Strengthening cybersecurity in the workplace
Graeme McGowan, Director Cyber and Security Risk at Optimal Risk explains the need for businesses to establish the right defences to counter the growing threat of cyber fraud.
A domain-based message authentication, reporting and conformance (DMARC) framework will enable an organisation to protect its domain from unauthorised use, and thus help to reinforce its cybersecurity defences. Image: Serhii Yaremenko/123rf
Business email compromise (BEC) attacks are on the rise and are now the most common form of cyber fraud. Last year, these targeted email scams led to an average of £80,000 in losses per BEC fraud and there is no doubt there will be a surge in this type of cybercrime in 2021.
Anyone can fall victim to these attacks, but criminals tend to focus their efforts on companies that regularly carry out transfers of large funds to overseas accounts, making their request less conspicuous and far more plausible to the victim.
A typical BEC starts with the fraudster gaining access to the email of an executive or high-level staff member. They then create a new email account and, impersonating that individual, send a fraudulent email to an employee. The ensuing email exchange helps to build up trust and culminates in the perpetrator asking the victim to transfer funds to an offshore account immediately. The sense of urgency may cause the victim to bypass some of the usual checks, potentially leading to millions in losses.
Alternatively, it could be an email purporting to be from a senior member of the IT team telling staff about ‘a new password policy’ and instructing them to follow a link within an email to change their password. Others impersonate a supplier and request payment of ‘an overdue invoice’, taking advantage of existing trusted relationships between employees and vendors.
The right security software is a vital defence against these emails appearing in the first place. A domain-based message authentication, reporting and conformance (DMARC) framework will enable you to protect your domain from unauthorised use such as email spoofing. To be effective it needs to identify, analyse and authorise all the email sending sources with a progression policy from ‘none’ to ‘reject’.
Enabling the DMARC check for incoming emails is done through the admin access of your email gateway and a simple check box.
BEC fraudsters are continuously working to find new ways of making money and with so many people working remotely in the wake of the Covid-19 pandemic, anything that connects to an organisation’s network – such as a PC, tablet, smartphone or any other internet enabled device – is vulnerable to cyberattack.
It is therefore vital that security software is not only up-to-date, but that investment is also made in cyber awareness training and education so that staff remain alert as to how common this type of fraud is, as well as increasing their understanding of how their actions can affect the overall cybersecurity of the organisation.
Optimal Risk is a CRJ Key Network Partner. For more details on how to work with us, visit here.