As we have noted previously (see here and here), email piracy, also called Business Email Compromise (BEC), is a serious threat. Because the attacks are based on deception and human behavior, traditional technology protections are not likely to help. Cyber Risk Insurance policies can provide protection, but prevention is a critical component of any security plan. Here are a few tips from experts and sources of information for consideration:
- Be suspicious of requests for secrecy or pressure to take action quickly.
- Consider financial security procedures that include a two-step verification process
- Create intrusion detection system rules that flag e-mails with extensions that are similar to company e-mail but not exactly the same. For example, .co instead of .com.
- Be wary of free, web-based e-mail accounts, which are more susceptible to being hacked.
- Know the habits of your customers, including the reason, detail, and amount of payments.
- emails requesting urgent or confidential action
- email sender details where domain names are similar but not the same
- Meticulously check addresses, subject lines, and body copies for any discrepancies. A fraudulent email account may be only one letter off from a legitimate one — or a single word may be spelled wrong in the email message itself.
- Validate any link in any unfamiliar email before clicking on it. Hover over or right click all links and look for a legitimate URL that matches the one the email came from — not long strings of jumbled numbers or letters.
- Do not open any email or attachment from any sender you don’t recognize… If you don’t know the sender and aren’t expecting a file, don’t click on it!
- Avoid using free, web-based email for business purposes.
- Mark any unsolicited email as spam or junk… Flagging suspicious-looking emails will help filter out future spam — and possibly alert security experts to spoofed or hacked accounts.
- If a senior officer of your company is requesting a quick or secret transfer via email, be suspicious.
- Verify instructions with an outgoing phone call to a known phone number to a known person
- Make sure your Cyber Risk Insurance includes coverage for email piracy (BEC).
Prevention is a critical step, but Cyber Risk Insurance (also called Data Breach, Privacy and Network Security insurance coverage) is essential in the event that preventative steps are not effective. Coverages vary widely and can be tailored to cover the cost of breaches, forensics, business interruption, EMV Liability, PCI assessments and crisis management as well.
Tennant Risk Services is a specialty wholesale broker and underwriting manager, and delivers expertise, markets and exemplary services to our retail insurance agent clients in the placement of professional liability insurance (E&O, D&O, EPL, Cyber).