View in browser

June 1, 2022

HELLO THERE and happy warm Wednesday with another edition of PTG Tech Talk. This week we’re here to talk to you about one of the most costly – and common – forms of nefarious social engineering: Business Email Compromise (BEC).

BEC is an attack where someone uses human interaction and some form of social skills to – you guessed it – compromise crucial info regarding a business and its computer systems through targeted emails and messages.

Business Email Compromise = Compromised Business Emails = Bad.

Also- A newly found vulnerability in Microsoft applications can compromise your account just by previewing a Word Doc attachment in an email. Word attachments are, of course, incredibly common, and something so normal is often trusted which, in turn, affords bad actors full reign within your company's digital environment.

Anyway, you’re back from your Memorial Day break dreaming about the next summer vacation you get, and it’s time to talk in a real PTG Tech Talk kinda way – today, about Business Email Compromise.

TECH TIP

The data-breach preventing acronym

No, this isn’t pogs or the NBA Finals. What we’re doing here is all about taking an extra second or two in order to prevent phishing attacks. (Again, no, not that kind of fishing attack.) This is an easy way to teach your team how to avoid preventable oversights through just a little more attention – and S.L.A.M.ming.

HEADLINES

Using Microsoft Word to breach your data

^{Source: Sunrise King on Unsplash}

Business Email Compromise is a specific form of digital security we should all be worried about, and there are plenty of similar and complementary topics in the news to fill your feed for a few weeks or more.

Rapid Response: Microsoft Office RCE - “Follina” MSDT Attack | Huntress

Key Takeaways:

Microsoft has revealed the CVE identifier for their vulnerability is CVE-2022-30190 and has included a Security Update and article with guidance on protocol... but no patch is available yet.
The Non-Technical Version, as we can understand it now:
1. Once this code is detonated, threat actors can elevate their own privileges and potentially gain “god mode” access
2. The mitigations that are available are messy workarounds that the industry hasn’t had time to study the impact of, including actions that can brick your machine.
3. Detonating the malicious code is as simple as opening up a Word doc from an email – in preview mode.
Here is the security bulletin we sent to our customers that summarizes what the vulnerability is, what it means for your business, and what to do about it.

The value of cyber insurance for small businesses  | Security

Key Takeaways:

Cyber insurance, or cyber liability insurance, often provides coverage for approved losses incurred from external data breaches.
A typical cyber insurance policy looks to cover things like data breach investigations, income loss for interruptions in business due to attacks, and even media liability for lawsuits involving libel, defamation, slander, violation of privacy, etc.
When applying for cyber coverage, many organizations wonder if there is anything you can do at your business to help lower your premium. Uh, yeah! Here is a list of TWENTY!

Deeper Dive: 20 Cyber Insurance Questions That Can Help Lower Your Premium

DEEP DIVE

Tips for Sharing Documents Externally

^{Photo by Daria Nepriakhina 🇺🇦 on Unsplash}

According to the FBI’s IC3 2021 Internet Crime Report, BEC attacks were the cybercrime with the highest reported total victim losses last year. Whatever specific pathways they choose to enter each system, the overarching goal is always to break into the network to… you know… *blank* stuff up… though the specific end game is often different depending on the victim, attacker, and situation.

As we’ve mentioned earlier in this email, BEC is a specific kind of attack where someone uses human interactions and social skills to gather crucial info regarding a business and its computer systems. Attackers may seem unassuming and respectable through their interactions, nearly always taking a false identity that disarms the target.

Attackers use specifically timed messaging to hide what’s going on, the same way a magician uses smoke and mirrors to redirect the eye. Alright, maybe it isn’t magic, in fact, it’s a pretty straightforward process, which is what makes BEC such an effective form of attack.

If you suspect or detect a breach, you must contact your financial institution and report the trouble immediately. But before all of that happens, we have a huge list of ways to proactively prevent yourself and your business from falling victim to BEC attacks.

All you have to do is click here to read the blog.

If you don't have time to read the blog, here's a quick graphic with 5 ways to start protecting your business from BEC.

Conclusion

We are passionate about keeping you up to date and educated on the latest schemes in cybersecurity so you can protect your business. With new technology comes new challenges and new solutions, but the good news is that if you follow our guide to staying safe, BEC attacks are far less likely to affect you or your business.

At this point, we think that if you made it this far, you see value in learning more about ways to keep your business safe. If you have any questions, give us a call at (864) 552-1291 and we'll help you evaluate your capabilities and options. Also, consider following us on LinkedIn, Facebook, and Twitter!