Tampa’s Business Email Compromise (BEC) Problem
Did you know that Tampa ranks second in the nation for business email compromise schemes, or BECs? According to the FBI, BECs are the largest form of internet fraud in the country and cost Americans more than $9 billion from 2016 to 2021 alone. These cybercrimes differ from ransomware attacks and are primarily caused by bad actors impersonating C-level executives.
Here’s how these common scams and crimes play out:
A CEO receives an email that looks like it came from the CFO. It includes the CFO’s signature block at the bottom of the email and the CFO’s name identified as the “sender.” The email asks the CEO to transfer $100,000 to a bank account. Thinking this is a valid request from the CFO, the CEO transfers the money. Later, he learns that he has transferred the money into a cybercriminal’s account and is not able to recover the funds.
On average, BECs claim more $100,000 per victim. That’s compared to ransomware, which averages at $500 per victim. These cybercrimes are only growing in scope, making it more important than ever to protect your business from a costly attack.
Here are three ways to protect your business from BEC cybercrimes.
1. Educate and train your team
This form of internet fraud requires the victim to give away sensitive information such as bank account numbers. Therefore, the number-one form of prevention is employee education. Don’t let human error cost you. Make sure that your team knows what to look for when opening an email and can identify bad actors. This will help stop these common scams and crimes in their tracks.
At Atlas, we partner with KnowBe4 to provide employee security training to enhance cybersecurity measures. These bad actors get smarter every day, making ongoing security training an important part of your cybersecurity protocol.
2. Develop an acceptable use policy
In addition to training your employees to identify BECs, businesses should outline standard IT policies in a formal acceptable use policy (AUP). An AUP is a legal document that stipulates rules and restrictions for using company IT networks.
This can include language such as “employees must guard against targeted cybercrimes that request sensitive information.” This document can also include detailed information on what to do when someone requests sensitive information, to provide an added layer of protection.
3. Take a layered approach to cybersecurity
Because human error continues to be the greatest threat to cybersecurity, it’s important to safeguard your organization with layered cybersecurity protection. This should include things like Endpoint Detection and Response (EDR), Advanced Threat Prevention (ATP) and Advanced Threat Detection (ATD) solutions, and Multifactor Authentication (MFA). Each layer of protection reduces your risk of falling victim to these costly cybercrimes.