Business are encouraged to improve staff training amid an increase in cyber attacks targeting employee email addresses.

Firms are advised to "prepare for the worst" in new guidance from the National Cyber Security Centre (NCSC), as cases of business email compromise (BEC) attacks increase. The guidance includes reducing digital footprints, training staff to recognise attacks, limiting the number of those able to make large payments and introducing two-step verification processes. 

BEC is a form of phishing that targets individuals within organisations, especially senior executives or employees with access to valuable data. AJ Thompson, CCO at IT consultancy Northdoor plc, says the emphasis must be on educating employees. “Employees are targeted by BEC, so ensuring that they understand what a potential BEC attack looks like and how to effectively deal with anything suspicious immediately nulls the threat.

"However, much of this guidance, whilst important, is simply adding to the already substantial workload of IT and security teams," Thompson continued. "This is also often in the shadow of reducing budgets. It is clear that BEC now represents a real threat to businesses but without the adequate resources to counter it, businesses are stuck."