Page 71 - Cyber Defense eMagazine Special RSA Conference Annual Edition for 2022
P. 71

training on an annual (or even quarterly) basis is no longer enough, as threat actors change tactics
            frequently and awareness dwindles over time. New employees are prime targets for BEC attacks, so it is
            advantageous to begin their cyber education during their initial onboarding and orientation. Organizations
            should conduct frequent, engaging training and encourage employees to be on high alert for any scams
            they  might  encounter.  With  the  recent  move  to  a  hybrid  or  remote  workforce,  many  organizations
            implement  collaborative  cloud-based  tools  to  stay  connected.  It  is  now  more  important  than  ever  to
            communicate clear policies for these urgent requests, particularly for new employees who may have
            never met their colleagues in person.

            You may decide to require multiple signatures or approvals, direct face-to-face or telephone verification,
            or another established process.

            Provide a clear and easy way for employees to report suspicious activity or that they have fallen victim
            to  social  engineering  attacks,  including  CEO  fraud.  An  incident  response  plan  for  BEC  is  crucial  to
            mitigate the possible repercussions of such an attack. The faster fraud is reported, the higher the chance
            any funds or data might be recoverable.

            Finally, implementing basic cybersecurity measures can go a long way in preventing widespread impact
            in the event of a BEC attack. Provide tools for employees to easily create and use unique passwords and
            enable multi-factor authentication to make it more difficult for cybercriminals to take over email and other
            valuable accounts.

            Through regular, engaging awareness training, simple and clear policies, and secure technology, every
            employee, from the (real) CEO to the intern, can significantly keep their organization safe.







            About the Author

            Shanna Utgard is the Senior Cybersecurity Advocate at Defendify,
            the  all-in-one  cybersecurity  platform  that  makes  cybersecurity
            possible for ALL businesses. Shanna is an award winning channel
            manager  and  a  frequent  speaker  on  how  organizations  can
            develop a comprehensive program that is simple, affordable, and
            works  around-the-clock  on  multiple  levels.  Email  her  at
            [email protected]  or  get  in  touch  with  the  team  at
            Defendify.com.

















                                                                                                              71
   66   67   68   69   70   71   72   73   74   75   76