Cybercrime is at an all-time high in the U.S. and continues to be a primary concern for organizations of all sizes. Losses due to hacking, ransomware and other malware are expected to top $6 trillion annually by 2021. The average cost to an organization victimized by a cyberattack is $2.4 million for a “simple” malware incident, with many infiltrations costing millions more. Unfortunately, these numbers are not decreasing; instead, they are multiplying astronomically with a growth rate of up to 50 percent per year. Protecting sensitive financial and personal information has become a key focus for organizations. To help reduce the overall risk to your business’s critical information, follow some of these best practices.
Keeping your business safe online starts with employee education on the myriad of dangers lurking around every corner. Compromised emails, phishing scams, downloaded malware, passwords with questionable security — these are all largely preventable inlets for criminals to run a scam on your business. Business Email Compromise (BEC) accounts for over a billion dollars in actual and attempted losses worldwide. Help educate employees at all levels of your organization to avoid these security traps:
- Phishing Scam Protections. Nearly one-third of employees are still falling for phishing scams, which continue to gain sophistication. Ten years ago, phishing emails were easy to spot with poor spelling and grammar, incomplete sentences and jumbled instructions. Today’s phishing attacks closely mimic legitimate emails from internal and external sources. Clicking on these emails and entering information can grant remote users access to core corporate systems.
- Weak Passwords. Password security is critical with the overabundance of data available online. Using the same password for multiple websites can be dangerous, and simple passwords can be too easily guessed based on social profiles and widely available personal information.
- Lack of Controls. Organizations that are as secure as possible have created strong internal controls such as regular password resets and detailed requirements for access to specific systems. Reducing the number of individuals with access to sensitive data is a good first step in protecting your financial assets.
Cyber Security and Payments Fraud
Payment fraud, such as wire transfer scams, can make your organization an easy target. Even emails that seem to be legitimate can be a problem, making it critical to question any request for a wire transfer even by known individuals. Return email addresses are too easy to mask, making an email seem as though it came from a well-known contact asking for assistance or from a partner such as your bank requesting you log into a website and make an update.
Valid requests from financial institutions, such as Bremer Bank, will not ask for your full account information, credit card number, Social Security number or PIN via email, SMS text message or outbound call. Instead, we may request limited personal or professional details for verification such as the last four digits of your Social Security number, zip code or date of birth.
Cyber Liability Insurance
Attacks on your organization can inflict damage far beyond the initial loss of data and direct costs. Indirect costs such as loss of customer trust can be difficult, if not impossible, to quantify. Businesses of all sizes are targets for attack. If small business owners feel that they’re too small to invite a cyberattack, this false sense of security can lull business leaders into reducing security measures. However, small businesses are a primary target for hackers as they are considered easier to infiltrate and can be a road leading into larger vendors and partners. Small businesses often lack offsite, redundant data storage, making them especially vulnerable to ransomware and malware. A recent Symantec study noted that organizations with fewer than 500 employees are the target of approximately 40 percent of all cyberattacks.
The costs associated with cybersecurity breaches continues to rise, making it urgently important that businesses of all sizes put adequate protection measures in place. While training staff in security best practices is a solid first step, cyber liability insurance is an important part of your risk management strategy. This specialized insurance helps ensure your business can continue operations even after a devastating attack.
Tips for Protecting Your Data
Cyber criminals are so dangerous because they act anonymously — and can be lurking in any corner. It only takes a few simple pieces of information for a smart hacker to begin making inroads into your digital data repositories. These tips will help you protect the security of your data both online and offline:
- Stay Vigilant. Be aware of your surroundings. A crowded coffee shop is the ideal location for someone eager to overhear personal information such as birthdates, names of children or anniversary dates that could be used to guess passwords.
- Curb Sharing. Discussing business information with others, including family and friends, should only be done on an as-needed basis..
- Control Social Access. Check the security and privacy settings on your social media accounts and educate your employees on the importance of staying vigilant in this channel.
- Fully Vet Third Parties. Rigorously vet any third-party services that attempt to connect to your computers or servers.
- Use Trusted Resources. Ensure all potential partners working with you are well-known and trusted in your business community. Phone systems and Wi-Fi hotspots can provide an entry point for unscrupulous characters to gain access to your network configurations.
Following these basic security principles will help your organization stay under the radar and reduce the risk of data theft or infiltration from cyber criminals. While no methods are foolproof, following these guidelines can improve the overall security of your sensitive personal and financial data.