Mark unread: Could your inbox be an open door to your business?
Cyber criminals are exploiting human error in order to infiltrate your business’s inbox — but you can stop them in their tracks.
While you remain hard at work monitoring potential weaknesses, there are other cyber threats that sneak in unseen through the front door: business email compromise (BEC). These scams rely on emails that look like they come from a trusted source, and are aimed directly at your team.
Just one email is all it takes
In 2021, BEC allowed infiltrators to gain access to a San Francisco-based nonprofit organisation using a fraudulent link. This resulted in a month-long breach that saw the organisation lose over $625,000.
Similar to CEO fraud scams, BEC takes advantage of the ‘human element’ in your business to gain access and defraud or exploit. The trick is to make the email seem as real as possible in order to deceive the recipient. Often a tone of urgency is used and a tight deadline is given, which makes it more likely that the recipient of the email will take immediate action — such as making a bank transfer or sharing access to a private database — without checking first.
Why is BEC so effective? Because your team wants to demonstrate that they can be helpful and effective, especially when it’s urgent and matters. In most cases this is a positive attribute but, when it comes to cybersecurity, your team’s willingness to help might lead to a breach.
A compromised inbox is like an open window into your business
The consequences of compromised emails on your business can be devastating. If access is gained, enough information can be gathered — from saved documents, contact lists, archived conversations — to better understand your business. It could also grant access to information about other people, creating the opportunity to impersonate, sending fraudulent emails to your team and even business contacts. By being added to your productivity suite, BEC infiltrators can easily monitor your entire business and gain access to numerous documents and databases.
You don’t have to be a victim
The number one way to protect your business from BEC is to invest in team awareness. By implementing best practices for prevention, detection and response, you can minimise the risk and you catch malicious activity before it costs you.
Teach employees to identify the red flags: It’s important to learn how to recognise the signs of BEC. Determine if an email resembles one of your previous emails, check the sender and subject line, and pay close attention to odd grammar or spelling.
Encourage your team to speak up: Scammers love to take advantage of email miscommunication and a workplace culture that doesn’t allow employees to question emails. Rather than allowing the scammer to exploit this, let your team know it’s okay to question an email — and that you’ll always have time to double-check their concerns.
Implement a multi-level approach to security: While infiltrators will always look for new and innovative ways to exploit human error, they become less of a risk if your organisation is protected. This means adopting security access protocols, enabling the latest antivirus software, and most importantly, ensuring that your valuable data is secured in the cloud using a premium, SSL-encrypted online backup service.
Send BEC straight to junk
Human error remains a common and constant challenge for businesses. But it doesn’t have to, especially when it comes to BEC. By creating open lines of communication with your team, implementing the right security controls and ensuring your sensitive data is kept safe in the cloud, you no longer have to worry about deceptive and compromising emails finding their way into your team’s inbox any time soon.