Guidance Released to Help Organisations Protect Against BEC Scams

Business email compromise (BEC) scams—a type of phishing attack—are a growing concern for organisations across sectors. In fact, according to recent government data, 84% of businesses and 83% of charities suffered a phishing attack in 2023. The National Cyber Security Centre (NCSC) has recently published new guidance on BEC, including practical steps to help organisations reduce the likelihood of falling victim.

What Is BEC?

BEC is a phishing attack where a cyber-criminal impersonates a legitimate source to trick employees into transferring money, divulging confidential data or engaging in other compromising activities. The perpetrators of BEC attacks typically send emails that appear to be legitimate, asking for business-related payments. These cyber-criminals may pose as high-ranking employees, suppliers, vendors, business associates or other entities.

Unlike conventional phishing attacks, which often target large groups, BEC attacks are tailored to entice specific individuals, making them more challenging to identify and potentially more destructive.

The NCSC’s Guidance Explained

The NCSC’s new guidance recommends organisations take the following steps to thwart cyber-criminals and mitigate the risks of BEC scams:

  • Increase staff awareness. Employees are the first line of defence against cyber-attacks. Organisations should provide robust training to help staff spot phishing emails and report them swiftly.
  • Implement multifactor authentication (MFA). Organisations should enable MFA, a multi-step login process, on all online accounts so that knowing a password is insufficient for threat actors to gain entry.
  • Apply the “least privilege” principle. Organisations should only provide employees with access to the systems, networks and data they need to do their jobs and nothing more. For example, only a few select employees should be allowed to authorise payments.
  • Review digital footprint. Threat actors can leverage information from social media accounts to craft targeted BEC scams. Staff, especially senior executives, should review their online account privacy settings and consider ways to reduce their digital footprint.

The NCSC’s guidance is particularly pertinent for smaller businesses, which may lack the resources to implement the NCSC’s existing guidance on phishing attacks.

Conclusion

Government data reported that phishing attacks—including BEC scams—now impact a majority of businesses. Therefore, organisations should review their cyber-hygiene measures and cyber-insurance cover to ensure ample protection.

Visit the NCSC website to view their guidance in full.

Talk to one of our experts today for additional cyber-security resources and insurance solutions.

 

 

 

Contains public sector information published by GOV.UK and licensed under the Open Government Licence v3.0.

The content of this publication is of general interest and is not intended to apply to specific circumstances or jurisdiction. It does not purport to be a comprehensive analysis of all matters relevant to its subject matter. The content should not, therefore, be regarded as constituting legal advice and not be relied upon as such. In relation to any particular problem which they may have, readers are advised to seek specific advice from their own legal counsel. Further, the law may have changed since first publication and the reader is cautioned accordingly. © 2024 Zywave, Inc. All rights reserved.

RS Risk Solutions Logo

If you would like advice or a quotation please contact us.

We are an independent and regulated UK insurance broker predominantly supporting clients in:
London and the South East including: Surrey, Kent, East Sussex, West Sussex, Ashford, Bexhill, Brighton, Caterham, Chatham, Copthorne, Crawley, Crowborough, Croydon, Dorking, East Grinstead, Eastbourne, Edenbridge, Forest Row, Gillingham, Gravesend, Hastings, Haywards Heath, Heathfield, Horley, Horsham, Hove, Kingston upon Thames, Leatherhead, Lewes, Lingfield, Maidstone, Newhaven, Oxted, Redhill, Reigate, Royal Tunbridge Wells, Seaford, Sevenoaks, Sutton, Swanley, Tonbridge, Uckfield, Woking, Worthing

More Articles

Manufacturing – Mitigating Risks

Manufacturing businesses play a pivotal role in our economy, producing goods that serve as the backbone of numerous industries. However, with great opportunity comes great

BT’s Redcare Announces Closure

BT’s Redcare is withdrawing their signalling system for intruder and fire alarms services from the market. Customers will  need to seek alternative suppliers before 1

Cyber Security

Cyber Insurance Market Outlook for 2024

Increased cyber-attacks with new evasive tactics, hacktivist-based attacks and frequent ransomware have created a volatile risk environment for organisations of all types and sizes over

RS Risk Solutions Logo

Request a callback

By providing the above information you consent to RS Risk Solutions Limited contacting you by any of the methods that you have provided details for. We will process this information in accordance with our privacy notice.

RS Risk Solutions uses cookies to monitor the performance of this website and improve user experience. To find out more about cookies, what they are and how we use them, please see our privacy notice, which also provides information on how to delete cookies from your hard drive.