Business Email Compromise
Cyber security refers to the practice of protecting your systems, networks and programs from digital attacks that may result in financial loss. Implementing effective information protection and cyber security measures is crucial to ensure that scammers cannot access, change or destroy sensitive information.
Continue reading to find out:
Business Leaders: •Invest in cyber security •Review who is dependent on IT •Build a network of trusted relationships with sector partners and government agencies for access to timely cyber threat information •Acknowledge cyber crime as a business risk and be proactive •Develop cyber security policies and procedures
Employees: •Leverage basic cyber security training to understand cyber security concepts and implement best practices. •Develop a culture of awareness to encourage employees to make good choices online •Learn about risks such as phishing and business email compromise (BEC) • Identify available training resources through professional associations, academic institutions, private sector and government sources •Be aware of current events related to cyber security, using lessons learned and reported events to remain updated on the current threat environment
Systems: •Learn what’s on your network and maintain an inventory of hardware and software assets to know what is at risk from an attack •Leverage automatic updates for all operating systems and third-party software •Implement secure configurations for all hardware and software assets •Remove unauthorized hardware and software from systems •Leverage email and web browser security settings to protect against email spoofing and unsecured webpages •Create application integrity and whitelisting policies so only approved software is allowed on your systems
Access: •Learn who is on your network and maintain inventories of network connections (user accounts, vendors, business partners, etc.) •Implement multifactor authentication for all users •Grant access and admin permissions based on a need-to-know basis and least privilege •Use unique passwords for all user accounts •Develop IT policies and procedures addressing changes in user status (transfers, termination, etc.)
Data: •Know what information resides on your network and maintain inventories of critical or sensitive information •Establish regular automated backups •Install malware protection capabilities •Manage network and perimeter components, host and device components, data at rest and in transit, and user behavior activities
Actions Under Stress: •Develop an incident response and disaster recovery plan outlining roles and responsibilities and test it often •Create a business impact assessment to prioritize resources and identify which systems must be recovered first •Create a call list of those to call for help (outside partners, vendors, government/industry responders, technical advisors and law enforcement) •Develop an internal reporting structure to detect, communicate and contain attacks.
Read more on how to help guard against payment fraud.
Back To Top