There's an astounding
84% increase in business email compromise attacks, according to the latest
Email Threat Report, which compares half-yearly statistics. The news should be particularly
alarming to organizations that use email services as their main means of
internal communication or correspondence with their partners and clients.
"Today, cybercriminals
use highly sophisticated strategies to trick their victims into revealing
sensitive information, sending money, or even giving access to their employer's
computer systems," says Oliver Noble, a cybersecurity expert at NordLocker, an encrypted cloud storage service provider. "One of the
most dangerous cyber threats to a business is social engineering, which occurs
when hackers exploit human psychology to gain benefit. Unluckily, human error
remains the most common reason for cybersecurity breaches."
Data
breach is one email apart
For irreparable damage
to happen, a business needs just one well-constructed email to be opened and
acted on by a vulnerable employee.
"The overwhelming amount
of online communication has been causing many employees to be more distracted
and less cautious about which emails they open and which links they click
on," explains Oliver Noble. "Business email compromise attacks usually
impersonate a trusted colleague or even the head of a company, a partner, or a
well-known service provider to convince a recipient to engage in actions such
as revealing confidential data, paying fake invoices, giving away their login
credentials on a bogus webpage, or deploying malicious software, such as
ransomware, on the victim's infrastructure."
To avoid the doomsday
scenario, Noble provides five easy-to-follow tips that can help protect your
business from falling victim to email attacks.
5
steps to mitigate the risks of business email compromise
- Secure
your email by training your staff to identify signs of malware, especially
when an email contains attachments or links.
- Use
spam filters. In recent years, email platforms have established filtering
systems that are advanced in detecting unwanted emails. Even though they
are not perfect, spam filters do a good job of screening out suspicious
messages.
- Implement
a secure file-sharing process. Despite being unsafe, email is still the
most common means for file sharing. An encrypted cloud solution may be the
most secure solution for sharing your sensitive files among colleagues and
with third parties.
- Make
sure your employees use strong, unique passwords to connect to your
systems. Better yet, start using password managers and multi-factor authentication.
- Adopt
zero-trust network access, meaning that every request for access to digital
resources by a member of staff should be granted only after their identity has
been appropriately verified.