New Guidance For Business Email Compromise

Uploaded on 2024-05-24 in TECHNOLOGY--Resilience, NEWS-Cybersecurity News, FREE TO VIEW

Business Email Compromise (BEC) occurs when a criminal accesses a work email account in order to trick someone into transferring money, or to steal valuable (or sensitive) data.For this reason, BEC attacks are often directed at senior staff, or those that can authorise financial transactions. 

Unfortunately, BEC attacks, which are a type of phishing attack, are significantly increasingNow, there are important new guidelines about how to disrupt targeted phishing attacks, which are often aimed at senior executives and/or budget holders in organisations.

A recent UK Government cyber-attack report revealed that in 2023, 84% of businesses and 83% of charities have experienced a phishing attack in the past 12 months. Now, the National Cyber Security Centre (NCSC) has recently published new BEC guidance includes practical steps that will reduce the likelihood of your organisation suffering from a BEC attack. 

It is specifically aimed at smaller organisations who might not have the resources (or expertise) to implement the NCSC’s existing guidance on phishing attacks in full.BEC attacks can be difficult to detect. Criminals use sneaky methods that aim to pressure victims into acting quickly. 

  • The guidance details how reducing your digital footprint, helping your staff to detect phishing emails, applying the principle of ‘least privilege’ and implementing 2-step verification can all protect against  BEC attacks. 
  • It includes steps to take if you think your email account has already been compromised, or if you have been tricked into making a fraudulent payment.

Whilst implementing the steps detailed in the guidance will reduce the likelihood of BEC attacks, it does not make your organisation impervious to all cyber threats. The NCSC has also recommend that organisations plan for attacks and practice responding to attacks in a safe environment using the NCSC’s Exercise in a Box.   

For More Information About NCSC Guidance click: HERE

NCSC   |    NCSC     NCSC   |   Gov.UK:   |   Image:  Unsplash

You Might Also Read: 

DMARC Email Validation: Cracking Down On Fraud

DIRECTORY OF SUPPLIERS - Email Security:

___________________________________________________________________________________________

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« GDPR Is Six Years Old: What Is Its Impact On AI?
Time For Cyber Force »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Scale Computing

Scale Computing

Scale Computing is an industry leading application platform for EDGE computing environments covering retail, manufacturing, financial services and government.

Software Factory

Software Factory

Software Factory develops custom-built high-performance software solutions and products for applications including industrial cyber security.

DNV

DNV

DNV are the independent expert in assurance and risk management. We deliver world-renowned testing, certification and technical advisory services.

Silent Breach

Silent Breach

Silent Breach specializes in network security and digital asset protection. Services include Pentesting, Security Assessments, Incident Detection & Response, Governance Risk & Compliance.

Array Networks

Array Networks

Array Networks, the network functions platform company, develops purpose-built systems for hosting virtual networking and security functions with guaranteed performance.

AlAnsari Technical Solutions (ATS)

AlAnsari Technical Solutions (ATS)

ATS is a Kuwait based company specialised in delivering hardware/software, Virtualisation, IP Telephony / Unified Communication, Networking and professional IT services and solutions.

ClearBlade

ClearBlade

ClearBlade is the Edge Computing software company enabling enterprises to rapidly engineer and run secure, real-time, scalable IoT applications.

Brimondo

Brimondo

At Brimondo we help you to maximize and protect your brand value by being a proactive and strategic partner within brand protection with experts within intellectual property and digital assets.

Mindsight

Mindsight

Mindsight is a technology consulting firm with expertise from cybersecurity to cloud, disaster recovery to infrastructure, and collaboration to contact center.

Anonos

Anonos

Anonos is a global software company that provides the only technology capable of protecting data in use with 100% accuracy, even in untrusted environments.

G-71

G-71

G-71 LeaksID is a cutting-edge ITM technology aimed at safeguarding sensitive documents from insider threats.

Onwardly

Onwardly

For everyday folks tasked with implementing security and privacy. Do it faster with Onwardly - build, launch and scale your cyber resilience program in 30 minutes per week.

Arakyta

Arakyta

Arakÿta specializes in business strategy, work flow process and IT systems for organizations.

Yokai

Yokai

Yokai is a secure, distributed platform for data communication with enhanced security features tailored for classified environments such as finance, defence, healthcare, cybersecurity, and more.

Secure Cyber Management

Secure Cyber Management

Secure Cyber Management provides industry-leading cloud security advice, guidance and services.

Black Alps

Black Alps

Black Alp's mission is to promote cybersecurity through the organization of dedicated events.