The FBI just came out with their internet crime report for 2020. And there’s no surprise that internet crime is way, way up over the previous years. And the number one item on their list is business, email compromise. It costs businesses approximately 1.8 billion <affirmative>.
So you may be wondering what the hell is business, email compromise anyway, and what can I do to protect myself and more importantly, protect my business.
Hi, I’m Steve Conyers with CMIT solutions, and we provide cyber-security and IT services to businesses and nonprofits. And on top of the obvious one, you may think of like doc clicking on links and you know, not sending out confidential information.
I’m here today to give you three tips on how you can protect yourself from this business email compromise. So the first one is to always incorporate a dual approval process. And anything that matters to you. What typically matters to you is the payment of money or money transfer.
So you, you may have heard about this. I’ve actually had clients that have almost fallen, for this, where you get an urgent email from the CEO of the company. I’m about to get on an airplane and I want the money transferred by the time the plane lands and all that kind of stuff, right?
It smells bad to you, but it’s a little bit more sophisticated and a little bit simplistic. Although that one actually has worked in the past. Anytime, you get that kind of a thing, you should have a process in place where you never wire money or transfer funds just solely on an email.
You pick up the phone, you call someone else. You have like a two-factor authentication kind of thing, where you never rely on just that one piece of information.
The second thing I want to talk about is training your staff and part of which is training them on that first tip I gave you but on all of the general common ways that, that people are being exploited through their email and other cybersecurity threats. You should have an initial training program.
You should be training people as you go along and you should be testing them somewhat. If you, you know, on whether they’re retaining that information, so always have a good training program and process that could be as simple as that at your weekly meetings, you go through stuff that you’ve received in your email that pertains to current cyber-security threats. And third, but not least don’t use free web-based email programs.
Don’t use an email, for your business, don’t use it for like your business @gmail.com or yahoo.com or any of that kind, get a, you know, register your domain, and have your email come from your domain. That way it can be authenticated, and anytime you get it, you’re sent getting an email from someone that’s in your domain.
If they’re not, you’ll get a, and you have it set up correctly, you’ll have a message that says this comes from outside of your business and you know, not to trust it. So I hope these three tips have been useful to you.
If have any other questions about cyber-security, feel free to reach out to me, or connect to me on LinkedIn.
My contact information is at the end of this video. And if you explore my website, you’ll see, that there are a lot of other tips and tricks on this.
Again, I’m Steve Conyers with CMIT solutions, and I’m hoping you have a secure, safe day.