Spear phishing attacks, including business email compromise and brand impersonation, are on the rise - these are particularly dangerous because they are designed to get around traditional email security like spam filters.
We have outlined 7 important actions you can take to protect yourself and your company from business email compromise.
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
7 top tips to protect your business from BEC [infographic] By Stellarise
1. top tips to protect your
organisation from
Business Email Compromise
£ 260k
£ 520k
£ 700k
£ 960k £ 960k £ 960k
£ 1.31
million
£ 1.52
million
£ 1.57
million
MalwareBotnets Ransomware Stolen
devices
Phishing Malicious
code
Malicious
insiders
DoS
attacks
Web-based
attacks
Over the last five years the
average cost of cyber crime
for UK organisations has
risen by 62%
The UK’s 5.4 million
small businesses are
collectively attacked
more than
times a year
million
£25,700
is the average cost of cyber crime to small
UK-based businesses in 2017 in direct costs
(i.e. ransoms paid and hardware replaced)
before indirect costs like reputational
damage and the impact of losing customers
are identified
52%of UK small businesses have no
cyber security strategy in place, yet
more than 2,000 cybercrimes were
reported by businesses in 2018
affecting thousands of customers
What is Business
Email Compromise?
Business Email Compromise is where a cyber attacker gains access to a
corporate email account - usually by copying or ‘spoofing’ the owner’s identity.
On the basis that the emails they receive look genuine, employees and
customers can be defrauded by an action encouraged by a fraudulent email –
usually involving the transfer of money to the attacker’s account.
Businesses can also be hit by phishing attacks – where scammers send fake
emails asking for sensitive information. They might try to trick the recipient
into revealing bank details or sending money. Scammers have moved on from
the clearly fake African prince asking for your help in unlocking his ‘fortune’
and business email fraud is now way more sophisticated, convincing and
difficult to spot.
And to make matters worse, many email compromises aren’t spotted until
some time has elapsed – leaving the hacker free reign to work undetected
within a victim’s email system.
Forbes put BEC (Business
Email Compromise) and
phishing attacks as their top
cyber security trend for
2019
BEC attacks were up by 297%across 2018
What can you do about it?
Better employee awareness and training – build a ‘think cyber security’ culture.
Train people to look for signs of suspicious activity. Look out for poorly written
emails, those sent from a mobile, using wrong signature lines, etc.
Put in place a process that doesn’t rely on email to verify unusual financial or
sensitive data requests – by standard non-email channels. You can even call
colleagues to check using the phone – remember how we used to talk to each
other?
Introduce 2 Factor Authentication. This is an extra layer of security that
requires not only a password and username but also something that the user has on
them. A common example is a text message containing an additional password. Due
to the increasing number of incidents we are seeing across all clients, our advice
would be that you should introduce this as mandatory across all of your staff, whilst
understanding that there might be some downsides and inconveniences of
implementing this. It can be irritating always having to cross check, but we consider
this a small price to pay for safeguarding your private information.
Introduce password managers – and a good password policy. A password
manager like 1Password can help to ensure your staff don’t use the same
password more than once and so help ensure that an account that is breached
is not used to access other un-related accounts.
Stop using lazy passwords! Believe it or not, the most hacked passwords seem to be
the same each year such as ‘StarWars’, ‘1234’ or ‘QWERTY’. Passwords that are actually
password phrases are even harder to crack, especially combined with numbers:
“20peterandjanewenttothecinema19” etc.
Spoof phishing attack training. We partner with a security specialist called
KnowBe4 and a number of our clients have taken up this service which allows
us to setup spoof phishing attacks on staff so that we can spot who is most
likely to be susceptible and provide mandatory training for staff to help them
to identify the threats.
Ensure DMARC, DKIM and SPF are all defined for your email domain. DMARC,
which stands for Domain-based Message Authentication, Reporting & Conformance,
is a standard that helps email users ensure that the messages they receive are from a
recognised source. Read more in our blog “Improve your email safety with DMARC”.
These cybersecurity practices are essential, but they can be fairly difficult to implement and
Stellarise is here to help. As one of the UK’s leading managed services providers, we provide
state-of-the-art security systems and comprehensive security training for our clients.
A combination of better awareness, common sense and workplace training is a
good place to start, such as:
SOURCES:
“The cost of a cyber attack”, 2018, IT Governance
https://www.itgovernance.co.uk/blog/the-cost-of-a-cyber-attack
“UK Small businesses targeted with 65,000 attempted cyber attacks per day”, 2018, Hiscox
https://www.hiscoxgroup.com/news/press-releases/2018/18-10-18
“SMBs could be the key to stopping UK data breaches”, 2019, TechRadar
https://www.techradar.com/uk/news/smbs-could-be-the-key-to-stopping-uk-data-breaches
“Five Cybersecurity trends to watch for in 2019”, 2019, Forbes
https://www.forbes.com/sites/forbestechcoucil/2019/02/07/five-cybersecurity-trends-to-watch-for-in-2019/
Graphics by Fullvector, Freepik
https://www.freepik.com/fullvector
Based in London and Budapest, Stellarise have extensive experience addressing cyber
security and risk-related issues in a variety of industries. With a comprehensive stack
of smart and innovative technology, we work with our clients to develop and maintain
effective and efficient cyber security solutions that support businesses across the UK.
From strategy to implementation, we are ready to help you - get in touch to discuss the
threats and issues affecting your business.
https://stellarise.com/
020 3137 3550
hello@stellarise.com
54 Maltings Place
169 Tower Bridge Road
London
SE1 3LJ
Kálvin tér
II. floor 8/b
1053
Budapest
The cost for the UK organisations to resolve a cyber attack per type in 2017
AboutStellarise
Contact
Strategic partners for IT and growth