Prevent BEC scams with education
Formalize your efforts with a cybersecurity policy that educates staff on red flags and lays out the protocols for handling certain kinds of requests. For example, consider instructing your employees to confirm all requests for financial information or other sensitive data by a channel other than email, whether the request is particularly suspicious or not. You could also mandate that executives will always make certain kinds of requests over phone.
Because BEC attacks are made more dangerous when they come from legitimate email addresses, a key part of fighting them is practicing good password management. Strong passwords make it less likely that fraudsters can hack into your and your employees' email accounts. Remind employees not to use the same login information for multiple accounts, not to base security questions on publicly available information and to think twice before responding to “alerts” from emails or websites that ask them to input a username and password. With vigilance, your team can thwart many BEC attacks before they occur.