Business Email Compromise (BEC) is a growing threat where criminals gain access to a work email account to deceive individuals into transferring money or stealing sensitive data. These attacks often target senior staff or those who can authorise financial transactions, making them particularly dangerous.
Unfortunately, BEC attacks are on the rise. A recent government report on cyber attacks revealed that in 2023, 84% of businesses and 83% of charities experienced a phishing attack within the past year.
However, there’s good news. The National Cyber Security Centre (NCSC) has published new guidance specifically aimed at helping smaller organisations, which may lack the resources or expertise to fully implement the existing guidance on phishing attacks. This new guidance offers practical steps to reduce the likelihood of falling victim to a BEC attack.
You can read the full blog here
Key Strategies to Protect Against BEC Attacks:
Reduce Your Digital Footprint
Minimising the amount of personal and company information available online can make it harder for criminals to find and use this information in their attacks. Regularly review what information about your organisation is publicly accessible and remove anything unnecessary
Educate Your Staff on BEC
Help your staff to detect phishing emails by providing regular training sessions and resources. Make sure they know the common signs of phishing attempts and understand the importance of verifying the authenticity of emails before taking any action.
Apply the Principle of ‘Least Privilege’
Ensure that employees only have access to the information and systems they need to perform their jobs. This minimises the potential damage if an account is compromised.
Implement 2-Step Verification
Adding an extra layer of security through two-step verification can significantly reduce the risk of unauthorised access to your email accounts. This means even if a password is compromised, an additional verification step is required to gain access.
Steps to Take If Your Email Is Compromised
If you suspect your email account has been compromised or if you’ve been tricked into making a fraudulent payment, it’s crucial to act quickly.
Preparing for the Inevitable
While implementing these steps will reduce the likelihood of BEC attacks, no organisation is completely impervious to all cyber threats. It’s important to plan for potential compromises and practice responding to attacks.
As cyber threats grow in sophistication, traditional methods of protection—such as static firewalls or signature-based antivirus tools—struggle to keep up. Enter machine learning (ML),
In recent years, artificial intelligence (AI) has rapidly advanced, and its influence is becoming more pronounced in the field of cybersecurity. While AI offers
In today’s increasingly digital world, cybersecurity threats are a constant concern for businesses of all sizes. With cyberattacks becoming more sophisticated and frequent, the
In the ever-evolving world of technology, businesses must stay ahead to remain competitive. With 2024 bringing unprecedented advancements in IT and growing demands
In November 2024, cybersecurity experts uncovered a sophisticated attack method known as “SEO poisoning,” where cybercriminals manipulate search engine results to distribute malware. A
In today’s increasingly connected world, the security of your wireless network is more crucial than ever. As a reseller of WatchGuard products, 4th Platform
Since 2020, working from home (WFH) has become commonplace. In the wake of the COVID-19 pandemic, almost every company had to switch their traditionally
In the digital age, establishing a strong online presence is more critical than ever. One of the key components in achieving this is a
In today’s digital age, the healthcare sector faces increasing threats from cyber attacks. The UK healthcare system, known for its comprehensive and inclusive nature,
According to councillors, Cheshire East Council should prepare for cyber-attacks by playing out scenarios. Why has Cheshire East Council acted this way? This is
