Business email compromise is the bane of small businesses, phishing scams alone target companies with minimal processes, protocols and protections in place — like those too small to have extensive cybersecurity budgets writes David Wagner for Entrepreneur.com. According to the FBI’s Internet Crime Complaint Center, business email compromise costs more than $675 million in damage in 2017.
Even as some cyber cartels are being taken down, there are more that take their place. Earlier this year, the U.S. House Committee on Small Business warned small businesses that hackers are targeting and attacking them with more sophisticated threats than ever seen before, and are at an increasing rate. Experts believe that hackers will continue to target small businesses at an on-going rate, which is what makes taking your companies cyber security more serious than ever.
In March, a scammer was found guilty for defrauding a Virginia-based trade association out of more than $1 million. Classic business email compromise tactics, such as mimicking the email address of a known travel vendor and asking the trade association to send future payments to a new account number. Obviously, his scheme worked — at least for a time. But the question remained: Why would he target a trade association?
BEC is a sophisticated form of phishing, a cyber scam that tricks users into trusting illegitimate emails. A number of security measures can detect and flag these emails, and most large organizations already have them in place.
Smaller businesses do have a smaller budget to work with, and thus often must go without the protections they need. Smaller business organizations in the Small and Medium size business community are encouraged to take action to increase security measures against email compromise threats. According to First Business Financial Services, 38 percent of victimized companies are SMBs in all industries. This attack method isn’t abating, so taking precautions is your safest bet.
Small Business leaders may know the risks of cyberattacks, but that doesn’t mean that multiplying their cyber security is in the budget. However spending smart means that you can find affordable solutions that protect your business from online threats without breaking the bank. Targeted solutions like implementing a Managed IT team provided by a company like Natural Networks, or using an email firewall from a managed services provider.
Working with experts who you can work with when you need to can help keep your business’ online extremities protected while managing a budget. A managed services provider can provide email security features including the like of Sender policy Framework, Domain Keys Identified Mail, Spam Firewalls, and can even offer reports to help you understand how your business email is being protected each month.
To prioritize business security, it’s recommended you try to focus on the following steps.
Email is one of the biggest security risks to many businesses today because users feel confident and secure in their inboxes. Business email phishing schemes often spoof senders, but implementing authentication standards can protect against this.
Putting into place standards that address emails ender authentication can help protect your company from email spoofing schemes. These types of standards include implementing Security Policy Framework, Domain Keys Identified Mail, and Domain-based Message authentication, which your email provider can usually help you with.
Implementing security policies like the above can be effective, but may be too complex to implement and maintain. Making use of Email providers, and managed services providers like Natural Networks can help you implement, maintain, and stay on top of new security methods at a cost-effective bases. You can also take advantage of technology that may otherwise be out of reach if you were paying outright for it, such as firewalls, and Email Spam filters.
Layered security includes impersonation filtering to identify domains that are one character off from a trusted domain. Also, institute internal email filtering that can block external emails that look like they are from an internal user. Taking a layered approach aids in the identification of multiple techniques used in BEC attacks.
Your user base, and the employees working for you are by and large the last critical line of defense. It is important most of all tom make sure that those your responsible for are familiar with threats, and know what yo look for. Incorporate user education as a way to boost cyber security.
Small Businesses make for a particularly attractive target for cyber criminals, because it is assumed they can afford less secure implementations of security. However by following the tips above, we can see how even small and medium sized businesses can implement strong security methods in a cost-effective manner. If you want to learn more about how to implement stronger security measure for your business, contact us today!