft can severely affect the privacy and security of individuals and businesses.
Preventing business email compromise
There are several steps businesses can take to reduce the risks of BEC, including:
- Take a top-down approach. Your company directors need to be aware of the risks of BEC and actively guide the business’s strategy in this regard. Remember, there’s a close link between BEC, data protection, information security, and business continuity.
- Raise personnel awareness. Regularly remind personnel about the dangers of BEC and how to recognise and avoid phishing attacks. For instance, emphasise how crucial it is never to give out sensitive information or make financial transfers in response to an unsolicited email.
- Implement strong authentication. Require personnel to use multi-factor authentication, such as a password and a security token, to access email accounts and other sensitive systems.
- Use email encryption. Encrypt all sensitive information sent via email to prevent attackers from intercepting it.
- Monitor email activity. Monitor email activity for signs of suspicious behaviour, such as unexpected emails from known contacts or requests for sensitive information or funds.
- Maintain up-to-date software. Keep all software, including email client and anti-virus software, up-to-date to ensure that vulnerabilities are patched promptly.
By taking these steps, you can reduce the risks of BEC and minimise the impact of an attack once it occurs. Being proactive about information security is essential, as BEC attacks are becoming increasingly common and sophisticated.
Actions you can take next
- Raise the awareness of people within your organisation on BECs by asking Michalsons to provide you with learning services. We can provide you with infographics, digital content for you to distribute electronically, and with live awareness sessions tailored for your organisation.
- Ensure your organisation doesn’t become a victim of cybercrime by joining the Michalsons cybercrimes programme. Know how to get this right by working through the programme yourself.
- Use technology or software to prevent BECs by asking Michalsons to advise you of the options and put you in touch with the right vendors.
- Take action by asking Michasons actually to put the controls in place for you. You might not have time to take the necessary action yourself and can ask Michalsons to do it for you.