Business Email Compromise- What You Need to Know
The IT Company’s Kyle Kelley spent some time walking us through business email compromise and what you need to know about protecting yourself.
Watch Kyle's Full Interview
You have likely heard of compromised emails, but what exactly is business email compromise? It can be a classified as a large number of things, but in its simplest definition, business email compromise is when someone outside of your organization or an unauthorized person within your organization gains access to an employee’s email, with the intention of doing harm through sending malicious emails out.
The most common way an attacker gains access to an employee’s email is by first gaining pieces of information about the company or employee. Often this happens by an employee clicking on a malicious link and entering their credentials into a fake site. People who use the same password for their business accounts as their personal accounts, become more vulnerable to falling victim. Why? Because if there is a breach on a social media platform or another site, the hacker now has the user’s passwords. If the user has that same password for their work accounts, the hacker has easy access into their business account.
The risks of business email compromise can be extensive and vary from organization to organization. The risks of being compromised correlate to what the hacker has gained access to and the sensitive information they can now see. But in general, the risk of business email compromise is simply that they have access to your email and anything inside of it. Which creates the security concern that whatever sensitive information is tied to your email, is now in the hands of the cybercriminal.
By gaining access to your email, the hacker has the ability to send emails posing as you. Often times they will send an email that appears as it coming from you. The biggest risk is typically financial, with hackers posing as someone internally and sharing malicious links or requesting money.
So how can you protect yourself? Kyle shared several of the most important tools to protecting yourself from business email compromise.
- Be hyper-vigilant about emails. Be aware of emails with links included, verify that they are valid links before clicking on anything or before entering your credentials.
- Always use strong passwords that are unique for your business accounts only.
- Enable multifactor authentication.
- Create a culture where employees feel comfortable being open if they fear they have opened an email or link that could compromise their account.
- Create a policy of second level authorization before any money is transferred. Meaning that if an email is received requesting a money transfer, a phone call with the sender must happen to verify that it is not a scam.
- Start thinking about your security, talk with your IT department, have a plan in place if someone is compromised.
- Any scenario where you believe someone may have been compromised, contact your IT department immediately.
From the perspective as an IT department, we take your concerns of possible business email compromises very seriously. Once we are made aware of the scenario, we take the appropriate steps in protecting you. Immediately working to reduce access of the hacker, we guide you in changing passwords and determine the extent of what they can access.
Microsoft 365 is one of the largest emails platform making it one of the largest targets for business email compromise. Our world is currently living in a very virtual world and there has been a big increase in business email compromise since they pandemic began. Now more than ever it is important to ensure your company’s security is properly setup.
At The IT Company we offer a Microsoft 365 assessment to take a deeper look at your security setup to help you best protect your business. M365 has several built in security features to help detect if there has been a compromise. During our M365 assessment, we look at these security features to ensure you are best protected against business email compromise.