By Tunbosun Oladoyinbo
IN recent years, the world has seen an increase in cybercrime, and one of the most significant threats that businesses face is business email compromise (BEC). BEC is a type of cyberattack that involves criminals using email as a means to steal money or sensitive information from a company. It is a sophisticated type of scam that can result in significant financial losses, and it is essential for businesses to take measures to prevent it. BEC attacks involve a criminal impersonating a high-ranking member of an organization, such as the CEO or CFO, and using that authority to instruct employees to transfer money or sensitive information to a fraudulent account. The emails are typically convincing and appear to be genuine, often using a similar email address and company branding. The criminals behind BEC attacks use a variety of methods to gain access to a company’s email systems. They may use phishing emails or other forms of social engineering to trick employees into revealing login credentials or other sensitive information. They may also use malware to gain access to a company’s email system.
Once the criminals have access to a company’s email system, they will typically spend time studying the company’s email traffic, looking for opportunities to strike. They will often wait until a high-value transaction is taking place, such as a large invoice or a significant transfer of funds, before making their move. To prevent BEC attacks, businesses need to take a comprehensive approach that includes both technological and procedural measures. Here are some best practices that businesses can follow to prevent BEC attacks:
Educate employees: One of the most important things that businesses can do to prevent BEC’s is to educate their employees. Employees need to be aware of the risks of BEC attacks and how to recognise them. Training should include information on how to spot phishing emails and other social engineering techniques used by cybercriminals.
Implement multi-factor authentication: This is an essential security measure that can help prevent unauthorized access to a company’s email systems. By requiring employees to use two or more forms of authentication, such as a password and a one-time code sent to their phone, businesses can significantly reduce the risk of BEC attacks.
Implement strong password policies: These are another important security measure. Passwords should be complex and regularly changed to prevent cybercriminals from gaining access to a company’s email systems.
Verify requests: Employees should be trained to verify any requests for money or sensitive information that come through email. They should be encouraged to pick up the phone and call the sender to confirm the request before taking any action.
Monitor email traffic: Businesses should implement monitoring tools to track email traffic and flag any suspicious activity. This can include setting up alerts for emails that contain certain keywords or phrases, such as “urgent” or “wire transfer.”
In conclusion, BEC’s are a significant threat to businesses, and it is essential for companies to take measures to prevent them. By educating employees, implementing multi-factor authentication and strong password policies, verifying requests, and monitoring email traffic, businesses can significantly reduce the risk of BEC. The cost of implementing these measures is far less than the cost of recovering from a successful BEC attack. It is, therefore, critical for businesses to take BEC attacks seriously and implement these measures to protect themselves from this type of cybercrime.
- Ogundare is a CISA, CAMS, AWS-certified financial expert.
READ ALSO FROM NIGERIAN TRIBUNE
