Stop! And think before you act on that email

How many times a day do you respond to an email without giving it any thought?  

Perhaps it’s a request for information. Perhaps it is requesting payment on an invoice. Mundane stuff. But before you know it, you’ve been the victim of a Business Email Compromise (BEC) attack.

A BEC attack occurs when a cyber criminal gains access to your business email account and uses it to deceive your employees, clients, or partners into sending them money or sensitive information. They do this by impersonating someone senior, and exploiting their position of trust. 

You might think that this is something that only happens to large organisations, but that is not the case.

Small and medium-sized firms, according to the FBI, are just as vulnerable to BEC attacks as larger ones. In reality, over the last several years, these attacks have cost businesses more than $30 billion.

And Microsoft provides more bad news, revealing that they’re becoming both more harmful and more difficult to detect.

So, how can you protect your company from BEC attacks? 

Here’s our advice:

  1. Educate your employees: They are your organisation’s first line of defence against BEC attacks. They must be able to identify phishing emails, questionable requests, and false bills. Train them on cyber security best practices, such as strong passwords, multi-factor authentication, and safe file sharing, on a regular basis.
  2. Use modern email security solutions: Antispam and antivirus technologies are no longer sufficient to prevent BEC attacks. To detect and prevent these attacks in real time, you need more powerful systems that leverage artificial intelligence and machine learning. Look for email security providers who provide domain-based message authentication, reporting, and compliance (DMARC), sender policy framework (SPF), and DomainKeys Identified Mail (DKIM).
  3. Establish transaction verification procedures: Before transmitting payments or sensitive information, set up a verification process that ensures the request’s validity. This could be a phone call, video conference, or in-person meeting. Do not rely just on email to confirm these types of requests.
  4. Examine your email traffic on a regular basis for anomalies and strange patterns. Unknown senders, strange login locations, changes to email settings or forwarding rules, and unexpected emails are all red flags. Have a clear procedure in place for reporting and responding to any suspicious activity.
  5. Keep your software up to date: Always use the most recent version of your operating system, email software, and other software applications. These updates frequently contain critical security patches that address known vulnerabilities.

BEC attacks are growing more widespread and complex, but you can defend your business with the correct awareness, training, and security solutions.

Don’t wait until it’s too late; take action now to protect your business.

If you want to learn more about how to defend your company against cyber attacks, our team is always available to assist you. Get in touch