Blog - FTC and SBA Guidance on Cybersecurity - Business Email Imposters

Like any other protection, cybersecurity is in place to reduce the likelihood and impact of adverse events.  But how much thought has been given to what events your business should be worried about?  Are you worried about Chinese government sponsored hackers targeting your business?  Are you worried about an Edward Snowden type rogue exposing company secrets?  Are you worried about the cleaning lady unplugging your database server to plug in her vacuum cleaner?*

With limited funds and limited staff, companies must focus their attention on the most likely and most impactful events.  The top cyber crime (per FBI statistics ) is business email compromise/email account compromise.  This combined category covers a variety of email-based scams that lead to stolen or misdirected funds.  This crime is not only the number one crime – but the resulting victim loss is bigger than the next seven cybercrime categories combined.

Realizing that business email compromise is the most prevalent cybercrime, be sure to focus a commensurate level of attention to this issue. 

  • Email Protection Protocols.  There are protections that are built in to the email protocols that help your recipients confirm that the email actually came form you.  Be sure these are enabled and properly configured. 

  • Train Staff.  Has your staff been trained, and tested, on detecting fraudulent emails? 

  • Processes.  Most business email compromises are social engineering scams – often trying to convince employees to redirect financial payments.  Do your processes for changing financial information have protections to reduce the risk of fraudulent changes?  Protections might include separation of duties or requiring out of band requests (like phone calls).

A cybersecurity program can’t protect all people and all devices from all possible attacks.  Be sure to focus attention, resources, and staff on the most likely cyber events. 

* This actually happened to the author very early in his career and help install a level of humility and humor to his outlook.

——————————————————————————————-

The Federal Trade Commission and Small Business Administration have collaborated to publish guidance (https://www.ftc.gov/tips-advice/business-center/small-businesses/cybersecurity) for these companies. This guidance is a great place to start for business leadership that is worried about cyber issues but aren’t sure where to begin.

North Wonders has produced a self-guided security assessment tool based on the SBA guidance referenced above. This tool (https://www.northwonders.com/offering/#self-guided) allows small businesses to quickly see their cyber hot spots and get actionable guidance on correcting any issues. For more information please contact us at Info@NorthWonders.com.