Helping Protect Your Business Against Email Compromises

Emails are often the first point of contact for scammers to breach a company’s information security. In fact, attacks via business email compromise are so common today that it is essential to follow best practices to minimize the risks.

We look at some useful housekeeping and cybersecurity defense habits that employees should apply to their daily operations to help avoid email compromise and stay safe, together with available preventative technology.

According to global market research company Statista, roughly 306.4 billion emails were sent and received each day in 2020, and this figure is expected to increase to more than 376.4 billion daily emails by 2025. Around 12.5 million company email boxes and 33,000 finance department credentials are openly accessible on the web, research from digital risk management and threat intelligence firm Digital Shadows has found. The FBI has estimated that scams resulting from business email compromise, such as fake invoices and wire fraud, have cost businesses $12 billion globally over the past five years.

A business email compromise (BEC) uses email fraud to attack companies and organizations in the public and private sectors, usually for financial gain. It can include invoice scams and phishing raids designed to gather data (often login and password details) for subsequent attacks. Furthermore, BEC attacks can result in damaging privacy breaches and access to confidential information and trade secrets.

Businesses should treat email protocol with the same value as any other rules governing physical office security and make all employees aware that protecting company data and assets is crucial for the business to survive. After all, companies would be shocked to learn that an employee had left the office front door open overnight, and employees would know never to do such a thing. For example, companies can insist their employees in the accounts department challenge and independently verify any suspicious or “urgent” payment requests, especially from management or suppliers, before authorizing payment. A simple phone call to confirm the transaction takes no time but can help save valuable resources.

It is worthwhile thinking about adding an alert banner to all incoming company emails to warn employees about the message’s authenticity and urge them to check or proceed with caution. Companies can even set up alerts for suspicious behavior.

It is worthwhile thinking about adding an alert banner to all incoming company emails to warn employees about the message’s authenticity and urge them to check or proceed with caution. Companies can even set up alerts for suspicious behavior.

Keep a lookout for any subtle changes of address on email accounts; they may look the same at a glance, but hackers know this and make small changes to trick users into believing they are dealing with a genuine person. For example, they might migrate to a new platform or change a letter or symbol in the email address. A lower-case “L” and an upper case “i” look identical. Equally, both could be mistaken for the number one “1” and vice versa. A font change can also be a clue that something isn’t right. If users are being encouraged to click on a link, they should make sure it’s not going to take them to a separate site or allow malware to install. Hover over the link with a mouse to reveal its URL and treat the address with suspicion until it is confirmed to be a genuine one.

If hackers trick a user into revealing your email password, they will have full access to the user’s email account. From this position, the hackers can easily mimic the user to trick other employees and customers into making payments to the fraudster’s bank account.

Businesses should encourage open channels of communication with everyone in their company to ensure that they are aware of the risks and encourage best practice. Encourage all users to stay vigilant and confirm any address, letter or symbol changes by telephone.

Getting the appropriate email security features for a company is vital. Companies should ensure that it is installed across the whole of their office network and for those working remotely. If a company nevertheless experience a business email compromise, solutions such as Cyber Lockout® can help prevent malware and ransomware from doing any actual harm, and it comes with a comprehensive cyber insurance policy for that extra peace of mind.

The best email security by far is to turn on multi-factor authentication. With this enabled, if a hacker gains access to an employee’s email login, he/she will not be able to access the email account unless they have access to the employee’s mobile phone as well.

But even the greatest care can sometimes fail to stop an employee from accidentally clicking on a bad link or opening a malware-laced attachment. When this happens, as many businesses are finding out to their cost, it is usually too late to prevent a breach or theft from occurring.

This is where Cyber Lockout can help. Our affordable preventative endpoint protection sits on business computers and mobile devices, and it blocks anything that has not already been authorized from executing when it lands on the company’s computer. Cyber Lockout also includes cyber insurance against the consequences of a successful BEC.

The opinions and statements made herein are intended for general informational purposes only and should not be viewed as a substitute for any legal or other advice on any particular issue or for any particular reason. While the information provided herein has been compiled from sources that are believed to be reliable, no warranty, guarantee or representation, either expressed or implied, is made as to the correctness, sufficiency or adequacy of such information.

Keywords: Email compromise, ransomware

Get a quote Contact us