The NCSC has issued guidance aimed at small to medium sized businesses to help them to deal with situations where criminals access work email accounts via targeted attacks.
The guidance focuses on techniques which can be used to try to prevent these attacks:
- Reducing digital footprint – inside and outside work
- Helping staff to detect phishing emails by training and awareness building so staff know what to do if they are suspicious that an email is not genuine
- Setting up multi factor authentication
- Applying the principle of “least privilege” – for example, the authority to make payments should be limited to the least number of people possible and you should ensure there is a process for easily revoking privileges if necessary
- Registering with NCSC’s free “check your email” security tool
- Planning for compromises – ensuring an effective incident response plan is in place
The full guidance can be found here.