When it comes to internet crime, the FBI says that the biggest financial losses to businesses are now coming from email compromise attacks. Given the plethora of stolen credentials available on the dark web, attacks on business emails are relatively easy for criminals—and lucrative too. Here’s what business owners need to know now.
Monetizing Email Compromise
Although ransomeware gets a lot of attention, LMG Security underscores the scope and depth of business email compromise, noting: “Business email compromise attacks have rocketed their way to the top spot on the FBI’s list of most financially damaging internet-enabled crime, surpassing even ransomware. Global losses stemming from business email compromise totaled $43 billion since 2016….” Business email compromise (BEC) can take many forms, and in 2022 the most prevalent were: invoice fraud, lures, information theft, payroll redirection and gift card scams. Once business emails are accessed, hackers have a variety of ways to turn the access into money, as experts explain that“to monetize access to your email, the hackers may”:
- Search for valuable data, such as Social Security Numbers, payment card information, tax details, W2s, or other personally identifiable information.
- Analyze your correspondence in order to identify opportunities for profit.
- Engage in BEC scams, in which the attackers trick you or a related person into sending them money.
- Reset your passwords for banking sites, social media, ecommerce, or other accounts to get access to more financial and personal information.
- Sell your passwords on the dark web.
- Send malicious emails to your contacts to acquire more victims and access.
While email compromise is a serious concern for every business owner, it weighs extra heavily on those who sponsor retirement plans. In fact, the Department of Labor expects plan sponsors to ensure Online Security Tips are consistently communicated to all plan participants and that best practices are in use by employees and service providers. Poor password hygiene, use of unsecured networks and other innocent mistakes routinely leave retirement plan participant information and funds exposed. As experts remind us, plan sponsors have a fiduciary obligation to protect retirement funds. Given the enormity of this responsibility, it is critical for plan sponsors to shield the business, the plan, and themselves. The annual cost of adding on Colonial’s Cyber+Fiduciary Liability Insurance is less than the fee for one hour of expert legal defense if a lawsuit or regulatory challenge strikes. Cover yourself and the business you built with our convenient add on bundle now:
Reducing Business Email Compromise
- Review your email and cloud account configurations. Misconfigurations enable security gaps and can result in your organization not receiving the alerts that can signal a breach! Pentests or cloud security assessments with a Microsoft 365 configuration review are a great way to catch these issues and reduce your risk.
- Regularly review notifications. Investigate immediately when you see a new forwarding or redirect rule is established.
- Train your team. Prevent phishing with employee cybersecurity awareness training. Put processes in place to verify all financial requests through a second, different form of communication. For example, if the request came in via email, call the requestor at a known phone number before acting on the request.
Because even the most diligent business owner and retirement plan sponsor can never fully guarantee cybersecurity, it is also essential to have an expert response plan at the ready. Doing so prevents incidents from turning into disasters. Colonial Surety’s affordable Cyber+Fiduciary Add-On package includes:
- Expert-led response services following a data breach.
- Protection from lawsuits and regulatory actions related to the breach.
- Legal services.
- Computer forensic services.
- Public relations and crisis management expenses.
- Notification services.
- Call Center services.
- Credit and Identity monitoring
Now available with just a one year commitment, Colonial’s Cyber+Fiduciary Add-On also covers defense costs and penalty limits up to $1,000,000, if faced with claims of alleged or actual breaches of duty in connection with the employee retirement plan. At Colonial, Cyber Liability coverage goes hand in hand with Fiduciary Liability coverage because under the high standards of ERISA law, a cybersecurity breach can rapidly escalate into fiduciary breach allegations. Colonial makes it so efficient and reasonable for retirement plan sponsors to secure protection that it can be done in minutes, today:
Pension plan professional? Colonial can help you make sure your plan sponsor clients have the coverage they need—and we’ve got you too. From Errors and Omissions Insurance to Fiduciary Liability Insurance, Employment Practices Liabiity Insurance–and more, we’re HERE with the coverages pension professionals need to keep the business going—and growing.
Colonial Surety Company is rated “A Excellent” by A.M. Best Company, U.S. Treasury listed and in business all across the country. Serving customers since 1930, we are the trusted source for the pension industry to secure legally required ERISA bonds, fiduciary liability insurance and cyber-liability insurance. We help safeguard plan sponsors, pension professionals and financial advisors — and keep their businesses compliant — with pain-free, efficient, and friendly service every time.