Protecting your company from business email compromise (BEC)
Safeguarding your digital finance footprint
Understanding the BEC threat and how to avoid fraud.
Businesses are increasingly vulnerable to online fraud, and Business Email Compromise (BEC) is a significant threat in 2023. The Australian Cyber Security Centre reports over $98 million in business losses annually.
To be proactive about increasing cyber threats and protect your business financial footprint, it's important to understand ways of safeguarding your business.
Understanding the growing threat of BEC
BEC is a cybercrime where hackers manipulate or impersonate legitimate emails to dupe employees into divulging sensitive information or making fraudulent transactions.
BEC has emerged as a significant threat across industries. BEC can devastate a business by exploiting vulnerabilities in communication channels and human interactions. According to the Australian Competition and Consumer Commission (ACCC), in 2022 alone, BEC scams resulted in $142 million in losses reported by Australian businesses.
Types of BEC attacksInvoice manipulation – cyber criminals intercept legitimate invoices from your suppliers and alter the banking details to direct payments to fraudulent accounts.
CEO fraud – attackers impersonate high-ranking executives within your organisation and request urgent fund transfers or sensitive financial information.
Vendor impersonation – hackers pose as legitimate vendors and send emails requesting changes to banking details for future payments.
Payroll diversion – criminals target payroll processes and manipulate employee information like bank account details to redirect salary payments to fraudulent accounts.
Safeguarding your business
Every business is vulnerable to cybercrime, but some steps help protect your financial data and information.
- Verify payment requests, especially sensitive financial information or changes to banking details, using a dual-authorisation system that confirms requests through a phone call or in-person verification.
- Educate staff to recognise and report suspicious emails and promote a culture of cybersecurity awareness, healthy scepticism, and caution regarding financial transactions or sensitive information.
- Implement email security measures, including utilising advanced spam filters, enhancing email authentication protocols, and secure file transfer and encryption for sensitive information.
- Stay updated with the latest BEC trends and tactics used by cybercriminals to adapt your defences accordingly.
The legal landscape of compliance and data breach notifications
Your business needs to understand the compliance requirements and regulatory landscape surrounding data breaches and the mishandling of sensitive financial information.
Under the Australian Government’s Notifiable Data Breaches (NDB) scheme, organisations or agencies must notify affected individuals and the Office of the Australian Information Commissioner (OAIC) when a data breach is likely to result in serious harm to an individual whose personal information is involved. Understanding these obligations and ensuring compliance is essential to protect your business and maintain customer trust.
Proactive protection of your business from BEC
In 2023 all businesses must take proactive steps to protect themselves from the growing threat of Business Email Compromise (BEC). By understanding the risks, implementing effective strategies and being informed about emerging threats, you can minimise the risk of BEC and reduce the risk of fraudulent transactions.