What is Business Email Compromise and How Can It Affect Me?

by | Oct 5, 2020 | Cybersecurity

3 min read

Running a small business can be hard on its own, but running a small business in the middle of a pandemic? Even harder. How about running a small business in the middle of a pandemic when cyberattacks are constantly increasing? That could be your biggest struggle yet.

You may not know how to protect yourself from cyberattacks or how to identify one. Cyberattacks come in many forms. Some include phishing emails, ransomware, or data leaks. Oftentimes, cyberattacks gain access through a business email compromise scam.

Business email compromise (BEC) is a type of cybercrime that uses email fraud to attack organizations of all kinds to negatively impact their operations. These emails are often sent by criminals, but they appear to come from a legitimate source. Often these emails pose as a company you communicate with frequently to increase the likelihood that you’ll interact with them. In other cases, the impersonator pretends to be someone within the organization, usually someone high-ranking like a CEO or executive. For the most part, these attacks target specific employee roles within an organization with the goal of stealing money or sensitive information.

Some examples of BEC attacks include invoice scams and phishing attacks. Others can come in the form of spoofing, spearphishing, and malware.

There are steps you can take to protect yourself and your company from BEC attacks. A basic rule of thumb is to be careful with the information you share online because scammers can steal this information to guess your passwords or security questions. Another step you can take is to carefully look over email addresses and URLs to make sure they are spelled correctly. There are other steps you can read about from the FBI to further protect yourself from unwanted attacks.

If your employees don’t know what to look out for, they may be susceptible to these cybercrimes. This is especially hard for small businesses because attacks like these can be very financially damaging. Trend Micro reports that in 2016 the average loss from a BEC attack was $140,000. These attacks can also disrupt work and cause significant downtime that can be very costly to a small business. In this case training your employees on what to look out for and what links not to click may be a good place to start.

In fact, cybersecurity training has proven to be effective at reducing the impact of email scams. According to the 2014 State of Cybersecurity Survey, the average financial loss for companies that had conducted security awareness training was $162,000. Conversely, companies that had no employee training had an average loss of $683,000.

For extra help, small businesses can look to hire a managed service provider (MSP) to protect them from future attacks. An MSP monitors client endpoints, networks, and servers. This allows for firewalls to be set up so malicious emails can be detected and go into the spam folder. Enabling 2FA is another great way to protect your data with an extra layer of security, and your MSP can help guide you through that process.

When working with an MSP you can save money with predictable monthly costs instead of a large expense out of nowhere when something breaks or when your systems become compromised.

An MSP like Machado Consulting can help train employees to be safe, filter email inboxes, and strengthen the overall security of your business.

Categories

Recent Posts

v
Let's Talk

You have questions.
We love to listen.

Customer Support

Need help?
Your help desk is ready.

Plan a Visit

32 Franklin Street, Suite 500
Worcester, MA 01608