Home Insights & AdviceLondon’s BEC problem: The email security question every business owner should ask

London’s BEC problem: The email security question every business owner should ask

by Sarah Dunsby
10th Jul 26 10:28 am

Email has long been one of our most trusted ways of communicating with customers, suppliers and colleagues, but sadly, that’s also the reason criminals love it so much.

Business Email Compromise, or BEC, is now one of the most financially damaging forms of cybercrime, and whether your business is small or big, it’s a serious threat. If you run a business in London, you need to ask yourself this: can someone convincingly pose as your company via email?

Why BEC continues to be a problem

BEC is different from other types of cyber attacks like ransomware or malware, because it’s not about getting past your security systems — it’s about playing on trust. Criminals impersonate everyone from your company’s senior directors to your finance team, suppliers, or business partners in order to persuade employees to transfer money or hand over sensitive info.

London businesses commonly find themselves in the firing line because often they work with international suppliers and remote employees, with many being involved in high value transactions.

The FBI has estimated that Business Email Compromise has cost companies worldwide billions of dollars over the past decade. And it keeps getting worse. According to their Internet Crime Report 2023, BEC is still one of the most damaging types of cyber crime around

We should all be asking ourselves one simple question

You might invest a lot of cash in antivirus software, firewalls and staff training, which is all good, of course. But it’s not going to answer this simple question: Can any other organisation verify that emails claiming to be from your company are actually real?

If you can’t get a straight answer, your business may have a problem with how it’s handling email authentication. Criminals often target that weakness to send emails that look 100% genuine.

Email authentication is a reputation saver

Email authentication uses things like SPF, DKIM and DMARC to help email servers verify genuine messages.

If you’ve got a good authentication system in place, it’ll make it much less likely for attackers to be able to impersonate you. It also makes it easier to get your emails delivered because the big mailbox providers will be more confident that emails from you aren’t spam.

If you’re reviewing your authentication setup, you can use reliable resources like suped.com that can help you understand your current configuration and find out where you can improve things.

Keeping your email safe is a confidence builder

Your customers and suppliers need to be able to trust your emails. And if your business gets hacked, and an attacker sends an email looking like it comes from you, then you can guarantee that your reputation will suffer for a long time after that.

The National Cyber Security Centre recommends using email authentication alongside other security measures to stop people from phishing and impersonating you. This should be a part of your wider business risk strategy rather than just something your IT team deals with.

Asking if your domain can be trusted is a pretty simple question, but one that could have big consequences for your business, your reputation, and the people who count on your communications every day.

Leave a Comment

CLOSE AD

Sign up to our daily news alerts

[ms-form id=1]