Business Email Compromise

Your Vision. Our Expertise.

Business Email Compromise 2018-08-02T14:33:29+00:00

Business Email Compromise Icon

Business Email
Compromise

Business Email Compromise uses social engineering
techniques like spoofing and spear-phishing to
infiltrate your systems, monitor your communications,
access your data, and steal your money

Business Email Compromise (BEC) illustrates that it just takes one compromised credential or unaware employee to invite a crippling cyber-attack

What is Business Email Compromise?

Business Email Compromise (BEC) leverages social engineering tactics with the purpose of gaining the confidence of an employee and convince them to give up their credentials, change banking details, transfer funds, or steal data.

According to the FBI, BEC monetary losses since 2015 are in the billions. It affects thousands every year, and doesn’t discriminate between small, midsized, and large business. Everyone is at risk! Learn how to protect yourself…

Social Engineering Tactics

Phishing: Sending fraudulent communications with an intent to steal login credentials, install malware, or infiltrate a mailbox from an unsuspecting recipient.

Spoofing: Sending email messages with a forged sender address or domain name. Often this appears as a single-character difference. If the sender’s mailbox has been compromised, spoofing is not required.

Spear-Phishing: Targeted phishing which prioritizes decision makers and those who handle money like executives and accountants

Anatomy of an Attack:

  • Step 1: Identify a Target
  • Step 2: Grooming
  • Step 3: Exchange of Information
  • Step 4: Wire Transfer

Types of Business Email Compromise:

  • Bogus Invoice Scheme
  • CEO Fraud
  • Account Compromise
  • Attorney Impersonation
  • Data Theft

Spoofing, spear-phishing and social engineering

What is the Identity Perimeter?

Physical Perimeter

Network Perimeter

Identity Perimeter

Combating Business Email Compromise requires an organizational shift in your security practices. That starts which protecting each employee’s identity and login credentials.

Before the digital age, most of your corporate assets could be reasonably secured using locks on file cabinets, security cameras, and loyal employees. Once the digital age hit, it became a more difficult to protect your organization. Securing your network required more effort, including restricting what devices could access data, hiring IT administrators and deploying server firewalls. But then, there was the cloud revolution. With data moving off private servers and onto cloud services, your business assets are now protected only by the strength of your employee’s login credentials

Check out some of Peters & Associates solutions to help mitigate the threat of Business Email Compromise to your business:

Security Health Check for Office 365

With corporate email compromise on the rise, securing your information and digital corporate assets is now more important than ever before.

Secure Identity:

  • Conditional Access
  • Multi-Factor Authentication

Security Health Check for Office 365Tenant Settings:

  • Administrator settings
  • High-risk situations

Automating Tenant Security

  • Monitoring threats
  • Responding to incidents

We can help you learn how to leverage capabilities
available to you in Office 365 to increase your
security posture.

Multi-Factor Authentication for Office 365

Multifactor authentication is one of the most effective tools to combat identity compromise and protect your business.

A basic implementation of Modern Authentication and MFA to be enabled in Office 365 includes…

Multi Factor Authentication for Office 365

  • Pilot MFA process with user subset
  • Enable Modern Authentication
  • Enable Multi-Factor Authentication
  • Deploy App Passwords
  • Setup trusted IP ranges
  • Apply rules across enterprise
  • Jumpstart support

Remediation for Office 365

This can include:

  • Instituting new Office 365 controls
  • Restore compromised credentials
  • Fix erroneous mailbox rules

Remediation for Office 365

Remediation takes the
findings of the Security
Health Check and corrects
any issues.

Weekly Security Audit for Office 365

Our Office 365 Weekly Security Audit can help you identify weaknesses in your system’s current Office 365 security while monitoring for suspicious activity.

With this automated report, you can compare security events across time periods and gain insight into the true effectiveness of your security practices.

A Weekly Security Audit Can Track:

  • Upcoming license expiration
  • Proper mailbox auditing
  • High current Utilization of license
  • Forwarding settings abnormalities
  • Mailboxes enabled for unusual protocols
  • Mailboxes enabled for unusual connection methods
  • Old/unused mailboxes
  • Authentication outside of the country

Dark Web Scrapes

Dark Web Discovery

Past security events or breaches may have left your organization’s corporate data available. We can scrape the dark web for this information. This can include:

Dark Web Discovery

  • Sensitive corporate and customer data
  • Compromised credentials
  • Insider information and trade secrets

Citrix Workspace Services

XenApp & XenDesktop, XenServer

  • Security and Compliance
  • Simplified IT
  • Cost Savings

Cost-Effective, secureCITRIX
delivery of Windows
applications and
desktops to any device
with Industry-leading
server virtualization

DirectAccess Planning Assessment

DirectAccess Planning AssessmentBenefits of Microsoft’s DirectAccess

  • Simplified VPN experience – no client for users to launch
  • Consistent user logon experience both local & remote
  • Secure remote access of corporate resources
  • Maintain security updates, corporate policies on remote computers

Breach Response

Breach Response

After a security event occurs, an examination of what lead to that breach, or others in the past, can prevent future exposure. This can include activities such as:

  • Historical and active threat hunting
  • Memory and network forensics
  • Declarative statements about security incidents

Ready to protect your business?

Contact Us

Solution in action

SGA

Control costs and provide excellent service through a managed service agreement, allowing a non-profit to keep more funds focused on serving their community…

READ MORE

Upcoming event

Business Email Compromise – Are You at Risk?

August 21 @ 11:00 am - 12:00 pm CDT