Is it time to beef up your cyber security?
Don’t be a statistic: how to be cyberwise
Think your business is somehow immune to the risk of getting hacked? Think again.
“Literally 97 percent of all companies are getting breached,” said Dave DeWalt, CEO of the cybersecurity firm FireEye, in a widely watched interview with the television news series “60 Minutes” that aired in late November 2014. “It’s happening. It’s just the life we live in today.”
Since early 2014, we’ve learned of an astonishing number of cybercrime attacks against such high-profile companies as Target, Home Depot, Staples, Marriott and Sony. Based on such stories, you might believe that hackers are particularly targeting larger, “big-name” businesses.
According to cybercrime experts, while businesses of all types and sizes are vulnerable to attack, smaller businesses are especially at risk, due to their tendency to have weaker online security measures than their larger counterparts, as well as employees who are less-experienced in optimal business security methods. Small businesses are also doing more commerce than ever using online “cloud-based” services that may not use especially strong encryption technology.
Estimates about the financial impact of cybercrime vary, but according to the Washington, D.C.,-based Center for Strategic and International Studies, cybercrime-related losses could be as much as $575 billion annually. How can you keep your business from being part of such a gruesome statistic?
What you can and should do
A vast majority of smaller businesses can and should be doing far more to avoid becoming a cyberattack victim. According to a recent McAfee survey of 1,000 companies, 80 percent of small- and medium-size businesses in the United States do not use data protection for company and customer information and less than half secured the company email to prevent phishing scams.
Rather than kicking yourself weeks or months from now for cybersecurity defense measures that you did not take, consider instead implementing some or all of the following now:
- Secure your software – make sure you’re running the most recent versions of software, particularly for your operating system and web browser
- Authenticate your accounts – consider implementing a two-step authentication process for all of your accounts, in which you receive and are required to enter a texted code before accessing sensitive accounts
- Choose your network wisely – beware of free Wi-Fi opportunities, which are rife with hacking opportunities; instead, consider creating and setting up your own private hotspot, through your phone, or using a virtual private network (VPN) for online access
- Check your cloud security – segregate data your business stores in cloud-based systems, based on level of security risk, and have firm standards for accessing all data
- Secure all devices connected to your network – any workplace-issued or personal device that connects to your network is a potential security risk. Ensure that all such devices have proper authentication measures in place before being allowed to access your network
- Build a culture of cybersecurity – regularly discuss with your employees what’s permissible, and what’s not, regarding your firm’s cybersecurity, and periodically audit activity to ensure compliance
- Build strong protection – have in place a strong (and regularly updated) firewall resistant to all virus, spyware and phishing attacks
- Remove or disable USB ports – prevent anyone from having the ability to easily download data from a workplace device
In addition, take the time to read “Cybersecurity in the Golden State,” a 2014 online guide from the California Office of the Attorney General. Here, you’ll learn more about the most common cybersecurity threats to businesses, practical steps you can take to minimize your vulnerabilities, and basic guidance on how to respond to cybercrime incidents.
Call us for input
Your financial security is of utmost importance at California Bank & Trust, which is why we employ a variety of security best practices and risk assessment tools to help ensure the security of customer accounts. Take the time to become familiar with our cybersecurity measures on your behalf and ensure your staff is similarly trained. Your California Bank & Trust representative can provide additional input on managing your cybersecurity.
Understanding types of cybercrime
“Cybercrime” is a catch-all term used to describe a variety of online- and computer-based attacks. And while the universe of threats may seem endless, according to Verizon’s 2014 Data Breach Investigations Report, 92 percent of 100,000 incidents analyzed over the prior 10 years fall within nine basic categories:
1. Point-of-sale (POS) intrusions – Remote attacks against the environments where retail transactions are conducted, specifically where card-present purchases are made
2. Web app attacks – Incidents in which a web application was the point of attack
3. Insider and privilege misuse – any unapproved or malicious use of organizational resources by insiders, outsiders (though collusion) or partners (granted access)
4. Physical theft and loss – Any incident where an information asset went missing, whether through misplacement or malice
5. Miscellaneous errors – Incidents where unintentional actions directly compromised a security attribute of an information asset
6. Crimeware – Any malware incident that did not fit other patterns like espionage or point-of-sale attacks
7. Payment card skimmers – All incidents in which a skimming device was physically implanted (tampering) on an asset that reads magnetic stripe data from a payment card
8. Cyber-espionage – Incidents in this pattern include unauthorized network or system access linked to state-affiliated actors and/or exhibiting the motive of espionage.
9. Denial-of-service attacks – Any attack intended to compromise the availability of networks and systems; includes both network and application layer attacks
A significant recent shift in cybercrime, according to Bryan Sartin, director of risk for Verizon Enterprise Solutions, is the motivation of the perpetrators. At the 2014 Association for Financial Professionals (AFP) annual conference, Sartin shared that while financial theft used to be the primary motivator, “hacktivism” (hacking for a politically and/or socially motivated purpose) and cyber-espionage have significantly grown in the past two years, and now represent 20 percent of all cyber threats.