NPR’s All Things Considered recently ran a story about the persistence of email cybercrimes and the techniques used by cybercriminals to steal money from their victims. This year alone, the U.S. Department of Justice, in collaboration with other government departments, seized nearly $3.7 million stolen through BEC schemes.

Scammers still use the oldest trick in the book—deception. From spear-phishing to social engineering, email spoofing and malware, these BEC tactics are evolving in sophistication and costing businesses and organizations billions of dollars. Because threats can result in such debilitating losses, it’s essential to ensure you have best practices in place to maintain the highest level of security.


These 5 best practices are a must to wise up against business email compromise:

  1. Implement a reporting process for users. Empower and train users to report malicious traffic coming through unblocked, as well as valid business traffic being blocked.
  2. Monitor metrics and make necessary adjustments. To maintain your email security program, you must review your metrics and key performance indicators (KPIs) regularly.
  3. Enable reliable cleanup and automation. Most security orchestration, automation and response (SOAR) vendors use pre-built playbooks that respond to user-submitted messages, perform deeper investigation against free and paid threat intelligence services, and purge harmful messages from inboxes.
  4. Implement the latest features and updates available through the security vendor. Email security requires care, updating and consistent oversight, as security trends and threats are always changing. Keeping up with new features and updates will ensure continued protection from evolving threats.
  5. Incorporate compensating controls. Setting up compensating controls beyond email filtering can allow you to address incidents as they occur, improving response times and minimizing negative impacts.


Sirius provides leading-edge technology solutions, expert implementation and advisory services to help organizations not only understand how they are being targeted, but also determine the right set of countermeasures. Learn more about our security and risk management approach here or contact a Sirius representative today.


enterprise cybersecurity ebook