UC Goering Center news
Five tips to help safeguard your organization's email
Provided by Steve Mullinger for US Bank
Business email compromise (BEC) scams target domestic and foreign businesses that regularly perform payment transfers. And this continues to be a number one fraud threat for organizations. Data from the FBI estimates that the total loss of this global threat is in excess of $26 billion (Source: FBI data). This data helps illustrate the need for heightened awareness and vigilance. To shield your organization from fraud, there are several internal control enhancements and security practices to consider. While no single control or set of controls will prevent your organization from being a target, we suggest these five tips to prevent your organization from falling victim to BEC:
One: Confirm and verify email requests transfers.
Contact the requestor by phone using an independently obtained phone number or one that you already have on file. Pay special attention to transfers requested to new or recently updated accounts. Nearly all BEC scams can be stopped in their tracks if organizations adopt this basic control.
Two: Use dual control for money movement activities.
This allows for two levels of scrutiny and authorization to help stem the risk of illegitimate funds transfers.
Three: Use multi-factor authentication for web-based email accounts.
Fraudsters may leverage actual accounts of executives with email credentials pilfered from spear phishing campaigns. Multi-factor authentication adds another layer of control to deter cyber crooks from accessing employee accounts.
Four: Communicate quickly when fraud or security events occur.
Notify your key banking partners and information security staff immediately if you suspect BEC. If appropriate, contact law enforcement and file a complaint with the FBI Internet Crime Complaint Center.
Five: Create awareness within your organization.
Evaluate staff adherence to internal controls by using real-world security awareness testing. Finally, review your current payment controls to keep your organization safe from BEC.
Steve Mullinger is a senior vice president at US Bank. Reach Steve at steven.mullinger@usbank.com or at 513-632-2542.
Featured image at top: Maxim Zhgulev
About the Goering Center for Family & Private Business
Established in 1989, the Goering Center serves more than 400 member companies, making it North America’s largest university-based educational non-profit center for family and private businesses. The Center’s mission is to nurture and educate family and private businesses to drive a vibrant economy. Affiliation with the Carl H. Lindner College of Business at the University of Cincinnati provides access to a vast resource of business programing and expertise. Goering Center members receive real-world insights that enlighten, strengthen and prolong family and private business success. For more information on the Center, participation and membership visit goering.uc.edu.
Related Stories
Is your personal data protected?
December 13, 2023
From phishing attacks, malware and account hijacking to removable media, denials of service and intellectual property theft, cybersecurity incidents are constantly evolving and the impacts are becoming more severe.
Wrongful collection of data: Reduce the risk
December 13, 2023
The law tends to lag a bit behind the rapid evolutionary pace of the technology and software that we use in our businesses.
Managing third-party cyber risk that increases your...
November 8, 2023
As organizations increasingly turn to independent contractors for products and services, third-party breaches have become a top cyber threat.