Page 71 - Cyber Defense eMagazine Special RSA Conference Annual Edition for 2022
P. 71
training on an annual (or even quarterly) basis is no longer enough, as threat actors change tactics
frequently and awareness dwindles over time. New employees are prime targets for BEC attacks, so it is
advantageous to begin their cyber education during their initial onboarding and orientation. Organizations
should conduct frequent, engaging training and encourage employees to be on high alert for any scams
they might encounter. With the recent move to a hybrid or remote workforce, many organizations
implement collaborative cloud-based tools to stay connected. It is now more important than ever to
communicate clear policies for these urgent requests, particularly for new employees who may have
never met their colleagues in person.
You may decide to require multiple signatures or approvals, direct face-to-face or telephone verification,
or another established process.
Provide a clear and easy way for employees to report suspicious activity or that they have fallen victim
to social engineering attacks, including CEO fraud. An incident response plan for BEC is crucial to
mitigate the possible repercussions of such an attack. The faster fraud is reported, the higher the chance
any funds or data might be recoverable.
Finally, implementing basic cybersecurity measures can go a long way in preventing widespread impact
in the event of a BEC attack. Provide tools for employees to easily create and use unique passwords and
enable multi-factor authentication to make it more difficult for cybercriminals to take over email and other
valuable accounts.
Through regular, engaging awareness training, simple and clear policies, and secure technology, every
employee, from the (real) CEO to the intern, can significantly keep their organization safe.
About the Author
Shanna Utgard is the Senior Cybersecurity Advocate at Defendify,
the all-in-one cybersecurity platform that makes cybersecurity
possible for ALL businesses. Shanna is an award winning channel
manager and a frequent speaker on how organizations can
develop a comprehensive program that is simple, affordable, and
works around-the-clock on multiple levels. Email her at
[email protected] or get in touch with the team at
Defendify.com.
71