New guide on business email compromise
Protect your business from email scams with NCSC's new guide
The National Cyber Security Centre (NCSC) has released new guidance to help small businesses protect themselves against business email compromise (BEC) attacks, a growing type of cybercrime.
BEC attacks involve criminals hacking into work email accounts to trick people into transferring money or stealing sensitive information. These attacks often target senior staff or those who can authorise financial transactions.
A recent government report found that in 2023, 84% of businesses and 83% of charities experienced phishing attacks, which often include BEC.
The NCSC's new guidance offers simple steps to reduce the risk of BEC attacks, especially for smaller organisations with fewer resources. Key advice includes:
- reducing your digital footprint
- training staff to spot phishing emails
- using the 'least privilege' principle
- setting up two-step verification
The guidance also covers what to do if your email is hacked or if you've been tricked into making a fraudulent payment.
Read the full guidance on dealing with BEC attacks.
Although following this guidance can lower the risk of BEC attacks, no organisation is completely safe from cyber threats. The NCSC also recommends:
- registering for their free 'Check your email security' tool
- planning for possible breaches
- practising responses using their 'Exercise in a Box' tool
Larger organisations may wish to refer to the NCSC's detailed guidance on defending organisations from email phishing attacks, which includes technical mitigations that will help counter BEC.
First published 6 August 2024