We always make sure you get the latest updates from SA1 Solutions

Business email compromise

Discover more below or call us on 01792 439087

Business email compromise: what it is and how to combat it

"Criminals are continuously improving their tactics to exploit their victims, making BEC a substantial concern for organisations across the board."

In our last blog, we discussed the best ways to protect your organisation from email threats. We also mentioned the risk posed by phishing emails. In this blog, we will expand on this further by explaining the problem of business email compromise (BEC) and the best ways to manage such a threat.

What is business email compromise (BEC)?

BEC is a type of phishing attack. A cyber criminal pretends to be senior personnel and tries to persuade an employee or other business associate to send funds or sensitive data to the phisher. The operation is much like ‘social engineering fraud’.

BEC does not just impact large organisations – businesses of all sizes and in all sectors can be a victim of this type of phishing attack. It is one of the most rapidly growing, cheapest and highest return cyber threats. Criminals are continuously improving their tactics to exploit their victims, making BEC a substantial concern for organisations across the board. It only takes one successful impersonation for a company to lose millions and ruin its reputation.

How can we combat BEC?

Multi-factor authentication

A cyber criminal must first be able to phish an executive to gain access to or imitate their email account. Using a multi-factor authentication approach to confirm a user’s claimed identity won’t make it easy for a cyber criminal to gain access to an email account and inbox and therefore, more difficult to implement a BEC attack.

Clear communications and awareness

One of the main issues with BEC is that a criminal is impersonating an executive. Therefore, if an employee needs permission from an executive to make a transaction and they think they are in genuine communication with that executive, major problems can occur. A clear and robust communications policy must be implemented for all those involved in the organisation to avoid this happening, particularly those in the finance department who are more involved with financial transactions.

A step-by-step approach that can become second nature thorough training is often useful and helps to build awareness. However, avoid a policy that will intimidate employees – it would be counterproductive if staff members are too afraid to raise a concern.

Keep up-to-date

It’s all very well having initial training and implementing a policy, but are the procedures outlined actually being followed? Having refresher training sessions can help staff and management to form discussions around BEC threats that have occurred within the organisation and how they were dealt with. It also allows staff to ask any questions they may have about the procedures and provides an opportunity to reassure them on how best to follow them. Refresher sessions help maintain awareness of the issue of BEC and keeps staff on guard. A rewards policy could also be implemented to benefit staff, which in turn can encourage secure practices in a positive way.

Do you need help with keeping your business safe from cyber threats? Call us on 01792 439087 for more information on how to protect your business.

More blogs

"SA1 Solutions have been extremely efficient with getting the new warehouse’s communications set-up to facilitate the transition to the new site and the consolidation of our operations in Swansea. Centralising our operations and having a site with the capacity for growth will not only increase jobs in the area, but streamline the business as a whole for better productivity and efficiency throughout the business. Having a reliable and responsive communications system and team in place is essential to this."

Matthew Harvey
Group Finance Director at Dr Organic
CCNSP Cyberoam Certified Network & Security Professional
CompTIA Accredit UK Trustmark plus Solutions & Support
CompTIA IT business Trustmark
Fuse Mail
Microsoft Partner Silver
Dell Partner Direct Premier