Reduce the risk of business email compromise
It’s not just phishing emails that employees can fall prey to. Business email compromise (BEC) is another common way that cybercriminals attempt to steal your organization’s assets. These criminals target specific employees who have access to company funds or data.
If the employee falls victim, it could lead to a data breach, the introduction of malware and ransomware and/or the loss of company funds. But there are ways to help guard against BEC attacks.
Next steps
- Educate employees on common BEC attacks: Common attacks include vendor payment change requests, wire transfer requests, W-2 scams and gift card scams.
- Verify, verify, verify: Make sure employees verify instructions for payments and requests for sensitive information by a second means, other than email. This can take the form of directly calling the employee or vendor who supposedly made the request.
- Use MFA and strong passwords: Try to block BEC from the start by enabling multi-factor authentication and using strong passwords to stop cybercriminals from gaining access to an employee email account.
SOURCE: WIPFLI