You can’t ignore the growing threat of business email compromise (BEC), given the rapid increase in cybercrime. Specifically, this cybercrime can severely affect your business and its stakeholders. So, it’s crucial to have the knowledge and skills to prevent business email compromise.

What is a BEC?

It’s a type of cybercrime that involves tricking your business’s personnel (employees, contractors, directors) into sending sensitive information to the incorrect recipient or making unauthorised financial transfers. The attacker typically gains access to the victim’s email account through phishing or other methods. Then, they send fraudulent messages that appear to be from a trusted source, such as a supplier or vendor. In this way, they gain access to information or money.

BEC attacks often target businesses that handle large amounts of money or sensitive information, such as law firms, real estate companies, financial institutions, medical companies, and ECSPs. The attacker will use the compromised email account to request funds transfers, steal sensitive information, or spread malware.

The risks to your business

  1. Financial loss. BEC attacks often involve tricking people into making unauthorised financial transfers, which can result in significant financial losses for the business.
  2. Reputational damage. The fact that you’ve experienced a BEC can damage your business’s reputation, as customers and other stakeholders may question your information security.
  3. Legal liability. If a BEC results in an unauthorised funds transfer, you may face legal action from the affected parties. This point is demonstrated in the case of Harwardien v ENS.
  4. Disruption of operations. It can disrupt your normal operations. How? Your personnel would be forced to devote time and resources to resolving the issue and recovering from the attack.
  5. Loss of sensitive information. BEC attacks often involve the theft of sensitive information, such as confidential business data or personal information of employees and customers. The theft can severely affect the privacy and security of individuals and businesses.

Preventing business email compromise

These are some of the actions organisations can take to reduce the risks of BEC.

  1. Take a top-down approach. Your company directors need to be aware of the risks of BEC and actively guide the business’s strategy in this regard. Remember, there’s a close link between BEC, data protection, information security, and business continuity.
  2. Raise personnel awareness. Regularly remind personnel about the dangers of BEC and how to recognise and avoid phishing attacks. For instance, emphasise how crucial it is never to give out sensitive information or make financial transfers in response to an unsolicited email.
  3. Implement strong authentication. Require personnel to use multi-factor authentication, such as a password and a security token, to access email accounts and other sensitive systems.
  4. Use email encryption. Encrypt all sensitive information sent via email to prevent attackers from intercepting it.
  5. Monitor email activity. Monitor email activity for signs of suspicious behaviour, such as unexpected emails from known contacts or requests for sensitive information or funds.
  6. Maintain up-to-date software. Keep all software, including email clients and anti-virus software, up-to-date to ensure that vulnerabilities are patched promptly.

By taking these steps, you can reduce the risks of BEC and minimise the impact of an attack once it occurs. Being proactive about information security is essential, as BEC attacks are becoming increasingly common and sophisticated.

Actions you can take next

  1. Learn more about BECs by attending a webinar on Practical Tips to Deal with Business Email Compromise.
  2. Raise awareness of BECs within your organisation by asking Michalsons to provide learning services. We can provide you with infographics, digital content for you to distribute electronically, and live awareness sessions tailored for your organisation. 
  3. Empower yourself to take action by joining a Michalsons programme on working through the module on Dealing with Business Email Compromise (BEC). Know how to get this right by working through the programmes yourself. 
  4. Utilise technology or software to prevent BECs by consulting Michalsons, who can advise you on available options and connect you with the appropriate vendors. 
  5. Take action by asking Michasons to actually put the controls in place for you. If you don’t have time to take the necessary action yourself, you can ask Michalsons to do it for you.