Picture this: You start your workday and the moment you get logged into your system, the first thing you check, as per usual, is your inbox. You then reply to all your emails and get them out of the way before you start tackling your tasks for the day. If this is your routine, then you might have just compromised your business unknowingly. Your trusted cybersecurity service company advises to always verify your emails!
Responding to emails as quickly as you can often makes you neglect thinking about its details. Have you ever checked if the email address under your supplier’s name is correct? Or is there a spelling change in the account information they sent your way? You wondered why your HR would ask for your contact details when they should have it in your files already, but you send it again, anyway?
Cybersecurity service company recommends to always pay attention to the details of the sender and overall tone of the email. Regardless if the email was asking for your information or your business details. Even if it is a request to settle an invoice. Responding otherwise would make you a victim of a Business Email Compromise (BEC) attack.
In BEC, cyber attackers get hold of your business or a senior officer’s email. They then use this to spoof employees, customers, partners or even suppliers to provide company data or money. By impersonating someone in authority, they abuse the position of trust to make things go their way. We typically see this in movies with large scale crime themes. The reality, however, is much sadder.
Unlike in the movies, cybersecurity service company warns, real life scammers do not just target large corporations. They also target small and medium-sized businesses. This leads to millions of dollars lost annually. What is worse, is that these scammers evolve and are using techniques that are becoming harder to identify.
Although there is no perfect system of protection from BEC, we have identified safe practices that you can follow to minimize risk. Here are some:
Knowing what BEC is and how it works is already a leap towards lessening your risk of being a BEC attack victim. Mobilize your employees into being the first defense against BEC. Training them to be vigilant against emails requesting additional data and suspicious “urgent” invoices are vital. They must also be made aware of the importance of practicing using secure sharing options, strong passwords and MFA or multi-factor authentication.
BEC’s are not detected by basic protections against spam and viruses. This is simply because they are neither of those. Advance email security solutions that use artificial intelligence and machine learning are best in protecting your business in real-time. You can implore help from cybersecurity providers who can add features like domain-based message authentication, reporting, and conformance (DMARC), sender policy framework (SPF), and DomainKeys Identified Mail (DKIM) to your current system.
This is particularly important, especially for sharing confidential information, invoice payments and fund transfers. Make sure your business has a protocol to follow that verifies authenticity of accounts. You can set up a phone call, video, or face-to-face meeting. Do not trust email alone for these transactions.
Monitoring email traffic and watching out for anomalies and unusual patterns are also a great way to detect attacks. Things like unrecognized senders, foreign login locations as well as changes in the email settings like forwarding rules are red flags. Have procedures on what to do once these are identified.
Make sure your tools are running on updated software. This includes your operating systems, email software as well as other applications. These updated versions usually include security patches that address threats.