Protect Your Identity and Learn About BEC Scams

Today is the first annual Identity Management Day! We join the National Cybersecurity Alliance and the Identity Defined Security Alliance to raise awareness and share resources for identity protection.

Protecting our data and promoting privacy is becoming more important to the wellness and security of our lives both professionally and personally – and not just on Identity Management Day. Cybercriminals are continually evolving their strategy and tactics to compromise their targets; it is paramount that end users stay aware of the dangers that lurk beyond the firewall.

One of the most common threats seen today are “Business Email Compromise” scams – or BECs. These involve criminals impersonating key organizational staff or vendors – perhaps an executive, HR, or other members of leadership – with the end goal being the fraudulent transfer of money.

The most common type of BEC scam is invoice or payment fraud.

65% of organizations faced BEC attacks in 2020.
In 2020, BEC costs increased rapidly, from $54,000 in Q1 2020 to $80,183 in Q2.
In 2020, 80% of firms experienced an increase in cyberattacks.
62% of BEC scams involve the cybercriminal asking for gift or money cards.
Payment/invoice/billing scams skyrocketed by 155% in 2020.

Don’t become a cyber statistic! Read on for tips on how to recognize (and avoid) these increasingly popular email scams.

Be Skeptical

If it seems strange, investigate. Last minute changes in instructions or recipient account information is a red flag that something could be wrong. Trust your gut.

Don’t Click it

Verify information related to any contacts associated with the request. If it is a vendor requesting something, do not contact them through information provided in email – use trusted information on file. If you get a strange request from someone you work with, call them on their known phone number. A quick call can save a big headache!

Double Check that URL

If there is a URL in the email, make sure it’s associated with the business it claims to be from. Discrepancies are a likely indicator that hostile actors may be involved.

Spelling Counts

Make sure to check for misspellings in domain names. Cybercriminals will often exploit similar names, hoping that the recipient will only glance at it and not realize it is different. Writing style will also be very simple and brief with little information added.

Look for Other Clues

Does it seem strange that the CEO is contacting you personally, via email, with an urgent request? Is a manager, with whom you just had a meeting, asking you to send money? Are you receiving invoices from clients that you aren’t responsible for? All of these are common tactics that are used that can be caught by paying attention to oddities.

See Something? Say Something!

If something looks suspicious, report it to your I.T. department or your MSP! If you’ve been of victim of a BEC scam, file a detailed complaint with www.ic3.gov.

Want to learn more about how to protect yourself and your business from cybercriminals?

Back To Business I.T. specializes in creating and managing secure I.T. environments and has the tools and experience to provide proactive, customized cybersecurity training for businesses of all sizes. Don’t become a cyber-statistic! Get in touch today and let us help you take steps to ensuring your cyber safety.

7 Cybersecurity Tips for SMBs

7 cybersecurity tips for small and medium-sized businesses (SMBs), brought to you by Back To Business I.T.

Antivirus and Filters

Scanning your systems regularly to detect malware and potential vulnerabilities should be at the top of the list when it comes to cybersecurity measures. Putting web and email filters in place can help block nefarious traffic and messages from ever reaching your systems.

Restrict Access

Along the same lines of defense as Antivirus and Filters, use restrictions to limit staff access. The same way you restrict departmental access depending on where a person works, it’s a good idea to implement internet restrictions. This way employees are limited to the websites they can access on company computers – and thus lessen the risk that they’ll wander into some dark alley on the internet.

Train Your Staff

One of the biggest cybersecurity risks any company faces is its people. To err is human, right? And err we do. Phishing emails are the most common cyberattack, and how over 90% of successful breaches begin. Educate your staff on best cybersecurity practices. Our cybersecurity awareness training offers not only educational materials, but simulated training exercises to test employees’ preparedness in a safe sandbox environment. Contact us to learn more.

Step Up Your Authentication Game

Setting up multi-factor authentication means that system access has a two-layer protection. Requiring both a password and a pin, for example, will likely reduce your risk of unauthorized access. Much like having biometric and pin or pattern access on your phone protects your data from prying eyes – two-factor authentication on your systems can keep your data safer.

Patch and Update, Faithfully

Clicking that ‘update later’ button is usually a bad idea. Updates ensure your system has the latest information on potential vulnerabilities. Patching does just that – patches certain ‘holes’ or fixes bugs in the system. This is part of why it’s critical to use up to date hardware/software – so you can be sure the manufacturer is working constantly to keep it as secure as possible.

Back Up Your Data

In the case of a breach, having your data backed up can make the difference between paying the ransom or not. Cybercrime isn’t the only reason to back up your data though – as other events can affect system functionality and disrupt your business. In the context of cybersecurity, it can give you the upper hand. If your data is securely backed up, there’s usually less down time in the event of an attack.

Have a Cybersecurity Policy in Place

All the good intention in the world won’t take the place of a solid information security policy. Make sure your staff is aware of the processes and best practices for cybersecurity in your company. You’ve worked hard for your business, protect its future.

Here at Back To Business I.T., we’re a business too. We have the same concerns and face the same challenges. Our customizable solutions are meant to change as your business grows – fitting your needs, and your budget. Take your business to the next level with a technology partner you can trust. Contact us today!

Managing Your Digital Presence by Updating Privacy Settings

Do you still have a MySpace, or a Xanga? There are probably a few accounts out there that you no longer use – and probably didn’t remember you had. But they are still part of your digital presence and should be monitored. How do these old accounts pose a cybersecurity threat?

Easy Targets: Well, old accounts usually have outdated privacy settings. That means cyber-criminals could be using your personal information to build a social-engineering profile for you, making it easier to target you in phishing or spear phishing attacks. If they have info on your subscriptions, memberships, likes, affiliations, etc. they can make their phishing bait emails much more believable.

Data Leaks: Let’s say your privacy settings on those old accounts are locked down tight. How robust is that website’s security? How easy is it for cyber-thieves to break in and steal it? Chances are, websites or services that aren’t widely used anymore aren’t going to have the most up to date information security measures in place. Do you really want to risk it?

Optics: Another reason to clean up your old accounts may be simply to moderate the content that’s out there. As we all know, the internet is forever. When we post a comment, publish an article, or share a photo, our name is tied to that media until we delete it. Do you have accounts with NSFW photos, comments, or content? A quick search on any search engine should reveal content tied to your digital identity. Is there something you don’t want shared?

So go ahead, take a stroll down your memory lane on the internet and see what you find. Deactivate accounts you no longer need, manage old content and how it’s shared, and enjoy the peace of mind.