What is Your Cybersecurity Resolution?
Executives of organizations at all levels should be focusing on and implementing effective CYBERSECURITY changes. One key concept executives could focus on related to their cybersecurity resolution should be related to Business Email Compromise (BEC).
BEC is a form of phishing attack where a cyber-criminal impersonates an executive, and attempts to get an employee, customer, or vendor to transfer funds or sensitive information to the phisher (Wennington, 2016). With global losses from BEC scams set to exceed US $9 BILLION in 2018, it is time to take action and make these changes. (Micro, Trend, 2017).
According to the FBI, there are 5 major kinds of BEC:
- The Bogus Invoice Scheme- Attackers pretend to be the suppliers requesting fund transfers for payments to an account owned by fraudsters.
- CEO Fraud- Attackers pose as the company CEO or another executive and send an email to employees in finance, requesting them to transfer money to the account they control.
- Account Compromise- An executive or employee’s email account is hacked and used to request invoice payments to vendors listed in their email contacts.
- Attorney Impersonation- Attackers pretend to be a lawyer or someone from the law firm supposedly in charge of crucial and confidential matters.
- Data Theft – Employees under HR and bookkeeping are targeted to obtain personally identifiable information (PII) or tax statements (Micro, Trend, 2017).
Steps to take to protect your organization from BEC scams:
- Call the individual who has sent you the request for money transfer
- Implement multi-factor authentication
- Run regular domain name spoof tests
- Ensure that your entire organization has undergone cybersecurity education courses
- Use a secure encryption communication service that follows the NIST framework when sending and receiving information
For more information, please visit www.xahive.com.