How Important Is BEC Security For Your Company?
How to Stay Safe From BEC Attacks. What Strategy You Should Engage?
Enterprise security is crucial, therefore a compromised email system can seriously damage legitimate business interests. Find out more about how important is BEC security for your company, and what can you do in order to stay safe.
Always be informed
The first step towards a correct BEC security strategy is to always be informed and keep up with all the new ways the criminals might be using against you.
Attackers that usually are posing as attorneys or executives tend to send spoof emails in which they are trying to convince the victims to send them money in support of a business deal, like an acquisition that the victim’s company is undergoing, you’ll notice that these emails feign urgency and demand secrecy from the victim.
Another strategy is the one that uses a fake domain name, the victims receive an email asking them to send money to a specific account, the will originate in this scenario from a domain that looks trustworthy at first glance, but has been slightly altered (e.g., one character in the domain name is different, a letter or a number have been added). These types of attacks are based on the victims’ lack of attention to sender details.
You should be careful with your contact list, another type of scam in electronic communications is impersonating one of the company’s vendors.
Whilst the sender’s domain name is genuine, and the transaction may look legitimate, oftentimes having proper documentation attached, attention must be paid towards the processing details that will direct payment to an account that the scammer controls.
Help your employees understand and protect themselves from BEC attacks
Another extremely important step an organization must take in safeguarding against BEC is to provide employees adequate cybersecurity training.
Employees should be aware of the risks and implications that these attacks hold, as well as how to properly respond to an incident of this sort.
BEC attacks have a high success rate not because they are so technologically sophisticated, but because they are exploiting human vulnerabilities, like a response to authority, schedule, or even tiredness.
You can mitigate these risks using clear communication of roles and expectations whilst providing appropriate guidance in the use of IT and accounting controls.
The culture based on compliance
Even if training is a big step in the right direction, it’s not enough to fend off BEC attacks.
Because scams are constantly evolving and making red flags more difficult to identify, training and compliance need to go hand in hand.
An effective compliance culture supports employees with the protocol they need to follow up with confidence since BEC attacks usually target mid-level personnel who communicate with the executives, attorneys, or vendors purportedly behind a transaction request, authority figures that employees may not be comfortable with personally approaching in order to authenticate the order.
Layer your defense using technical controls
BEC attacks are not necessarily sophisticated from a technical standpoint with most of them originating from spear-phishing or spoofing an internal email account.
BEC attacks could be prevented or detected via IT controls such as application-based multi-factor authentication (MFA) and virtual private networks (VPNs).
Another effective way to fend off BEC attacks is to use encryption in order to authenticate emails and allow users to safely exchange data, using encryption software that can translate the data into code for transmitting over a network, thus making the transmission unintelligible without a ‘public key’ to decrypt the data.
Heimdal™ Email Fraud Prevention
- Deep content scanning for attachments and links;
- Phishing, spear phishing and man-in-the-email attacks;
- Advanced spam filters to protect against sophisticated attacks;
- Fraud prevention system against Business Email Compromise;
Accounting systems and controls optimization and updates
Most corporate financial transactions are nowadays digital and this is leading to an increase in financial crime from cyber fraud.
Organizations should start mapping the existing workflow used for wire transfers and analyze in-depth their processes in order to identify potential weaknesses and enhancement opportunities, for example limiting the amount of money each executive can approve, or using authorization for wire transfers, that also includes a protocol for approvals in the specific cases where senior executives are the initiators of these transactions.