Grant Warkins, Director, Technical Advisor Services, MOXFIVE
In today’s digital landscape, businesses face an ever-increasing risk of email compromise, which can lead to significant financial losses due to fraud and reputational damage to customers. Safeguarding your organization’s email assets is crucial to mitigate these threats effectively, and here are some essential security measures that businesses should consider when it comes to protecting against a potential business email compromise.
Multifactor Authentication (MFA)
Enforcing multifactor authentication is a vital step in preventing business email compromise (BEC). Whether you’re using a local email server like Microsoft Exchange or a cloud-based solution like Microsoft 365 (M365), MFA should be enabled on all public-facing email assets. It’s essential to configure cloud resources, such as M365, to enforce modern authentication. This ensures the MFA process during login. Companies should also disable basic authentication settings because MFA alone is ineffective if vulnerable legacy protocols are still active. MFA solutions like Okta and DUO offer comprehensive frameworks for protecting accounts across multiple critical applications.
Email Security Solutions
Email security-as-a-solution has become a critical cybersecurity control for businesses of all sizes. These solutions integrate with email services to filter out a wide range of threats, from inbound phishing emails to malware. Products such as Abnormal and Proofpoint provide comprehensive protection, acting as the first line of defense against hackers, spam, and malware. Configuring email security solutions to generate alerts for suspicious activities, such as unusual login locations, help in detecting breaches promptly.
Employee Security Awareness Training
In addition to MFA and email security solutions, educating employees about email security best practices is essential. Companies should invest in training their users to recognize and report phishing emails and other signs of suspicious email behavior. This should be a more than a one-off initiative–ongoing education on the latest security risks and regular phishing email awareness tests are crucial.
Some areas to consider include:
- Conduct phishing simulations and provide fraud education which will help create a stronger defense by cultivating alert employees who understand current threats and their role in maintaining organizational security.
- Educate all employees about password best practices and emphasize the importance of creating strong passwords and changing them regularly and how these will significantly enhance the security footprint.
- Discuss the importance of establishing a two-step verification process for any wire transfer requests or changes to existing B2B accounting information. This way, an employee can receive verbal confirmation from a trusted source that the request made is legitimate.
Separate Personal and Professional Email Accounts
One request most of us have heard before is not to use our business email accounts for personal communications. But these communications typically have not touched on this from a security perspective. The fact is that using business emails for personal tasks increases the risk of those accounts and associated credentials being harvested. It can also compromise the security of both personal and professional data. Employees should be encouraged to maintain separate email accounts for personal and work-related activities.
Audit Logging
Audit logging of email-related activities is critical for conducting thorough BEC investigations. Email or cloud tenant administrators should ensure that audit logging is enabled and set to an appropriate retention period. In addition, security, legal, and administrative teams should collaborate to ensure that audit logging meets compliance requirements for security or regulatory purposes. In cloud environments like M365 or Google Workspace, audit logging tracks activity across accounts, mailboxes, and other relevant log sources, providing valuable assistance to forensic providers during BEC investigations. It’s important to note that audit logging must be enabled in advance and does not work retroactively.
Consider Automated Protocols for Email Security
In addition to implementing the aforementioned best practices, businesses should consider using ancillary protocols to enhance email security. Two critical protocols are domain-based messaging authentication reporting and conformance (DMARC) and brand indicators for message identification (BIMI). DMARC helps protect domains from spoofing by authenticating email servers and providing instructions for handling emails that fail authentication. BIMI leverages DMARC and other protocols to authenticate emails from legitimate sources and display a company logo, enhancing brand awareness and mitigating the risk of fraudulent emails.
Cyber Liability Insurance
Cyber liability insurance plays a vital role in mitigating the financial impact of email compromise incidents. It is important to review your policy to ensure it covers identity loss and aligns with your risk tolerance. Ideally, the policy should specify a trusted forensic provider, ensuring a timely response in the event of a BEC. Insurance panel providers may take additional time to engage in an incident response scenario, which can cause delays and complications.
Engage Outside Counsel and Report to the FBI
When facing a BEC attack, it is advisable to engage outside legal counsel to provide guidance on response strategies and oversee the investigation. Additionally, reporting the attack to the FBI is crucial for intelligence collection and potential recovery of wire transfer funds. Compliance with data privacy and notification obligations is essential, and involving appropriate authorities can aid in the overall resolution of the incident.
Business email compromise poses a significant threat to organizations, but by implementing these essential security measures, businesses can strengthen their defenses against email-related attacks. From enforcing multifactor authentication to training employees and engaging third-party solutions, proactive steps can significantly reduce the risk of falling victim to email compromise. Remember, protecting your email assets is not a one-time effort but an ongoing commitment to maintaining a secure digital environment for your business.
Grant Warkins
Director, Technical Advisor Services, MOXFIVE
Grant is a cyber security leader with decades of success helping clients navigate complex security investigations and building proactive security programs to mitigate risk. As a technical advisor at MOXFIVE, Grant assists clients in managing forensic investigations, recovering networks from cyber security attacks, and providing valuable insight on proactive controls that can make networks more resilient.
