Organizations should consider creating business email compromise policies to minimize risks as BEC attacks increase and become more sophisticated. Chris Reffkin spoke to CSO Online about the best practices of a BEC policy guide.
Originally published in CSO Online.
Excerpt:
“One of the most important policies to prevent huge losses from BEC has nothing to do with email defense or tech protections. It’s simply a matter of establishing ironclad processes for invoicing and triggering financial transactions that are resistant to scam attempts. These kinds of business standards and procedures are crucial.
Fortra CISO Chris Reffkin tells CSO that this is more about defense-in-depth being applied across an organization into business practices, not just network security. For example, if a request to change payment information arrives via email – what’s the business process response? Standard practices such as defined processes for business requests and established approval hierarchies are a good measure against BECs.”
Read the full article here.
