Here’s the scenario: Out there somewhere, someone is trolling your social media pages, finding out how you talk to your family, to your friends, to your employees.
After gaining enough information online, the person creates a fake email address — within a few characters of your business email — and sends an official-looking email, complete with company logos and your signature block, to every employee. The email contains a phishing link, and once a single employee clicks on the link, access to your network is assured.
Then that person’s job is done; he or she gets a paycheck for finding a way into the back door to your system —usually through unaware employees. The information is transferred to a third party who sells it on the Darknet, holds your business data for ransom or publishes it for the world to see.
Your company’s in ruins; your reputation and credibility are destroyed. And the cost of mitigating the cyber theft could be in the millions.
On average, you’ll spend $145 per stolen record to notify people whose personal information was compromised, extend identity protection to them and put in safeguards such as firewalls to make sure it doesn’t happen again.
Cybercriminals are increasingly sophisticated — and stealing information has become a cottage industry. It’s not just the role of single actors working alone. Individuals can contract their skills out to gain access to networks using easily available malware and viruses. They don’t have to know how to create the malicious code that will destroy your business; they just have to know the ways you’re vulnerable.
Cybercrime is far too profitable to go away on its own — the rewards far outweigh the risks of getting caught. And with few international cyber laws, criminals can act without fear of punishment.
Here’s a sobering thought: Cyber crime is the most profitable business in the world. Criminals are thought to make $500 billion annually from their thefts, while fighting crime is a $106 billion industry. It’s more profitable to be one of the bad guys.
Nearly every business out there is at risk. According to the Department of Homeland Security, 44 percent of small businesses have reported being the victim of a cyber attack, but 59 percent say they don’t have a contingency plan to respond to data breaches.
And for entrepreneurs and startups, 77 percent of firms believe their company is safe from a cyber attack, even though 83 percent of them don’t have a written security policy in place.
Businesses must take steps to protect their data, including safeguarding client information and employees’ personal information. That’s one reason the Department of Homeland Security designated October as Cybersecurity Month as part of a national effort to get people to think BEFORE they click.
So here are a few ideas from DHS that businesses can implement immediately to combat cyber crime:
• Use and update anti-virus software and anti-spyware on your networks. Automate patch deployments so the software is routinely updated.
• Secure internet connections by using a firewall, protect Wi-Fi networks with a password and change the default passwords for wireless networks and routers.
• Establish security policies — including encryption technology — to protect sensitive data, including customer information and intellectual property.
• Use strong passwords and change them regularly.
• Protect all pages on your public-facing websites, not just the sign-up and checkout pages.
• Invest in data loss-prevention software and use encryption technology to protect data transmitted over the internet.
• Educate employees about cyber threats and how to protect your organization’s data. Hold employees accountable to the internet security policies and procedures.
As Colorado Springs continues to build the National Cybersecurity Center, businesses will have a place to turn to for research, rapid response and education. There are also national resources available to businesses:
• US-CERT.gov. The United States Computer Emergency Readiness Team distributes bulletins and alerts for both technical and non-technical users, shares cybersecurity tips and responds to incident, phishing and vunerabilities reports.
• SBA.gov. The U.S. Small Business Administration helps Americans start and grow businesses. The agency provides cybersecurity planning and training.
• Uschamber.com. The U.S. Chamber of Commerce has an Internet Safety Toolkit that teaches employees how to help protect company information, customer data and their own personal information.
• FCC. The Federal Communications Commission created the Small Biz Cyber Planner — a free, online tool — that helps you create a customized planning guide to protect your business from cybersecurity threats. It’s at fcc.gov/cyberplanner.