Is Your Company Educated on Email Best Practices?

by Emily on January 20, 2019

in Security

Business email compromise is a form of cyberattack in which malicious parties utilize email as a tool to appeal to internet users’ emotions, and get unsuspecting web surfers to read an email, click on a link, and even enter personal or corporate information on a (unbeknownst to them) malicious website. This type of hacking is referred to as “phishing” as it reflects the hackers’ attempt to ‘fish’ for your information.

Another type of business email compromise involves hackers pretending to be high-level execs in your company, reaching out to your HR department or other branches of your organization, to gain access to sensitive corporate information or even demand payments. Sadly, the FBI estimates that since they began tracking business email compromise – also called BEC — organizations have lost $12.5 billion to this malevolent, and often criminal, enterprise.

Your information technology, or IT, staff, can reduce the likelihood of a data breach or virus by instituting high-level security protections such as two-step verification and encryption. With two-step verification, employees must take an additional step to access web-based resources such as email. In the typical two-step verification process, a code – usually a string of numbers and/or letters – is sent to an employee’s mobile device, and they must input this code to gain access to their email. Encryption is a security practice that ensures that data sent over the corporate servers is encoded and cannot be easily read by malicious entities seeking to monitor server activity. However, simply utilizing these IT tools does not accomplish enough to prevent email scams which may target your organization or company.

While IT solutions such as encryption and two-step verification go a long way to protect employees from hackers, employees must also be trained on email best practices. For example, workers at all levels of an organization must become aware of phishing and other types of email scams, and must be trained not to click on links in emails from an unfamiliar source and certainly not to enter their personal information or any sensitive corporate information on websites that may be of questionable authenticity.

Certain positions at your company may be more vulnerable to BEC than others. For example, employees who work in finance, payments, or billing may be at the forefront of such email scams. This is because many hacking attempts target the finance-related departments of a company – 47% of all phishing emails are directed towards the chief financial officer (CFO), and 13% of such emails are sent to a company’s finance department.

Therefore, these positions must offer the most comprehensive training in order to protect the company finances from falling into the hands of hackers. Human Resources departments can also be frequent targets of phishing attacks and email spoofing scams, sometimes by hackers who purport to be high-level executives, such as a company CEO. The only way to prevent this malicious cyberactivity from debilitating your organization is by ensuring that all of your company’s employees, from the new entry-level staff to your most important corporate executives, are well-trained in email best practices. Check out the Panda Security​ ​blog​ for more information about business email compromise, including statistics on BEC and steps that companies can take to protect themselves.

Comments & Leave a Comment


{ 1 comment… read it below or add one }

Sajid Akhter January 21, 2019 at 12:27

Great post. It is an eye opener for all businesses houses. Data plays such an important role in today’s time. Your post is very helpful and expressive.

Thanks for sharing this post. Have a good day.



Leave a Comment

CommentLuv badge

Previous post:

Next post: