FROM SECURITY SALES & INTEGRATION - How to Protect Remote Workers From BEC Attacks

Work-from-home employees need to ward against business email compromise (BEC), which is particularly easy to execute and surprisingly hard to detect

by Michael Cutlip, President & CEO, Authoriti

With millions of people working from kitchen tables and in guest bedrooms without their normal tools and resources, the race to maintain business continuity and security is vital.

Instead of work happening within the confines of a well-rehearsed enterprise security architecture, a company’s employees and service providers have assembled a network of home computers and personal mobile devices using shared WiFi, public networks and unknown endpoints to access the systems and data they need to perform their role.

As you might expect, the distraction and confusion caused by the coronavirus pandemic has turned this into a greenfield for malicious behavior. Bad actors will seek to leverage vulnerabilities in your new security structure, hitting the easiest attack windows first.

Welcome to a Different Normal

One of the biggest windows, in fact is an open door: the employees who’ve never been in a work-from-home (WFH) role before. That said, we shouldn’t just highlight the newest remote workers. The experienced road warriors who are operating in a changed environment are also at risk of getting tripped up by an experienced fraudster.

One form of fraud, business email compromise (BEC) is particularly easy to execute and surprisingly hard to detect. Criminals apply techniques ranging from phony invoices to more sophisticated (but still simple) email campaigns using information obtained through earlier social engineering in an effort to gain additional personally identifiable information (PII), reroute legitimate payments and initiate bogus wire transfers.

For sure, security concerns about payment fraud and BEC attacks were a major problem well before the shift to work-from-home. The recent FBI Internet Crime Report reported that U.S. losses from BEC scams totaled more than $1.75 billion in 2019, up 25% from $1.3 billion in 2018 — which was double the losses from 2017.

Read the entire article on the Security Sales & Integration website.

Lessons Learned and What-Ifs

As IT organizations continue hustling day-to-day to meet a mushroomed remote workforce’s demands, demands that very likely exceed many companies’ worst-case contingency plans, it is vital to communicate simple best practices.  Don’t let colleagues fall victim to social engineering and simple BEC fraud.

It is also important to review both lessons learned and the what-ifs that came to mind over the past couple months (but fortunately haven’t happened). Then incorporate them into a secure and sustainable solution that is flexible across environments and channels and able to adapt to future unforeseen contingencies that might come your way.

Read the entire article on the Security Sales & Integration website.