Guest Post: Simple Ways To Prevent Multimillion-Dollar Losses From BEC

An urgent email from the boss likely would make most employees sit up and take notice. This could be an opportunity to step up and deliver results that advance their career, or it could be the chance to explain a major mistake, so the person truly responsible is held accountable. An urgent email from the boss could be about any number of things — but most employees would never think about the possibility that it’s a key step in a well-designed scam that could cost the company millions of dollars.

Many who spend time online are familiar with the concept of “phishing” scams, which entail cybercriminals using legit-looking emails to con people into providing their passwords or other sensitive data. But not nearly enough people are aware that these schemes just as easily can affect businesses. Known as business email compromise (BEC) scams, these crimes work in much the same way as phishing. Through hacking or deception, criminals gain access to corporate email accounts. Posing as high-ranking company officials, these criminals then send out emails seeming to authorize the transfer of money for business purposes. In reality, they’re tricking employees into stealing corporate funds for them, and the losses can be catastrophic. The FBI estimates that over a more than two-year period, more than $960 million was lost due to BEC scams. These scams can strike any size business in any sector at any time. All it takes is a single slip-up by someone in the company to provide the opportunity these fraudsters need.

Although the threat of BEC may come as dire news for your business, there are some simple steps management and IT professionals can take to avoid being victimized by these scams. For example, there should be some form of two-factor authentication required to authorize the transfer of funds. An email requesting the transfer of funds should always be accompanied by another form of verification — whether that’s a verified text message, a PIN or a security question. Regular training for all financial professionals in the company is another important weapon in the fight against these types of cybercrimes. Awareness can ensure that employees are always vigilant against common BEC tricks and tactics.

Although one seemingly minor mistake can be all it takes to expose a company to the risk of a BEC scam, the good news is that this risk can be minimized significantly. Follow the accompanying guide to preventing BEC scams, and any urgent emails that employees get from the boss will be alarming for less costly reasons.

Author bio:

Chris Cronin is a partner, principal consultant and ISO 27001 auditor for HALOCK Security Labs, a leading information security firm in Chicago. Cronin has more than 15 years of experience helping organizations with policy design, security controls, audit, risk assessment and information security management systems within a cohesive risk management process. He is a frequent speaker and presenter at information security conferences and events.




Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: