Small businesses can reduce cybersecurity breach risk with one easy action
Sometimes a cybersecurity measure can be cost-free and easy for every employee to adopt. This action won’t stop all intrusions, but it may help reduce your business’ cybersecurity breach risk. Savvy businesses use multiple cybersecurity measures to reduce attack risks.
A Public Service Announcement (PSA) from the FBI in May, 2017 stated that Business Email Compromise (BEC) attacks greatly increased. During the 2 year period of 2015 and 2016, there was a 2,370% increase. Companies of all sizes have been victims of BECs.
A Business E-mail Compromise (BEC) attack is a sophisticated scam involving wire transfer payments. The scam targets businesses working with foreign suppliers and/or businesses that regularly perform wire transfer payments. In some cases, the BEC attack came after a ransomware attack.
Take this action
Businesses need to protect themselves in multiple ways, including one easy action.
Action: Mandate that your employees do not use “reply” function for any business emails. Instead, they should use the “forward” function and either type in the known recipient’s email (not one included in the original email) or autofill the recipient’s email from the employee email address book. If the employee does not known the recipient’s actual email, they should contact the sender to verify or check a reliable source. (One caution – be careful about forwarding a potentially infected attachment to the correct recipient. “Forward” function includes all attachments.)
Using only known valid email addresses will reduce the risk of sending business information to a cybercriminal. Your staff that deal with money matters should be especially educated on the value of not using “reply” function, to help avoid sending financial information to a potentially fraudulent address.
Even if your business does not make wire transfer payments, implementing this action is good practice to help reduce the risk of business information being sent to a deceitful recipient.
According to the Internet Crime Complaint Center (IC3), over 3,000 businesses reported being a victim of a business email compromise attack between June, 2016 and December, 2016. The amount lost to these businesses was over $346mil. And that is just what was reported. The actual number of victims is probably significantly higher.
The PSA identified five major scenarios that they have seen used frequently:
Business Working with a Foreign Supplier
Business Executive Receiving or Initiating a Request for a Wire Transfer
Business Contacts Receiving Fraudulent Correspondence through Compromised E-mail
Business Executive and Attorney Impersonation
The PSA provides details on the scenarios and it also lists an additional 13 cybersecurity measures small business should take to help safe guard they network.
About the Author - Carolyn Schrader is a seasoned cybersecurity professional and founder of the Cyber Security Group Inc., providing corporate cybersecurity services to high profile clients.