Cyber crime is a growing pandemic affecting so many. There are a plethora of tools out there to help, but are you using the right ones? Incitrio Branding & Marketing Agency recently attended a cyber-security seminar presented by Regents Bank, a division of Grandpoint Bank, at the beautiful Morgan Run Club & Resort. We pride ourselves on being up to date on all of the latest security measures to protect our clients.
The room was full of businesses ranging from small, “Mom and Pop” shops, to fortune 500 companies. A lovely breakfast was served along with a bit of networking at the tables we were assigned to. The presentation panel consisted of the Chief Information Security Officer from the City of San Diego, a Supervisory Special Agent from the San Diego Office National Security Cyber Program of the FBI, the Vice President of Citadel Information Group, Inc., and the Vice President – Director of Tech Secure® Division of LBW Insurance & Financial Services, Inc. Each shared their experiences and tips to protect against cyber crime.
The FBI reports that nationally there are approximately 4000 cyber attacks per day, allowing cyber crime to become a $400 billion industry. The City of San Diego alone blocks close to 1 million cyber attacks per week. Cyber crime can be broken down to the “30-60-80” rule. Thirty percent of victims are small companies with 250 employees or less. Sixty percent of businesses go out of business within 6 months of an attack. Eighty percent of cyber attacks are preventable.
The newest threat/trend by cyber hackers is called Ransomware. Ransomware is a type of malicious software designed to block access to a computer system until a sum of money is paid. These incidents allow hackers to breach encrypted data from a business’ database, such as customer personal information and credit cards. Each incident costs a minimum of $1,500 to repair the company system and get it back up and running. This price does not include the irreparable damage (losses range from monetary to the loss of Intellectual Property and reputation damage) caused to the business and the customers/vendors of the business that were affected by the hack. A panel member stated that to take each record a company has, and multiply it by $100-$200 to calculate the damage caused by a cyber attack. Scary, right?
Hackers have figured out an ingenious way to breach company security by posing as C-level executives and sending emails to junior level executives and employees. The panel showed a real-life event that occurred. An assistant to the CEO from company X received an email from the CEO, or so she thought, requesting her to transfer $30k into a specific account within the next day or 2, but that there was no rush. The assistant promptly transferred the money not thinking twice about the request. A few days later the CEO noticed the missing funds and in a panic asked what happened to the funds to be told that the assistant was just following orders and doing what “he” requested. Unfortunately for them, cyber insurance does not cover funds that are “voluntarily” given out.
How can a company help itself, you ask? The panel did provide some very helpful tips for protecting one’s business. The first tip and the one that everyone on the panel unanimously agreed on was to “educate, educate, educate”. An uneducated employee is the biggest threat to a company. Having conversations with staff regarding internet-use policies and provide them a safe environment to question unusual requests. Have internet-use agreements in place and frequently review policies and procedures with your staff. Many companies have an incident response plan, but many do not have a cyber incident response plan. This is an essential practice to put in place.
The next big security measure to take is to have secure software in place that is constantly being maintained and tested. When companies have sloppy security procedures in place they are more susceptible to attacks. A recommendation by the panel was to bring in a third-party security professional to test the secureness of your software. And as always, constantly back up current data.
A few final thoughts and tips on how to test and maintain your cyber hygiene. Many of us already know and follow these guidelines, but it always helps to take a refresher course. Always follow safe password procedures. Use special characters and random keyboard patterns in choosing passwords. And, as always, make sure to keep them private and never send them via email. Do not respond to emails or pop-up messages that ask for personal or financial information. Legitimate companies and government agencies do not ask for this information via email. Do not open attachments or links from unfamiliar sources. Don’t give unauthorized individuals access to your business computers – especially critical for laptops that employees may take home. Do not trust anything you receive via email, even if it’s coming from someone you know and trust. Always call to verify, especially for ACH and wire instructions. Install software layers that can help protect data, transactional security and assets. Install anti-virus software and anti-spyware on every computer in your business. And finally, constantly educate all of your employees about proper internet use and cyber security measures. We are in the middle of a new kind of warfare, are you following these procedures to keep your company safe? If not, then today is the best time to start.