4 Ways to Avoid Business Email Compromise (BEC)
Learn ways you can mitigate Business Email Compromise (BEC) in your business
- Be careful with what information you share online or on social media. By openly sharing things like pet names, schools you attended, links to family members, and your birthday, you can give a scammer all the information they need to guess your password or answer your security questions.
Be careful what you post to business networking sites like LinkedIn and your company website, especially information about who has which specific job duties.
- Alerts for employees and customers regarding phishing scams targeting specific organizations or interest groups.
- General information on phishing tactics posted to an organization web site or emails.
- Establish an employee testing program with phishing and BEC attempts that appear to come from your senior leaders and trusted business partners.
- Set up two-factor (TFA) or multi-factor authentication (MFA) on any account that allows it, and never disable it. TFA/MFA aims to protect users if authentication credentials have been captured. The nature of changing tokens limits the attacker's ability to leverage captured credentials.
- Avoid free web-based e-mail accounts. Establish a company domain name and use it to create formal e-mail addresses for your employees.
- Label external emails to help prevent the impersonation of employees.
- Ensure emails originating from outside the organization are automatically marked before received.
- Prohibit automatic forwarding of emails to external addresses. Detect email inbox forwarding rules that send all or selected emails to an external email address.
To learn about more mitigations to help protect your business against Business Email Compromise, read the full article here.