Cloud-Based Email Compromises are Increasing: Here’s What Businesses Need to Know

Hacking an employee’s email gives a threat actor quick and easy access to that employee’s personal information and opens the floodgates to find out important information about their employer. To improve your businesses’ cybersecurity, we recommend that organizations purchase breach response coverage and also implement best practices for risk management.

Rose & Kiernan, Inc. uses Beazley Breach Response (BBR) Services for a large number of our clients. Recently, Beazley reported an increase in the number of business email compromises, particularly with cloud-based solutions such as Microsoft Office 365. Industries most affected are financial services, healthcare and professional services. The Beazley team says that based on their experience, most incidents are the result of an employee clicking on a link in a phishing email. The link redirects users to a legitimate-looking website where they are asked to provide their email credentials. From there, hackers are able to use this information for a variety of purposes.

It’s no secret that the public is demanding greater accountability for personal data. General Data Protection Regulation (GDPR) went into effect in the European Union on May 25th, 2018. Facebook is still handling the fallout from the Cambridge Analytica scandal, while Cambridge Analytica shut down their operations. Because of this, Katherine Keefe, global head of Beazley Breach Response Services, says businesses need to step it up against attacks. On the employee side, Beazley recommends organizations enforce strong password policies, educate employees on the risks of recycling passwords, alert about different types of scams and train all employees to be on the lookout for phishing attempts.

If your organization uses Office 365, Beazley provides additional recommendations to protect against attacks. Consider two-step verification – an extra layer of security that requires a user name and password, but also something else from a user, such as a code emailed or texted to them. In April, Microsoft introduced Microsoft Secure Score, a feature that gives organizations using Microsoft solutions advice on what controls to enable, shows how your scores compare to other organizations and allows you to rank based on your selected industry. The Security & Compliance Center allows you to audit your security settings; make sure you enable audit logging.

Incidents involving email compromises are increasing because they are easy for hackers to execute and allow them quick access to a lot of data about an employee (and the organization they work for). The advice provided can help protect a business from having their cloud-based email compromised.

For more information on Rose & Kiernan’s cybersecurity risk management, please contact us at techrisksolutions@rkinsurance.comClick here to learn more about cybersecurity insurance.

Post a Comment

Your email address will not be published. Required fields are marked *

Related Posts

A New Cybersecurity Threat: Understanding Fileless Non-Malware Attacks

Fileless non-malware tactics are being used to stealthily infiltrate cybersecurity systems and many organizations aren’t equipped to detect or defeat these tactics. We discuss what businesses can do to combat fileless methods of attack and protect cyber assets.

Read More

rk-blog-employee theft-insurance
Employee Dishonesty Can Create a Need for the Best Policy

Every business is vulnerable to the threat of employee dishonesty. Exposure is much larger than most companies would want to believe. It is important to protect your business against employee theft.

Read More

How the Equifax Data Breach Effects Small Business Owners

While most assume Equifax’s massive data breach is solely an issue for consumers, it’s important to consider that many small businesses’ credit activity is under the names of business owners. Businesses that use personal credit cards and/or maintain debt in the name of an individual are also at risk for cybersecurity and identity theft attacks.

Read More