Summary of 05/23/2023 Presentation
Kentucky Association of Manufacturers
Preparing Your Business for a Cyber Security Breach discussed how to protect your company from security incidents related to phishing and spoofing and other business e-mail compromise that induce businesses and employees to act and compromise the company’s network, incident response plan best practices, as well as legal and regulatory frameworks within which businesses operate and the federal Cybersecurity Incident Reporting and Critical Infrastructure Act (CIRCIA) that was enacted in 2022 and is in the process of being implemented through regulations.
There are also several tips that individuals and businesses can follow to business e-mail compromise scams, such as: not responding to e-mails or pop-up messages that ask for personal or financial information; not clicking on a link in an e-mail or text message and going directly to the website or payment portal; multi-factor identification (i.e., contacting the vendor or client directly using contact information not contained in the e-mail or other communication at issue, as that may be part of the scheme).
How to Protect Yourself from Business E-mail Compromise Attacks:
1. Be suspicious. Watch out for red flags such as incorrect domain names, use of pressure to get you to act, poor grammar, incorrect domain names, unexpected attachments, or links embedded in an e-mail;
2. Be prepared. Protect your computer by having IT policies and procedures in place that safeguard your company’s sensitive business information, train all your employees to be on alert, as well as maintain an updated incidence response plan;
3. Think before you click. Do not be in a rush when you are reviewing your e-mails or directives from your clients or other contacts. Know that your business and personal mobile phones, iPads, tablets, as well as text messages are potential vulnerabilities for your business network;
4. Protect your accounts by using multi-factor authentication. Some accounts offer extra security by requiring two or more credentials to log in to your account. Multi-factor authentication makes it harder for scammers to log in to your accounts if they do get your username and password; and
5. Ensure the safety and security of your network. Utilize security software and testing to protect against security threats.
See How to Recognize and Avoid Phishing Scams, https://www.consumer.ftc.gov/articles/how-recognize-and-avoid-phishing-scams#recognize.
Presentation by Frost Brown Todd, LLP: Tanya Bowman, Member ([email protected]); Bob Dibert, Counsel, [email protected]; Gene Price, Member, [email protected]; and Bill Repasky, [email protected]; Member.