Cybersecurity Tip of The Day #6

Don't exclude your executive team from social engineering and phishing exercises. They might need the testing more than anyone else in the organization.

According to the FBI, nearly half of reported business losses due to cybercrime were a result of Business Email Compromises (BEC), totaling an estimated $1.8B. A typical BEC scam happens after hackers either compromised or spoofed an email account of a legitimate person or company. The attackers use this email account to send fake invoices or business contracts to employees in the same company, or upstream/downstream business partners. The idea is to trick counterparts into wiring money into the wrong bank accounts.

Often times these BEC scams start with the attempted compromise of an executives account. These individuals tend to have much more authority and access within the organization and it adds to the "scare-factor" of the fake email sent downstream.

Be sure your executives are getting the training and testing they need to spot these kinds of emails and avoid having their mailboxes compromised in the first place. This starts with simulated phishing, awareness training and other social engineering exercises. Don't exclude them during these events out of fear that they will get upset or annoyed. Explain the reasoning and present the facts. You are doing this to protect them and the business. That's a motive they should be able to appreciate more than anyone.

#cybersecurity #BEC #Phishing #awareness