Which of the following is not considered a best practice to defend against business email compromise (BEC) attacks?

Deleting all attachments from emails is not considered a best practice for defending against business email compromise (BEC) attacks because it can hinder legitimate business communication and collaboration. Attachments are a common and necessary component of many email communications, such as invoices, reports, and other documents. While it is important to be cautious about attachments due to the risk of malware, completely deleting them overlooks the potential for secure and necessary business interactions.

In contrast, implementing multi-factor authentication adds an essential layer of security, making it more difficult for unauthorized users to gain access to email accounts. Insisting on confirmation through multiple communication channels helps to verify the authenticity of emails, thereby preventing potential fraud or deception. Training employees on phishing awareness empowers them to recognize and respond appropriately to suspicious emails, significantly reducing the risk of BEC attacks.