Cyber Alphabet Soup
Cyber Alphabet Soup: BEC and MFA
by Kate Sellers
Cybercrime has been rising significantly over the last several years. It’s probably on the list of “things that keep me up at night” for most business owners. There are ways to address concerns about cyberattacks and cybercrime, with cyber insurance being one of them. We’ve been talking to business owners about cyber insurance for about the last decade, and many of our customers have decided to protect their businesses with this coverage. Of course, proactively trying to limit your business’s vulnerability to cyberattacks is critical, as well.
Many data breach incidents stem from Business Email Compromise (“BEC”). BEC occurs when a cybercriminal accesses your business email account, or one of your employees’ email accounts. This can happen if the attacker guesses or finds a password. The cyber attacker may then be able to see all the emails in that account. Many email accounts are chock-full of confidential information that the attacker can exploit – a customer or patient’s personal information, including their financial information, or financial information about your business. If this happens, your business will be legally required to notify individuals whose personal information is reasonably believed to have been accessed, and this can be costly. Moreover, there can be other financial fallout from BEC, including harm to your business’s reputation.
The best way to prevent BEC is with another acronym – MFA, or Multi Factor Authentication. MFA is a cybersecurity enhancement that requires someone logging into an account to present two forms of credentials. The credentials can be from any of these three categories: something you know (like a password), something you have (like a smart card), or something you are (like your fingerprint). If your business is using MFA, and your password is compromised, a cyber attacker can’t access your account, because another form of verification is required to do so. This can take the form of a push notification to your cell phone, for example. There are free and low-cost alternatives available to enable MFA, which can help prevent most BEC. In turn, this helps your business avoid the costs associated with BEC, including harm to your business’s reputation. Most cyber insurers won’t consider placing coverage for your business if it isn’t using MFA for remote access of your system.
Taking a “belt and suspenders” approach – enhancing your cybersecurity measures with steps like MFA, plus purchasing a good cyber insurance policy – is the best way for business owners to get a good night’s sleep.