Every day, businesses are under attack by fraudsters and cyber criminals. From data breaches to corporate espionage, thousands of crimes are costing business owners millions of dollars and crippling their operations.
But there are tools and methods to fight back and keep the criminals at bay. One of the best ways to do that is to know what’s out there. Education is key to mounting a formidable defense. Here’s an overview of the more prevalent crimes facing businesses today.
Data breach – This is a situation where sensitive, confidential or protected information is accessed or stolen by an unauthorized individual. Although computer networks typically are the target of breaches, the crime can also include the theft of paper documents, laptops and USB drives.
Corporate or industrial espionage – The theft of valuable or confidential information within a company for use by a competitor. Espionage activity often includes tapping computers and telephones to gather information and even searching through trash.
Phishing – Using e-mail trickery as bait, phishing typically involves a bogus message from a credit card company, bank, or what appears to be another legitimate agency or institution, instructing you to click on a link or attachment within the message and provide sensitive information. Many of these links will take you to websites that look legitimate but are just fronts for luring in unsuspecting victims.
Vishing uses phone calls instead of e-mails to initiate contact. Basically the same approach is used as with phishing, with the caller urging you to surrender sensitive information that can be used to commit fraud.
Spyware – This is a type of program that is surreptitiously loaded onto a computer or onto a computer network. It “watches” what users do and forwards information obtained through that activity to criminals. Spyware most often is installed when free software is downloaded from the Internet.
Malware – Also known as ‘malicious software’, malware is designed to harm, attack or take unauthorized control over a computer system. Viruses and worms fall within this category.
Stopping or Preventing Cybercrimes
Knowing how cybercrimes are committed is an important step in battling them, but there are other weapons to fight back. Consider these when developing a plan to protect your business.
- Educate your employees. They’re on the front line of your defense, so equip them with ways to keep criminal intruders in check. This includes:
- Having them change passwords on a regular basis and making passwords difficult to figure out. A combination of letters, numbers and symbols make for the strongest passwords.
- Instructing them to never respond to unsolicited e-mails and phone calls, especially those seeking sensitive information. E-mail attachments should never be opened and links should not be clicked on. These typically provide pathways for criminals to breach your business. Such suspicious correspondence should be reported immediately to supervisors.
- Providing enhanced security training that includes spotting suspicious or intrusive activity.
- Dedicate a computer for financial transactions only. Do not allow it to be used for sending or receiving e-mails or accessing the Internet unless such actions are part of the transactions.
- Back up all sensitive files. This will help protect against fraud attacks and provide for recovery of lost files if needed.
- Don’t use a public computer or public Wi-Fi to conduct sensitive activity.
- Password-protect all company-issued devices, including laptops, tablets and phones.
- Ensure that your computer networks and computers are protected by firewalls, antivirus, anti-spyware and other protective measures. And keep these tools up to date with patches issued by authorized sources.
- Do not allow websites to “remember” login and password information for you.
- Only use secure Web pages when conducting transactions or business that involves sensitive information. A Web page is usually considered secure if a locked padlock appears on the page.
- Sign off, disconnect and shut down the computer after using websites that require user ID and password information.
- Partner with your bank for payment authentication. Talk to your banker about services that offer call backs, device authentication, multi-person approval processes, batch limits and other tools that help protect you from unauthorized transactions.
- Be aware that e-mails reportedly from financial institutions or agencies such as the Internal Revenue Service or FBI that ask you to provide sensitive information, install software or conduct other questionable activity are likely to be fraudulent.
- Shred sensitive paper documents or use a certified document shredding company to provide the service.
Should your business fall victim to fraud or other cybercrime, several steps should be taken. They are:
- Immediately report the crime to your company’s IT department or security officer.
- If the crime involves your financial institution or other financial source, notify them immediately.
- Close any accounts that have been tampered with or opened fraudulently. Report the transgression to security personnel at the relevant company and ask them what additional steps should be taken to protect your business and their company.
- Report the crime to the proper local authorities.
Here are some additional resources for businesses:
Better Business Bureau – Data Security Made Simpler: http://www.bbb.org/council/data-security-made-simpler/
U.S. Chamber of Commerce – Internet Security Essentials for Business: https://www.uschamber.com/issue-brief/internet-security-essentials-business-20
U.S. Small Business Administration – How Small Businesses Can Protect and Secure Customer Information: https://www.sba.gov/blogs/how-small-businesses-can-protect-and-secure-customer-information
Federal Trade Commission – Start With Security: A Guide for Business: https://www.ftc.gov/tips-advice/business-center/guidance/start-security-guide-business