New Guidance For Business Email Compromise

Uploaded on 2024-05-24 in TECHNOLOGY--Resilience, NEWS-Cybersecurity News, FREE TO VIEW

Business Email Compromise (BEC) occurs when a criminal accesses a work email account in order to trick someone into transferring money, or to steal valuable (or sensitive) data.For this reason, BEC attacks are often directed at senior staff, or those that can authorise financial transactions. 

Unfortunately, BEC attacks, which are a type of phishing attack, are significantly increasingNow, there are important new guidelines about how to disrupt targeted phishing attacks, which are often aimed at senior executives and/or budget holders in organisations.

A recent UK Government cyber-attack report revealed that in 2023, 84% of businesses and 83% of charities have experienced a phishing attack in the past 12 months. Now, the National Cyber Security Centre (NCSC) has recently published new BEC guidance includes practical steps that will reduce the likelihood of your organisation suffering from a BEC attack. 

It is specifically aimed at smaller organisations who might not have the resources (or expertise) to implement the NCSC’s existing guidance on phishing attacks in full.BEC attacks can be difficult to detect. Criminals use sneaky methods that aim to pressure victims into acting quickly. 

  • The guidance details how reducing your digital footprint, helping your staff to detect phishing emails, applying the principle of ‘least privilege’ and implementing 2-step verification can all protect against  BEC attacks. 
  • It includes steps to take if you think your email account has already been compromised, or if you have been tricked into making a fraudulent payment.

Whilst implementing the steps detailed in the guidance will reduce the likelihood of BEC attacks, it does not make your organisation impervious to all cyber threats. The NCSC has also recommend that organisations plan for attacks and practice responding to attacks in a safe environment using the NCSC’s Exercise in a Box.   

For More Information About NCSC Guidance click: HERE

NCSC   |    NCSC     NCSC   |   Gov.UK:   |   Image:  Unsplash

You Might Also Read: 

DMARC Email Validation: Cracking Down On Fraud

DIRECTORY OF SUPPLIERS - Email Security:

___________________________________________________________________________________________

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« GDPR Is Six Years Old: What Is Its Impact On AI?
Time For Cyber Force »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Visual Guard

Visual Guard

Visual Guard is a modular solution covering most application security requirements, from application-level security systems to Corporate Identity and Access Management Solutions.

NAVEX Global

NAVEX Global

NAVEX Global’s compliance management system consolidates your entire GRC program onto a scalable cloud-based platform.

ZeroNorth

ZeroNorth

ZeroNorth provides a new approach to improve software and infrastructure security, simplify continuous compliance reporting and to create more cost-effective risk management programs.

Logic Supply

Logic Supply

Logic Supply is a global industrial PC company focused on hardware for the IoT edge. We design highly-configurable computers engineered for reliability.

PurpleSynapz

PurpleSynapz

PurpleSynapz provides hyper-realistic Cyber Security Training with a modern curriculum and Cyber Range.

Gluu

Gluu

Modern Authentication for Digital Enterprise. Organizations around the world trust Gluu for large-scale, high-security identity & access management.

Avancer Corporation

Avancer Corporation

Avancer Corporation is a multi-system integrator focusing on Identity and Access Management (IAM) Technology. Founded in 2004.

Pristine InfoSolutions

Pristine InfoSolutions

Pristine InfoSolutions is a global IT services and Information Security Company focused on delivering smart, next-generation business solutions.

Zorus

Zorus

Zorus provides best-in-class cybersecurity products to MSP partners to help them grow their business and protect their clients.

Veriti

Veriti

Veriti is a unified security posture management platform that integrates with your security solutions and proactively identifies and remediates potential risks and misconfigurations.

Cisilion

Cisilion

Cisilion's mission is simple – to transform and connect business with next-generation IT infrastructure. Our expertise includes enterprise networking, security, data centre & cloud, managed services.

Verinext

Verinext

Verinext delivers transformative business technology, from intelligently automating time-consuming tasks and protecting data assets to securing infrastructure and improving customer experiences.

CNF Technologies

CNF Technologies

CNF Technologies is an award-winning cyber company providing technology-focused research and development to commercial, federal, and Department of Defense clients.

US Cyber Games

US Cyber Games

US Cyber Games is committed to inform and inspire the broader community on ways to develop tomorrow’s cybersecurity workforce.

MadWolf Technologies

MadWolf Technologies

MadWolf’s mission is to deliver enterprise-quality managed services and focused applications to organizations operating in the non-profit, association and international development sectors.

Dial A Geek

Dial A Geek

Dial A Geek are a Bristol-based B Corp that provides Managed IT Services to companies of 20+ users. We help businesses with a smart use of tech, including compliance and cybersecurity solutions.