body-container-line-1
Tue, 26 Nov 2024 Cybercrime

Business Email Compromise: Staying vigilant amid year-end fatigue and festive season distractions

By Mukondeleli Masiza
Business Email Compromise: Staying vigilant amid year-end fatigue and festive season distractions

As the year draws to a close, businesses are grappling with the dual pressures of year-end fatigue and the approaching festive season. This period, characterised by increased workloads and a rush to meet annual targets, presents a ripe opportunity for cybercriminals to exploit vulnerabilities through Business Email Compromise (BEC) schemes. With employees often stretched thin and distracted, the risk of falling victim to such scams is significantly heightened, necessitating increased vigilance and proactive measures to safeguard against potential losses.

Business Email Compromise is a sophisticated form of cybercrime that targets organisations by infiltrating their email systems to initiate unauthorised transactions. A common tactic involves altering banking details on legitimate invoices. For instance, a retail company might receive an email appearing to be from a trusted supplier, XYZ Manufacturing, with updated banking details due to a "system upgrade”. Without proper verification, the finance department might transfer funds to the fraudulent account, only realising the scam when the genuine supplier enquires about the overdue payment.

The South African business landscape, with its diverse array of industries and extensive digital communication networks, is particularly susceptible to these attacks. During the year-end period, employees are often overwhelmed with closing tasks, financial reconciliations, and holiday preparations. This pressure, coupled with the festive season's distractions, creates an ideal environment for cybercriminals to strike.

To combat the rising threat of BEC, businesses must prioritise cybersecurity awareness and vigilance. This involves educating employees about the tactics used by cybercriminals and encouraging a culture of scepticism towards unexpected email requests, especially those involving financial transactions. Regular training sessions and phishing simulations can help reinforce these practices, ensuring that employees remain alert and informed.

Moreover, implementing robust email security protocols is crucial. Businesses should consider deploying advanced email filtering systems that can detect and block malicious content before it reaches employees' inboxes. Multi-factor authentication (MFA) for email accounts adds an additional layer of security, making it more difficult for unauthorised users to gain access.

In addition to employee education and technical safeguards, businesses can adopt several other measures to protect themselves from BEC attacks:

  1. Verification Processes

Establishing strict verification procedures for financial transactions, such as requiring multiple approvals or confirming requests through alternative communication channels, e.g. following up an email with a phone call to the intended payee.

  1. Access Controls

Limiting access to sensitive information and financial systems to only those employees who need it for their roles, reducing the potential impact of a compromised account.

  1. Incident Response Plan

Developing a comprehensive incident response plan that outlines steps to take in the event of a BEC attack, ensuring a swift and coordinated response to minimize damage.

Despite best efforts, no security measure is infallible. Therefore, businesses should consider investing in insurance policies that cover cybercrime-related losses. Allianz's Commercial Crime Policy, for example, offers protection against financial losses resulting from BEC and other forms of cybercrime. This coverage can provide a financial safety net, helping businesses recover from the impact of an attack and maintain operational continuity.

As businesses navigate the challenges of year-end fatigue and the festive season, the threat of Business Email Compromise looms large. By fostering a culture of vigilance, implementing robust security measures, and leveraging insurance solutions like Allianz's Commercial Crime Policy, organizations can better protect themselves against this growing cyber threat. In doing so, they not only safeguard their financial assets but also reinforce their resilience in an increasingly digital world.

Mukondeleli Masiza
Allianz Commercial, Complex Claims Handler: Liability, Financial Lines & Cyber

Disclaimer:  ModernGhana is not responsible for the accuracy or reliability of this report and its content. More Follow our WhatsApp channel for meaningful stories picked for your day.

Please note that ModernGhana is not responsible for the accuracy or reliability of this report and its content.

As a content curation and syndication platform, we ethically select and publish news articles from various credible online sources that we believe will be of interest to our readers.

We publish four types of content on a daily basis: Curated content, Syndicated content, User-generated content and Original content.

Our curated content consists of carefully chosen articles from reputable websites, which are properly credited and linked back to the original source to drive traffic.

Syndicated content is provided to us by other websites looking to increase their readership and expand their brand awareness. User-generated content includes opinion pieces and contributions from our dedicated readers, which we publish for the benefit of our diverse audience.

Additionally, we produce original content through our team of experienced journalists and correspondents from across the country. It is important to note that the opinions expressed on this platform do not necessarily reflect our own views. We value freedom of speech and therefore, may publish opinions that may not align with our own or those of our readers.

We understand that some opinions may be objectionable to some individuals, but we believe in upholding the principle of absolute freedom of speech. If you do not agree with this principle, we kindly advise you not to visit our website.

READ MORE

Should the Free SHS policy be reviewed?

Started: 10-01-2025 | Ends: 31-03-2025

body-container-line