Skip to main content

Business email compromise is as easy as 1-2-3. Don’t let working remotely make it any easier!

By October 19, 2020 October 21st, 2020 Business Insurance

As the number of employees working from home goes up during the pandemic, so does the number of cyber security insurance claims.  While many companies were busy figuring out the new way to operate, immediate business took precedent over security needs and employees may have become a little more lax.  There has been a massive increase in phishing scams.  Google reports that 18 million phishing emails related to COVID-19 were identified daily during one week in April alone.

I attended an extremely valuable and informative Business Email Compromise webinar in August and thought I’d share the Cliffs Notes version with you.

Cyber criminals are very tricky in how they carry out their BEC scams.  You may already know this from firsthand experience.  The majority of claims are from attackers that spoof your email, gain trust and then encourage the recipient to take some sort of action that can be detrimental to your business.  This can range from payroll fund diversion, installing ransomware, accessing W2s or requesting gift cards.

Now is the time to be extra vigilant.  Educate employees, no matter where they’re working, on the top three ways to detect a phishing email:

  • Look for spelling errors

  • Spot suspicious links

  • Examine the sender’s email address

[Jonathan Theders answers questions on cyber security insurance.]

There are four initial response steps that you need to remember if your emails have been compromised:

  1. Contact your financial institution immediately

  2. Gather as much information as possible about the compromise

  3. Inform the FBI with an IC3 form

  4. Notify your liability carrier to submit a cyber liability claim

Take these preventative measures highlighted in the business email compromise webinar–they are especially important while employees are working remotely:

  • Unsubscribe from mailing lists–junk email makes it easier to fall victim to spoofing emails

  • Consider using call screening apps that screen out 60-70% of unknown or threatening numbers

  • Use a password manager–the best password is one you don’t actually know

  • Use multifactor authentication–this is THE most critical preventative step to take!

  • Consider using VPN, which encrypts internet traffic and makes it difficult for criminals to see what you’re doing

  • Add an extra layer of email security with a third-party spam filter

  • Offer employee security awareness training now available through RiskSOURCE Academy or through many of our insurance carriers

[Check out these resources available at KnowBe4]

RiskSOURCE is here to help with your cyber security needs.  Go online to our cyber security resource page and get a quote for added protection.  Stay safe and be cyber smart!

 

Kasey Young

Client Relations Manager

Accredited Cyber Risk Advisor