What is a BEC attack?

BEC stands for business email compromise. Cybercriminals send emails to your business email impersonating your supervisors, CEO or anyone in high management. Using this tactic makes the emails look legitimate as it is sent from a person with high authority in the company. Cybercriminals use this technique to gain an employees information, pay slips or tax forms. Typically, they ask employees to wire payment for goods or services through to bank accounts.

How can we prevent BEC attacks?

As with all cyber-attacks, nothing is bullet proof, but we can take steps to prevent them and reduce the consequences. Below are eight tips you can implement in your business to better protect you from BEC attacks.

1. Educate your employees.

Educating and making your employees aware of BEC attacks is a great first step to protecting your company and employees. By educating your employees what to look out for and how to prevent these attacks, your employees can protect your business and data.

2. Create company email accounts using the company domain name.

This is a safer way for employees to communicate with each other, rather than using free web-based email accounts. This also helps employees identify emails from within the company and be cautious of variations that may be a potential cybercriminal.

3. Enable multifactor authentication for business email accounts.

This will ensure that the user is who they say they are. If not, the real user will be notified by either a SMS or email (to a different email address). This is very simple to set up, and can help you to identify if someone is trying to get into your system.

4. Don’t open any email from unknown addresses.

If an email looks suspicious, it’s wise not to open it. This email could contain hidden malicious ransomware that could infect your device. This ransomware could work in the background without you even knowing!

5. Double check the senders email address.

These emails look like they have been sent from someone with high authority in your company. The cybercriminal tries to make the email look as legitimate as possible, so typically the full name is used. When you click on the name to see the address, the email address is made of jumbled letters.

A good practice to get into is to forward emails instead of replying. This will force you to enter the correct email address manually, not reply to the cybercriminal!

6. Don’t overshare online

Yes we all love to post photos online, but we don’t need to share every second of it. As they say, what goes on the internet stays on the internet forever. Cybercriminals can use your posts to find personal information about you.

7. Know the habits of your company

Does your CEO usually ask you to purchase a large amount of gift cards? Do they usually ask you to do a job for them ‘right now’ via email? If an email seems unusual, you’re probably right to question it.

8. Keep software patches updated

Keeping your software up to date and installing the latest patches will reduce vulnerabilities in your system.

BEC attacks can be costly to employee’s personal information and for businesses. Being aware of what to look out for and putting in place precautions can really help protect everyone’s data. In the long term, this can also save businesses financial loss, data loss and its reputation. We hope you take on board and implement our top eight tips to prevent BEC attacks in your company.

At IP Partners, we conduct IT Audits to ensure that all systems and networks are secure. Contact our team to discuss how we can help protect your business and employees on (08) 7200 6080 or emailing sales@ippartners.com.au