Business email compromise – huge damages, easy solution
Business Email Compromise (BEC) can cause hundreds of thousands of dollars in damages to companies of all shapes and sizes. BEC is so profitable that hackers continue to use this attack method in ever greater numbers. CyberHoot produced this infographic before the FBI’s latest study nearly doubled the impact of BEC. Last year, the FBI reported that BEC cost businesses $26 billion worldwide, while a recent update nearly doubled those astronomical numbers. to 43 billion dollars a year!
CyberHoot finds these numbers shocking, sobering and a tragedy when 99.9% of email compromises can be prevented (Microsoft Infographic) with MFA enabled. Something simple and free can reduce a $43 billion industry to a $4.3 million problem ($43 billion * 0.0001 = $4.3 million). The solution is free, so what are you waiting for? Enable multi-factor authentication on all your critical accounts (not just email) today.
Also consider subscribing to CyberHoot to learn about and implement the cybersecurity best practices listed below.
CyberHoot Best Practices:
- Train your employees on the common attacks out there. From weak passwords and password managers, to the importance of multi-factor authentication and how to spot phishing attacks. Awareness is the key to protecting your business.
- Control your employees with a cybersecurity policy, including acceptable use, password, information handling, and a written information security policy.
- Establish cybersecurity best practice processes, such as the Vulnerability Alert Management Process (VAMP) and the Cybersecurity Incident Management Process (CIMP) to guide and require emergency action. Then move on to the onboarding and offboarding processes, SaaS management processes and third party risk management.
- Create strong technical defenses including: firewall, anti-virus, anti-malware, anti-spam, multi-factor authentication on all critical accounts, enable full disk encryption, manage keys carefully, and most importantly, adopt, train and require all employees to use the manager Passwords.
- Test employees on how to spot and avoid phishing attacks. CyberHoot has released a disruptive method of Phish Testing to fill your employees’ knowledge gaps without punishing them for failure. Instead we reward them for success. More information is available here.
- Back up your data by following our 3-2-1 backup methodology to ensure you can recover your business from a cyber security incident.
- In the modern age of working from home, make sure you manage personal devices that connect to your network by verifying their security (patching, antivirus, DNS protections) or completely banning their use.
- If you haven’t had a third-party risk assessment done in the last two years, you should do it now. Establishing a risk management framework in your organization is critical to addressing your most difficult risks in your final time and money.
- Buy cyber insurance to protect you in the event of a catastrophic failure. Cyber insurance is no different than car, fire, flood or life insurance. It’s there when you need it most.
CyberHoot believes that for many SMBs and MSPs, you can greatly improve your defenses and the chances of not becoming another victim of a cyber attack if you follow the advice above.
