5 Tips to Thwart Business Email Compromise (BEC) Attacks

There’s been an astounding 84% increase in business email compromise (BEC) attacks, according to the latest NordLocker Email Threat Report, which compared half-yearly statistics. The news should be particularly alarming to organizations that use email services as their main means of internal communication or correspondence with their partners and clients.

“Today, cybercriminals use highly sophisticated strategies to trick their victims into revealing sensitive information, sending money, or even giving access to their employer’s computer systems,” said Oliver Noble, a cybersecurity expert at NordLocker, an encrypted cloud storage service provider. “One of the most dangerous cybersecurity threats to a business is social engineering, which occurs when hackers exploit human psychology to gain benefit. Unfortunately, human error remains the most common reason for cybersecurity breaches.”

A Data Breach is Just an Email Away

For irreparable damage to happen, a business needs just one well-constructed email to be opened and acted on by a vulnerable employee. 

“The overwhelming amount of online communication has been causing many employees to be more distracted and less cautious about which emails they open and which links they click on,”  explained Noble. “Business email compromise (BEC) attacks usually impersonate a trusted colleague or even the head of a company, a partner or a well-known service provider to convince a recipient to engage in actions such as revealing confidential data, paying fake invoices, giving away their login credentials on a bogus webpage or deploying malicious software, such as ransomware, on the victim’s infrastructure.”

To avoid this doomsday scenario, there are five easy-to-follow tips that can help protect your business from falling victim to email attacks.

Five Steps to Mitigate the Risks of BEC

  • Secure your email by training your staff to identify signs of malware, especially when an email contains attachments or links.
  • Use spam filters. In recent years, email platforms have established filtering systems that are advanced in detecting unwanted emails. Even though they are not perfect, spam filters do a good job of screening out suspicious messages.
  • Implement a secure file-sharing process. Despite its vulnerability, email is still the most common means for file sharing. An encrypted cloud solution may be the most secure solution for sharing your sensitive files among colleagues and with third parties.
  • Make sure your employees use strong, unique passwords to connect to your systems. Better yet, start using password managers and multifactor authentication.
  • Adopt zero-trust network access, meaning that every request for access to digital resources by a member of staff should be granted only after their identity has been appropriately verified.
Avatar photo

Oliver Noble

Oliver Noble is a security and encryption specialist at NordLocker, a user-friendly encrypted cloud. He offers a passion for cybersecurity and deep technical knowledge. You can find Oliver sharing his expertise at various security events as well as on the NordLocker blog.

oliver-noble has 1 posts and counting.See all posts by oliver-noble