Sydney hospital loses $2 million in alleged BEC fraud
A Sydney hospital lost $2M in a BEC scam. Learn how to protect your business with MFA, email authentication, and robust financial controls.
Just one click…is all it takes to let a cyber-criminal into your digital network.
Email attacks are increasing each year. This means if your accounts payable (AP) staff are not equipped with the knowledge to defend against BEC attacks, your AP staff may be deceived by cyber criminals.
In fact, in the first half of 2022, the ACCC received 11,395 incident reports of business email compromise scams and in total, this cost Australian businesses $57 million.
In week 3 of October’s Cyber Security Awareness Month, we explore the email security best practices to ensure your finance team’s email is secure from spam and phishing attacks.
Implementing email privacy and security starts when you first create an email account for newly onboarded accounts payable staff. The following email security best practices can be integrated into any organisation:
Using several complex passwords across multiple devices is a no-brainer in email security. Yet email accounts are still becoming vulnerable to the use of poor passwords, for example, 66% of Australians responded they use the same passwords for multiple accounts.
Here are some best practices when creating a strong password:
If you cannot remember every unique password for all your devices, try using a password manager that could give you peace of mind. We explore using a password manager below.
Password managers are great for enhancing email security, they allow you to store, generate, and retrieve complex passwords for a variety of applications. This includes email, social media, and other online services.
In addition, password managers can help you generate random strong passwords for each of your applications. When accessing a password manager, employees will only need to remember the master password to access and use the email security tool.
You can start using a password manager like LastPass to stay in control of your cyber security and manage multiple passwords at once.
Turning on multi-factor authentication (MFA) protects your work emailing accounts with extra login steps. Implementing MFA can provide you with an extra layer of security that can effectively protect against unauthorised access from cyber criminals.
Typically, MFA requires a combination of information from the user when logging into an account. For example:
Having two or more authentication factors increases your email security and makes it difficult for cyber criminals to gain access to your account especially if they know the password. To get started with MFA you can do the following:
Another email security solution to protect sensitive information is encrypting email messages by enabling S/MIME (secure/multipurpose internet mail extensions) on Outlook or Gmail.
By integrating S/MIME your email messages are protected in the following:
How this works is when a user sends an email, the sender encrypts the email using a public key while the recipient decrypts the email using a private key. S/MIME encryption and digital signatures ensure that the email is authenticated, and its content is not manipulated in any way.
Through email encryption, you can establish integrity, uphold privacy, and preserve sensitive data when sending emails.
Secure email gateway providers are a great email security solution If you are looking to block email-based threats like spam, viruses, malware, or denial of service attacks before they reach your mail server.
These unwanted malicious emails can be quarantined, ignored, deleted, or simply bounced back with an error message. When selecting a secure email gateway provider, you should look out for the following features and capabilities:
Utilising detection and protection security solutions is not enough to prevent cyber-attacks.
Cyber security awareness training is necessary for organisations in every industry to protect themselves against the rise of cybercrime and sophisticated phishing attacks. The training program should use a variety of tools that will not only engage your employees but also be an ongoing pursuit that allows skills to develop consistently over time.
The best approach to cyber security awareness training is involving a blend of formal, computer-based training assignments, and phishing simulations on a monthly and quarterly basis. Some of the topics that need to be addressed in training are:
By prioritising cyber security awareness training, you can increase the awareness of email-based threats and significantly reduce the security risk of phishing emails that may lead to data breaches.
The best defence against email threats and BEC attacks is implementing cyber security awareness training and promoting a cyber security culture in the workplace.
Financial leaders and IT teams must collaborate to ensure employees are competent in email security and understand how to handle emails that may seem malicious.
With Eftsure, our fraud tech platform protects your organisation by verifying the banking details you use to process electronic payments. Through payment investigation, you can ensure that the BSB, and account number are correct before releasing funds. This process makes sure that the funds are being sent to the legitimate recipient.
Contact Eftsure today to learn more about staying protected from malicious emails.
A Sydney hospital lost $2M in a BEC scam. Learn how to protect your business with MFA, email authentication, and robust financial controls.
CFOs, beware: cybercriminals are exploiting DocuSign’s legitimate business tools to deliver fraudulent invoices directly through trusted channels. This scheme is particularly dangerous …
Because LinkedIn is used as a professional networking platform, account holders don’t use the same caution as they would on Facebook or …
Eftsure provides continuous control monitoring to protect your eft payments. Our multi-factor verification approach protects your organisation from financial loss due to cybercrime, fraud and error.