Blog

The Dangers of Business Email Compromise(BEC)

Written by Waits Sharpe | Feb 15, 2022 10:05:00 AM

Emails are no doubt an essential part of your organization. Meeting with teams, working on projects, and sharing files can be done quickly and easily with a well typed email. While using email is great for communication it can also be your businesses biggest risk. In fact, according to Verizon, 96% of phishing attacks are delivered via email. This is why securing yourself against business email compromise is crucial to protecting your data. Read on to learn about the risk of Business Email compromise (BEC) and how to defend against it.

What is Business Email Compromise?

BEC is a form of email fraud that seeks to gain a foothold into your organization using social engineering and aspects of malware and phishing. Cyber criminals will often impersonate a fellow employee or take control of a legitimate account in order to trick individuals into divulging login credentials or clicking on a false link or attachments. For instance many BEC emails in 2020 used the COVID-19 pandemic to scare individuals into clicking. BEC emails will typically have some sort of urgent request in order to scare you into acting without thinking. If you receive an email with an odd request and urgent wording like "ASAP" then it is probably a trap.

What's The Cost?

Business email compromise can harm your organization in a number of different ways. Financially speaking BEC schemes hit hard. In 2020 alone BEC schemes cost organizations roughly $1.8 billion in 2020. For the small to medium sized businesses a successful attack like this could financially ruin them. What's even worse is that roughly 60% of small businesses will go out of business within 6 months of being hit by a cyber-attack. Not only this but a BEC attack can hurt your reputation and brand as well. Who would want to trust their data with a company they know isn't secure? Additionally, being breached may bring lawsuits or legal ramifications if sensitive data is stolen. Overall, the cost of a BEC scheme is too great to take lightly. You need to take the necessary steps to protect yourself and your domain.

How Do You Protect Yourself?

There are many ways to protect yourself from a BEC or phishing scheme. Many of them are practical and some will involve more work. The easiest thing that you can do right now to protect your inbox is enable MFA on your account. This provides a second layer of protection to your account in case your password is stolen.

Speaking of passwords, making sure that you use unique passwords across all of your applications will aid in protecting your accounts. Avoid using personal passwords are simple ones like "1234". Have a different password for each application that is unique and random. Using a password manager like LastPass can help you keep up with all of your passwords. Remember, your password is your first line of defense.

Setting up email authentication on your email domain can also help prevent scam emails from even hitting your inbox. Using thing like DMARC, SPF, or DKIM can also limit who can send emails using your domain. This means that cyber criminals can't use your email domain to try and trick other people. If you use Google Workspace it is even easier to set up email authentication by using these steps.

Lastly, make sure that all employees are up to date on security awareness training. This helps train users to spot a phishing scheme, what to do if they spot one, or how to avoid them entirely.

By implementing all of these you can drastically increase your security and avoid Business Email Compromise attempts all together. Contact CorpInfoTech if you believe you've already been breached or want more information on how you can secure your business.

CorpInfoTech (Corporate Information Technologies) provides small to mid-market organizations with expert I.T. services including compliance assessment, cybersecurity penetration tests, and comprehensive business continuity planning services. CorpInfoTech can help organizations, quantify, create, refine, and mitigate the risks presented by business threatening disasters in whatever form they may be disguised.