why email may be your biggest cyber risk

why email may be your biggest cyber risk

When you hear the word “cyber risk,” what do you think of?

If you think of Facebook or strangers sending sketchy links over text, you’re not alone. But, you are wrong.

In 2019, The FBI’s Internet Crime Complaint Center (IC3) reported that the losses for business email scams was $1.7 billion. So, your email might be your biggest cyber risk, what does that mean for you? Let’s break it down. 

BEC Scam 

The FBI defines a Business Email Compromise (BEC) scam as, “Also known as email account compromise (EAC) — is one of the most financially damaging online crimes. It exploits the fact that so many of us rely on email to conduct business— both personal and professional.” 

They also list what BEC scams can often look like: 

  • “A vendor your company regularly deals with sends an invoice with an updated mailing address
  • A company CEO asks her assistant to purchase dozens of gift cards to send out at employee rewards. She asks for the serial numbers so she can email them out right away. 
  • A homeowner receives a message from his title company with instructions on how to wire his down payment.” 

The listed scenarios were all fake, and cost companies thousands (sometimes hundreds of thousands) of dollars. 

The rise in Cyber Security breaches has jump-started many companies into investing in cyber security insurance. This is a great way to protect yourself and your company, but there are preventative measures that can be taken. 

How to Avoid BEC or EAC Scams

There are some steps you can implement to avoid the financial downfall of a cyber attack. 

Company Policy

Set clear policies about what should be responded to within the company email. This also implies that the company email is not used for general things (for example, signing up for a clothing discount). Within company policy, there should be a rule for not sending personal passwords or information over email. 

Social Media

Social media has changed what a company might share with the world. The information that is shared with the public can be informative about the industry, but should NOT be stating that the whole company is out of the office for a day off. 

Employee Knowledge

Train your employees to look out for red flags in their inboxes. This could look like anything from emails from outside the company, to emails asking for personal information. Emails can be included in a broad cyber security training, considering their high-risk factor. 

Has the recent rain caused any alarm for flooding at your commercial property? Learn more about the surface water exclusion that is most likely a part of your property insurance.