Nowadays, companies of all sizes are the main focus of cybercriminals. From malware attacks to phishing to DDOS attacks and more, cybercrime against businesses continues to increase, as attackers are becoming more efficient and sophisticated in their attacks. Today, one type of cyber-attacks threatening businesses is business email compromise (BEC).
Business email compromise is one of the fastest-growing cybercrime trends affecting businesses in recent years. According to the latest FBI report, BEC attacks resulted in approximately $1.8 billion in losses, leading it to be the most financially damaging type of cyber-attack.
Ignorance is one of the reasons why business email compromise has become rampant as it was indicated in a report that over 37% of employees are clueless about what to do or look for in order to identify common email scams. As a result, it is essential for business owners to take steps to prevent these scams.
So, how can you protect your company from falling victim to a BEC scam? Here are eight steps you can take to improve your cybersecurity and reduce the risk of cybercriminals gaining access to your email accounts.
The Idea Behind Business Email Compromise
The basic idea behind a BEC scam is simple: to gain access to the email accounts of key position holders within a company. They then use this email to impersonate the owner and send emails to employees or other companies, instructing them to share sensitive information or transfer money. In a lot of cases, these email addresses will appear to be legitimate, making it appear to the unsuspecting employee or client that the request is coming from the owner of the email address.
These attacks are carried out through social engineering techniques or computer intrusion and are influenced by excessive trust, intimidation, or simply a lack of awareness. As a result, businesses need to implement effective ways to protect their company from BEC attacks to avoid potential losses.
6 Effective Ways to Protect Your Company from Business Email Compromise
1. Implement Strong Password Policies
One of the easiest ways for cybercriminals to gain access to your email accounts is through weak passwords. Many employees still use default or simple passwords, such as “pass12345678” or “0987654321” for their company’s account. These passwords are easy to get online or guess, leaving them open for hackers to exploit.
To prevent this, implement the use of strong passwords for all accounts in and out of the office. This policy requires to use of complex words or numerals to create unique passwords that will be difficult to guess. Strong passwords should
- Have a minimum of 12 characters
- Include a mix of lower and upper case letters, symbols, numbers, and other special characters.
- Not contain a name or account mailbox
- Meet the required minimum length.
It’s also important to set up a policy where employees are required to regularly change their passwords, at least every 90 days, to prevent hackers from using a password that they may have obtained in the past.
2. Use Two-Factor or Multi-Factor Authentication
It is important to note that while these types of authentication methods are similar, two-factor authentication (2FA) and multi-factor authentication (MFA) is not exactly the same thing.
Two-factor authentication is a security measure that requires the use of two methods of identification to verify the identity of the user before granting access to the account. This verification type typically involves the password and a security token or code sent to the mobile phone or email address of the user. Once verified, the user gets access to the account.
On the other hand, multi-factor authentication is a security measure that goes beyond what two-factor authentication provides. This verification method requires two or more types of information to verify the user’s identity. This verification type requires the user to provide a password, a security token or code, and biometric data like fingerprint or facial recognition. This adds an extra layer of security, making it harder for cybercriminals to gain access to your email account.
The 2FA and MFA are effective forms of security. Many email providers offer 2FA and MFA as standard features, and it is easy to set up. As a result, encourage all your employees to use one of the types of authentication methods to protect their email accounts.
3. Train Employees on Cybersecurity Best Practices
It is common knowledge that in terms of a company’s cybersecurity, the employees are often the weakest link. Because many BEC attacks involve social engineering, psychological manipulations such as authority, urgency, trust, familiarity, fear, and deception are used to trick employees into sharing sensitive information or transferring funds.
To prevent this, it is important to train your employees on various best practices involving cybersecurity. They should be explicitly trained on how to recognize a phishing email, know what a legitimate email from a legitimate source looks like, create strong passwords, and use 2FA or MFA authentication. They should immediately report any case of suspicious emails or activity to the IT department.
4. Verify Requests for Money Transfers or Sensitive Information
Implement a policy where all requests for money transfers or sensitive information are verified by two or three reliable persons, such as a supervisor, finance manager, or the IT department. The policy should also include calling the person directly or using a pre-agreed form of verification to confirm the identity of the person making the request.
5. Limit Access to Sensitive Information
Another way to protect your company from BEC scams is to limit access to sensitive information. This means, only important heads in the company or employees who need it to carry out their job should have access to various sensitive information.
6. Monitor Your Email Accounts for Suspicious Activity
Ensure all activities carried out on the email accounts are monitored for suspicious activities. This can include changes to email settings, unusual login activity, logins from unfamiliar devices or locations, and more. So many email providers offer security features that can alert the user of suspicious activities going on in their email. As a result, it is important to take advantage of these features.
Implement Security Measures to Protect against BEC
B-Comp Services can help your business implement adequate security measures to protect against business email compromise and other forms of cyber-attacks. Contact us to learn more.
