Phishing is such a successful technique for the New Age criminal because of two important reasons:
• Cloaked by invisibility
• Preys on the human condition
Cyber criminals are literally the thieves in the night. They come unknown to you, with little to know warning, looking to take from you and much as they are able to pillage without your awareness. They cloak themselves to be invisible, masquerading as trusted employees, family members, business partners, and others whom you know.
This takes us to the human condition. We start the day vulnerable to this because of many reasons, but the biggest reasons for sure are the following:
• Busyness
• Lack of assertiveness
• Ignorance
• Uneducated
The daily grind is real, and in all industries people are really busy. There is much demand on your time and expectation of your performance, and as a result people move very quickly. The faster we move in our digital lives, the more we become prone to being duped. Friday between 10AM and 2PM in the day is an especially vulnerable time, where end of week demands are pressing. Bad guys know we move quick, and they only need one click to do the trick.
At the same time, employees belong to hierarchies, and they come in all flavors. Some ask a lot of questions, and others do as they are told to do. This is a problem in the digital world. Where there is no multifactor authentication required to pay bills or fill orders in a business, the probability of fraudulent events is much higher. Many employees will pay invoices and fill orders or transfer payments when told to do so in an email by someone in authority to do so. Even when it seems suspicious, some will not question the request but simply complete it. There is a need today for employees in finance, human resources, and fulfillment departments to be assertive, aggressive, and aware of all requests that involve payments or fulfillments of invoices, or changes to employee direct deposit information.
Still another group of employees are unintentionally ignorant to the problem. They are aware of these types of events, and they have heard of them happening to others. But they simply are that group of people who say “it simply cannot happen to me”. Of course, it often does happen to those people, and ironically, if they do survive this kind of event financially, it is then they see the need for cyber insurance. Life is funny this way.
Finally, and what should shock you all, is that the final group is the largest group causing the problem. This is the group of employees who are uneducated to the problem, cannot routinely recognize phishing attempts, and have not undergone training to do so. This is pretty much most of America’s small businesses. No slight to them either – they are small businesses, and this is why this is true. To be strong in the digital age, your employees need to be educated on the problems, and trained consistently, and repeatedly, on how to recognize these risks.
The 3 Tools to Use in the Battle
In our earlier blog post, we shared with you that there are 3 tools you can deploy in your battle against the BEC risk and we would reveal them in this post. These are the 3 tips, and in our final blog on this topic we will expand on each of the 3 tools in depth that will be useful to your customers as they work to improve their own employees and their digital footprint:
2FA/MFA
Known either as Dual Factor Authentication or Multi Factor Authentication, insurance companies and security experts agree that this cost-effective and simple process is strongly recommended.
Employee Education/Training
This two-step process must be utilized by today’s business to be effective in combatting BEC and Ransomware events.
Spam Filtering & Email Configuration
Most people have spam filters already in place as this is a frontline tool that can be used.
Join us in reviewing the final blog on the BEC risk as we dive into the 3 tools in depth, and remember, have a safe browsing day.