Sydney hospital loses $2 million in alleged BEC fraud
A Sydney hospital lost $2M in a BEC scam. Learn how to protect your business with MFA, email authentication, and robust financial controls.
Business email compromise (BEC) & email scams are one of the fastest growing cyber-threats that Australian organisations face. Cyber criminals targeting organisations through emails are becoming more prevalent each year.
What’s more worrying is in 2021, employees received an average of 14 malicious emails according to Tessian research. All it can take to cause a data breach, or exploit your network security, is one click on a malicious link or attachment.
However, Australian organisations can take charge of their cybercrime strategy to prevent severe consequences. Before implementing best practices & prevention methods, it’s important to note the significance of email security and what you can do to review your email security settings.
In the second week of the annual October Cyber Security Awareness Month, we explore how you can review your accounts payable department email security settings for Outlook & Gmail.
There’s no denying that in 2022, every enterprise and finance team should be prioritising cybersecurity in their organisation. Although, when it comes to email security, CFOs should work with IT professionals to help employees set up their email security of the highest calibre.
Most accounts payable departments incorporate complex passwords or two-factor authentication (2FA). However, there are better security protocols that can enhance your security measures in emails.
For instance, a 2019 Global Data Risk Report by Varonis reported a staggering 53% of enterprises left over 1,000 sensitive files, and folders unencrypted and open to all employees. This highlights that enterprises are not fully optimising their email security settings, or implementing other security measures.
To stay protected against malware, BEC attacks and employee negligence, CFOs must integrate an email security solution with several core capabilities such as:
Next, we look into what you can do to maximise your Outlook email settings & Gmail settings.
When onboarding AP clerks, it’s best practice to proactively review their email account security.
This can prevent cyber attacks and increase your chances of regaining control if their email has become compromised. Here are a few tips to get you started in reviewing your Microsoft Outlook security settings.
It’s best practice to come up with a 16-character password involving upper and lower-case letters, numbers and special characters.
Organisations are strongly encouraged to create a new strong password every 2-3 months to minimise the risk of a cyber threat. If you’re unable to remember every strong password created, consider investing in a password manager.
Here you can review all your recent login activities such as the time of login, day, location, IP address, operating system and Outlook email account.
For more instructions on reviewing your Outlook security settings, visit the ACSC step-by-step guide that can assist your accounts payable department in email security.
When visiting the security section of your account. You can review which third-party app has access to certain sensitive data in your Google account like your Gmail, photo albums, Google Drive or Google calendar. This includes the following:
It’s best practice to review and restrict your personal information being accessed by certain third-party apps.
Reviewing your recent security activities is best practice as a monthly security routine to identify any suspicious activity. If you recognise any unknown security events, then you should consider in securing your account.
This will signal Google to lock your account and prompt you to change your password immediately. For a comprehensive guide, visit the ACSC website.
CFOs and IT administrators should collaborate extensively when following security best practices to help strengthen the security and privacy of the organisation’s data. Maximising each security practice will reduce the risk of a data breach.
If you are looking to implement further email security enhancements, you can do so by viewing the Google Workspace. This contains Google’s security best practices for enterprises involving security on mobile devices, computers, other endpoints, Google Drive, accessing public websites and more.
With Eftsure added to your accounts payable security function, not only are you minimising the risk of fraud, scams and error, but your AP team will have confidence in releasing supplier payments by detecting and investigating suspicious activity during the verification process.
Contact Eftsure today for a full demonstration of how we can protect your business against BEC attacks.
A Sydney hospital lost $2M in a BEC scam. Learn how to protect your business with MFA, email authentication, and robust financial controls.
CFOs, beware: cybercriminals are exploiting DocuSign’s legitimate business tools to deliver fraudulent invoices directly through trusted channels. This scheme is particularly dangerous …
Because LinkedIn is used as a professional networking platform, account holders don’t use the same caution as they would on Facebook or …
Eftsure provides continuous control monitoring to protect your eft payments. Our multi-factor verification approach protects your organisation from financial loss due to cybercrime, fraud and error.