Blog

Why It’s Important Your Organization Avoids BEC

Why It’s Important Your Organization Avoids BEC

Sometimes the worst scams out there are the simplest ones. Hackers don’t need a fancy or complicated malware or algorithm to create chaos for your organization; all they have to do is convince you that the email you’ve received in your inbox is from someone of authority within your business. Let’s go over how a business email compromise is pulled off and why you need to be wary of threats like these.

What is Business Email Compromise?

Unlike other threats out there, business email compromise, or BEC for short, does not require incredible technical skills to pull off, making it a dangerous prospect indeed. BEC is when a hacker or scammer convinces the user that they are someone within the organization—usually an authority figure or executive—and asks them to transfer funds for a variety of reasons. You wouldn’t believe it, but this kind of request actually works.

After all, nobody likes to turn down a request for help from the boss, right?

According to the FBI, BEC has cost businesses upwards of $43 billion, and this number is growing larger by the day. Furthermore, companies in at least 177 countries have been reported.

How Does BEC Work?

Really, all it takes is for a hacker to do a little bit of research into the organization, determine who they can feasibly impersonate through email, spoof that email account, and contact employees within the organization using that spoofed email address. These types of social engineering attacks are uncomplicated and can pay off in spades if the hacker can manage to pull them off.

Other types of BEC are more dangerous and difficult but are equally lucrative, if not more so. Hackers can break into the actual email account of the executive or employee and keep watch over their inbox to look for legitimate purchases that need to be fulfilled. This combination makes for a dangerous and convincing request, and an eager employee might not think twice before fulfilling the hacker’s request.

What Can You Do About It?

We always like to recommend that you implement the best and brightest email security solutions out there, as well as multi-factor authentication to ensure that anyone who logs into your business-critical applications is who they say they are. Ultimately, however, who falls for business email compromise attacks will largely depend on how well you have trained your staff to identify and respond to these types of attacks. Security training should not be a one-and-done deal; you need to provide comprehensive training during the onboarding process while also providing periodic refreshers to keep security at the top of your team’s mind.

White Mountain IT Services can equip your business with the comprehensive security tools to keep themselves safe, as well as the training needed to identify these types of hacks before they accidentally allow a hacker to make off with your business' hard-earned capital. To learn more about what we can do for your business, reach out to us at 603-889-0800.

Related Posts

So much goes into proper network security that it can be daunting to know where to start. Thankfully, there are plenty of great ways you can, and probably currently are, protecting your business, even if it’s on a basic level. You can consider this a...
Phishing attacks have consistently been prominent in cybercrime throughout the past few years, not only due to their efficacy but also because there are so many avenues wherein phishing can be attempted. The first that comes to mind is email, of cour...
Email remains a cornerstone in business communications, often containing sensitive information and other data that really needs to be protected. Fortunately, modern email platforms often enable you to add a little bit of protection, so long as you kn...
Regardless of your industry, there are going to be certain regulatory standards that you will be responsible for upholding. Many of these standards will be related in some way to your cybersecurity. Let’s talk about some of these cybersecurity standa...
Last week, we went over why your business’ cybersecurity processes need to involve training. This time around, we wanted to focus on the other side of things, and delve into the essential network protections that no modern business should be operatin...
The blockchain has been a hot topic in the past few years, if only tangentially. With all the buzz around cryptocurrencies, it can be easy to forget about the underlying technology that powers it and its other applications. Let’s pivot to these other...
The modern threat landscape is vast and unpredictable, and even if you think you know enough about cybersecurity to protect your business, we bet that you don’t. It’s not even just in the business world, either; individuals also struggle against cybe...
It hasn’t been very long since T-Mobile experienced its latest major hack, but unfortunately, here we are again. Hackers have again accessed customer data, with 37 million customers being affected amongst both their prepaid and subscription-based acc...
For a long time, businesses that didn’t have any cybersecurity problems would never consider investing in additional cybersecurity tools. The decision-makers of these companies simply didn’t find it necessary; and many of them had a point (until they...
Simple passwords are often the bane of a business’ existence. If you routinely use strings like Password, 123456, Guest,  or Qwerty to secure an account, then you need to reexamine your password practices before they lead to a data breach. A goo...
While many small businesses shrug off cybersecurity needs as too expensive an investment for an organization of their size, this is a potentially catastrophic mistake. The fact of the matter is that small businesses are regularly targeted by cyberatt...
One of the big advantages that Mac computers have had over the traditional PC is that they “don’t get viruses,” but how true is this claim, really? Research conducted by Elastic Security Labs proves that this is certainly not the case, discrediting t...

Onsite Service Coverage Area

Although we provide remote services and support to businesses in over 20 states, onsite services are limited to within reasonable driving distance from our offices in NH.  We will manage a local vendor for locations outside of our service area to provide onsite assistance when needed.

 

Onsite Computer Support Services are available to businesses within 60 miles of Nashua New Hampshire. We have excellent onsite coverage from Concord NH, south through Manchester NH, and then down into Boston. From Northern and Central Mass, we cover from Worcester, east to the North Shore, including the Salem NH and Portsmouth NH area.

White Mountain IT Services

 


33 Main St, Suite 302
Nashua, NH 03064

 


121 Riverfront Drive
Manchester, NH 03102

 

Client Help Desk      603-889-2210

New Client Inquiries   603-889-0800

Open Positions