Keeping a small business going and growing is hard enough without having to deal with malicious attacks from online fraudsters. You want to focus on your customers and goals, but the threats are still out there — and email is a key battleground.
One of the most dangerous threats to email security is now Business Email Compromise, or BEC. But what exactly is it? What are the main threats? And how do you fight them?
What is Business Email Compromise?
Definitions of Business Email Compromise can vary. Some experts suggest it covers a range of criminal scams, including password hacking and malware attacks. Others see it as purely based on social engineering techniques i.e. tricking an actual person.
What everyone agrees on, though, is that people are the main gateway. It’s more than just tech attack vs. tech defense. People who have access to sensitive information are the primary targets, and there’s a range of ways to trick them — which we’ll cover a bit later.
Is Small Business at Risk from Email Compromise?
We may hear lots about how highly-organized criminals are taking big businesses for millions of dollars, but small to mid-sized businesses are increasingly at risk. Statistics show that 43% of cyberattacks hit small businesses — according to the latest Verizon Data Breach Investigations Report. That number continues to grow, too.
Plus, big businesses usually have equally big bank accounts to dip into should the criminals strike. Smaller businesses don’t have such deep pockets. One successful attack, and there’s less chance of you bouncing back.
Why Attack Email?
Email is one of the easiest ways for the bad guys to either grab sensitive data or money. Those messages we all fire off and receive every day have become so ubiquitous that it’s easy to forget how much sensitive information is stored within them.
Passwords, account info, customer data, business financials… Your inbox is probably a treasure chest of information that fraudsters would love to get their hands on. When you consider that this info might not only be used to defraud you, but also your employees, customers, and partners too, it becomes less of a treasure chest and more like an entire bank vault.