Published: May 09, 2021 on our newsletter Security Fraud News & Alerts Newsletter.
Staying safe during a pandemic is still very much a challenge to human beings worldwide. For businesses during this uncharted time, the challenge is cybersecurity since attackers have gone into pandemic overdrive. You don’t have to be a cybersecurity expert to see that criminals have exploited the coronavirus by using it as lures for phishing scams, ransomware attacks, and more. A study by Barracuda Networks found almost 51% of companies worldwide have seen an increase in email phishing attacks since working remotely became the norm. Unfortunately, the report also finds that 40% of companies have cut their cybersecurity budget to reduce operating costs during the pandemic. So, as the business world rushes to adapt to remote workforces and customer demand, most security teams and protocols have been stretched too far, too quickly. The end result of it all is a rise in cybercrime, with BEC (business email compromise) attacks leading the charge.
Why BECs? Because They Work
Simple phishing attacks use malware attachments and fake links, but BEC depends on impersonation fraud to work. A study by Mimecast found BEC jumped almost one-third during the first 100 days of coronavirus. The rise in BEC attacks quickly followed the jump in employees working from home, and hackers capitalized on inadequate security protocols for those remote workers. The absence of firewalls and the increase in VPN (virtual private network) issues make remote work and BEC a natural combination. Identity deception is the lure and attackers use it to conjure up emails from company execs requesting large wire transfers. Since the email and funds transfer request are both fake, the only thing real about a BEC scam is the hacker who’s stealing the funds.
As coronavirus continues to uptick, it’s a safe bet that BEC and other cyberattacks will rise to the occasion. There are security steps a business can take to help thwart the success of BEC attacks. And since the Barracuda Network report finds about 50% of companies believe their workforce isn’t properly trained on remote work security risks, there’s some work to be done.
Remote Transfers: Don’t Trust BUT Verify
Always require verification for wire transfers directly with the requestor. Don’t use a return email to do it, but rather confirm it directly via phone call, text, or video chat. Never use contact information provided in the email, but always get it from an official source like a company directory.
Consider setting limits on wire transfer amounts. Should a request exceed the limit, you’ll need identity requirements like those listed above and more. Remember, a company CEO would rather take time to verify a large wire request than have corporate funds stolen.
Ongoing Awareness Training
Since employees are typically the front line against hackers, a cybersmart staff can stop BEC and other attacks in their tracks. Cybersecurity awareness training should be ongoing as attacks can trend and improve over time. Providing ongoing and updated cyber-education for employees results in its own type of firewall. This “human firewall” is made up of a cybersmart staff who knows how to spot a suspicious email and other tricks, wave a red flag, and report it…Done and won!
Keep up to date: Sign up for our Fraud alerts and Updates newsletter
Want to schedule a conversation? Please email us at firstname.lastname@example.org