Business email compromise (BEC), an international fraud scheme, is seemingly forever on the rise and no company is safe from attack. It’s therefore essential that your organization has good methods and practices in place to prevent a breach. But how do you do it, especially with large employee pools and multiple locations around the world? In this article, we’ll examine BEC prevention strategies that work for all types and sizes of organizations.
What Is Business Email Compromise?
BEC is essentially a deception by a rogue agent or entity that works to convince an employee that they too are a member of the organization (usually a CEO or supervisor). They may send an email or use another form of communication to make a request, often a wire transfer. Sometimes they’ll ask for company documents like W-2 forms; other times they’ll pose as a third-party vendor requesting a payment. In manners such as these, thieves have stolen upwards of $5 billion from businesses all over the world.
The recipient of the communication, believing it to be legitimate, complies. The results can be devastating: monetary losses, data breaches, reputation damage and more. These ruses are often so clever they bypass normal spam filters: the sender’s listed domain could look legitimate, the message contain no trigger words and have no malware attachments or telltale grammatical errors. Often times, they target specific employees within organizations and use details that make their schemes more convincing. That’s why the human error factor is even higher with BEC.
Implementing BEC Prevention Strategies at Your Organization
Here are a few practical tips to help you prevent BEC attacks:
- Develop BEC policy. Written documentation of best practices and procedures to follow with email, social media, passwords and more should be created. It should be widely distributed, not only via email (Read more...)
*** This is a Security Bloggers Network syndicated blog from InfoSec Resources authored by Stephen Moramarco. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/0RBaU03IAco/