Eight out of 10 organizations surveyed in the CyberEdge Group 2020 Cyberthreat Defense Report said that they were impacted by a successful cyberattack last year. And a third of them said they were victims of six or more successful attacks.
A Unique Opening
While many owners think cybercrime is something that always happens to somebody else, the reality is that any business could be vulnerable. In fact, the pandemic may present a unique opening for cybercriminals, who are often quick to capitalize on major disruptive events like COVID-19.
For example, many employees are feeling distracted and out of sorts now while working from home and dealing with the associated disruptions, which could make them more vulnerable to letting their guard down. This is exactly what cyberthieves try to capitalize on.
Contrary to what many owners think, small and middle-market businesses may be especially susceptible to cybercriminals. These businesses are often big enough to own significant financial assets, but they don’t have sophisticated layers of cybersecurity defenses like most large corporations do. This puts such businesses in the “cybercrime sweet spot.”
Build Your Cybercrime Defenses
The first step in building your defenses against cybercrime is understanding what the main cyberthreats faced by your business are. One of these is business email compromise, also known as phishing and spear phishing. According to the Association for Financial Professionals, 75 percent of organizations were victims of business email compromise in 2019.
Business email compromise usually targets employees who work in the finance department. Cybercriminals try to trick these employees into sending wire transfers to fraudulent bank accounts that they control. Once a wire transfer has been sent out, it usually can’t be reversed, which makes this type of cybercrime especially dangerous.
To guard against business email compromise, finance department employees should verbally confirm every wire transfer with the recipient before initiating it. Be sure to use the phone number that’s in your corporate records for confirmation, not a phone number in the email since this number could go straight to the cybercriminal. This simple step could eliminate the vast majority of wire transfer fraud that occurs due to business email compromise.
Another big cyberthreat to businesses today is posed by the explosion of social media in society. Cyberthieves are becoming adept at using popular social media sites like LinkedIn and Facebook to get employees to provide the information needed to hack into corporate bank accounts. Or they fool employees into downloading dangerous malware that gives cybercriminals access to their computers and bank account login information.
The best way to guard against this type of cyberthreat is to draft strict policies that detail what types of social media activity are and are not allowed on company-owned computers and mobile devices. Pay especially close attention to mobile devices since these are becoming a main target of cyberthieves due to how easy they are to hack. For example, program all mobile devices so their contents are deleted after a certain number of failed login attempts.
Also be aware of the unique cybersecurity risks posed by cloud computing. The same cybersecurity standards that govern your business should also be applied to cloud service providers and any third parties they work with.
More Steps to Take
Here are a few more proactive steps you can take to beef up cybersecurity at your business:
• Educate your employees about the importance of password security and require them to set strong passwords and change them regularly.
• Regularly update your network’s antivirus and spyware software.
• Add key-logger software to all of your office computers.
• Make sure employees are using the most recent versions of web browsers on their computers and mobile devices.
• Instruct employees about how to look for red flags that could indicate fraudulent activity due to cybercrime.
• Secure all computers, servers and hardware with physical locks.
Also talk to your bank about technology and cash management solutions that can help you combat cybercrime and fraud at your business. These include ACH payments, Positive Pay, payables and receivables lockbox, account reconciliation and multi-factor authentication for wire transfers.
Stay on Your Guard
Remember that cybercriminals never take a vacation — they’re always looking for new ways to exploit corporate vulnerabilities and execute new cyberattacks. So you should always be on your guard when it comes to defending your business against cybercrime.