It can seem so legitimate. You get an email from a service you use asking you to change your password. You click on the link, which takes you to a website that looks authentic. You input your current login credentials and suggest a new password. Success! It says you’re done.
But you’re not done. In fact, you haven’t achieved what you thought you have. Instead, you’ve given cyber terrorists two very important pieces of information: your username and your current password.
Now, they have you. They can get into your profile, find financial information and use your account for nefarious purposes. Before you even know what’s happened, you’ve been phished, and you’re in grave trouble.
You might be the one exposing yourself and your company to peril, or it might be one of the users within your organization. Even very smart people can fall prey to increasingly sophisticated phishing schemes. Such schemes are on the rise, and they work. More and more companies today are paying out large sums of money to “the bad guys,” often unknowingly.
Know What the Threats Are
Phishing schemes threaten our personal data, our business welfare and our very society. Just recently, it was confirmed that Russian military intelligence meddled with the 2016 election using a phishing scam to break into the email of the DNC.
And phishing scams are just one of the cyber threats all businesses are at risk for today. No company is exempt from the threat of data breaches and cyberattacks. Cyber terrorists are becoming more sophisticated by the day, using their powers (which include intelligence, creativity and deep technology know-how) for evil. Conservative estimates predict that cybercrime will cost the world $6 trillion annually by 2021, making it a more profitable pursuit than the illicit global drug trade. Cybercriminals have a diverse range of tools at their fingertips to perpetrate attacks from anywhere in the world. No company is exempt from the threat of data breaches and cyberattacks.
A cybersecurity attack could cripple you financially, ruin your reputation with customers and employees and open you up to legal liability. This is true whether you’re a small family-owned business or a large enterprise with your own IT department.
In 2017, Ticketmaster’s data was breached, compromising the login information, payment data, addresses, names and telephone numbers of 40,000 people. Yahoo! (now Altaba) felt the delayed ramifications of a 2014 data breach when the U.S. Securities and Exchange Commission slapped them with a $35 million fine this year. Wired charts the bigger data breaches here, but this list doesn’t include all the countless smaller companies and organizations hit by cybersecurity attacks every day.
In fact, the average attack on a small business costs the company $38,000, which includes downtime, recovery and related issues.
What Precautions to Take
To protect yourself against cybersecurity attacks and data breaches, these are some of the steps we typically recommend to businesses we work with.
- Keep your antivirus software up-to-date and email spam filtering in place. Many cyber threats come as a result of email use, and these two tactics are the first line of defense. But they certainly shouldn’t be counted on to do the whole job.
- Actively monitor and manage security of company email systems. Whether you have an internal IT department or an outsourced technology partner, your IT team should be monitoring and adjusting settings for your email and other cloud-based tools (such as Office 365 and Gmail) with professional tools. These tools change frequently as cyber threats evolve and become increasingly more sophisticated. A smart IT leader will keep up-to-date with the best practices and tools to keep your software ahead of “the bad guys.”
- Set up two-factor authentication for access to applications to provide an extra level of identification security.
- Establish accounting practices and controls to mitigate risk. The accounting team needs to be brought up to speed on security risk, with processes and practices put in place to confirm billing details. When an address or an account number changes for a vendor, it needs to be flagged and investigated. Too many organizations have accounting practices that rely heavily on email collaboration and communication, and this can put companies at risk.
- Invest in ongoing training and testing of all users within your company. No matter how much money and time is spent on cybersecurity tools, it won’t matter if team members ignore security protocols and click on links they're not supposed to.
Every environment is unique, and every organization runs different software combinations. Consult with your IT professional to decide exactly which practices (and possibly more) are right for your company.
Users will always be the weakest link, and you will never be immune to data breaches. But taking these precautions, and working with an IT partner who really knows the ins and outs of data security and how it changes constantly, is a smart way to protect your company from the immense harm that cybersecurity attacks can bring.
Download our free eBook, “The Business Leader’s Guide to Ransomware,” for more information on how to create an effective cybersecurity strategy, or contact us today to find out how you can better protect your company’s data and defend against cybercriminals with smart preventative measures (and react swiftly if those measures fail).