Hardly a day goes by that we don’t hear about attempted hacking. While no one is immune to the threat, cyber attacks and cyber-crime pose the biggest threat to businesses, hands down. Hacking is deplorable, illegal and sorry to say a big business, with hackers constantly becoming more sophisticated and difficult to detect. Consider these alarming statistics.
In 2018, hackers stole half a billion personal records, according to one research organization. This was a 126% increase from the previous year. In the last five years, there were 3.8 million records stolen from breaches every day. And 95% of these violations can be traced to human error.
In the next few blogs, we will look at some examples of cyber breaches and measures of prevention.
Let’s start with an all-too-common hacking scheme. An administrative assistant receives what appears to be a legitimate email from the company owner, who is away from the office for a week, working remotely. The email directs the admin to forward several dozen company employee W2s. The email looks real, and sounds real, so the admin complies. Regrettably, it was a pfishing scheme: someone who knew the owner was away and how to write an email that would sound credible and as if it came from the boss.
Consider the kind of information that could get into the wrong hands: Social Security numbers, addresses, earnings, and more.
What appeared to be a simple and legitimate request ended up being a costly mistake for the company, one that could have been avoided had the admin verified the request by telephoning the boss for confirmation. You know that old adage that it’s better to be safe than sorry? That goes double and then some in this day and age.
Then there’s what is known as spear phishing, whereby cyber-criminals try to “harpoon” an executive level employee – most often the CEO – and steal their login details. If the attack is successful, the second phase business email compromise scam begins. CEO fraud is when attackers abuse the compromised email account of a C-level executive to authorize fraudulent wire transfers to a financial institution and then claim the ill-gotten gains. These breaches, which are also referred to as whaling attacks, target executives because the high-rankers often don’t participate in security awareness training with employees. The mandate should be ongoing training for all company personnel. Businesses should also consider the addition of multi-factor authentication (MFA) channels into their financial authorization processes as a protective layer so that no one can authorize payments through email alone.
How can you tell if an e-mail might be a scam? Here are a few telltale signs:
- Incomplete and/or misspelled words
- Requires immediate action
- Requests personal information
- Is addressed to a username
The best advice to follow is this. Do not open any suspicious email. Do not click links to unknown websites, and if you are asked to enter personal details, including passwords and credit card numbers, leave the site immediately. And if you get an email from the boss asking for financial information, just call and verify that the request is legitimate. Everyone will be glad you did.