National Cyber Security Awareness Month isn’t until October, but protecting yourself from the multiple cyber threats that can harm your business is an everyday, not once-a-year, commitment. According to PwC’s Global Economic Crime Survey 2016, the question isn’t “if a company will suffer an incident but when. In the annual PwC, CIO and CSO survey of more than 9,600 global executives, 41 percent of US respondents had experienced one or more security incidents during the past year.” And, says PwC, “that number is rising. Respondents reported financial losses, intellectual property theft, reputational damage, fraud, and legal exposure, among other effects.”
In short: if you’re not paying attention to cyber security and cyber protection, the odds are not exactly in your favor. Here are three big threats that any business owner or leader should pay special attention to in 2016:
1. Don’t Be Held Hostage: The Ransomware Threat is Growing
The National Cyber Security Institute at Excelsior College has called malicious software, or “malware,” one of the top eight threats for small business owners this year. If you want to get really scared, read this June 2016 report by McAffee Labs. You might remember that brand as the software you downloaded to protect your PC from being infected. Today, McAffee is part of Intel Security and has its finger on the pulse of global cyber threats.
This particular study provides an extensive look at current cyber security threats, including the growing Ransomware threat where an individual or company essentially loses access to their data or network. Hackers demand money to release their “hostage” – and unless you want to lose everything on your computers and system that you (and your customers) hold dear, you’re forced to fork over the cash. The report points to companies that are now being targeted by industry – specifically those industries where owners might be willing to pay a ransom in order to resume critical operations, such as utilities or hospitals. For example, during the first quarter of 2016 three hospital systems were held ransom by attackers, writes McAffee, using the Locky family of ransomware. In one instance, the hospital paid the $17,000 ransom. Sounds like a horror movie, right? Earlier this year, the National Public Radio show OnPoint cited some truly troubling statistics. According to the FBI, last year American companies paid $25 million to data pirates. During the first quarter of 2016, that number has soared to $200 million.
What’s the fix? Unfortunately, it’s like playing Whack-a-Mole – as fast as anti-virus vendors deliver fixes, new versions pop up. Your very best safeguard may be to have a rock-solid backup system in place, as this article in Wired points out.
2. Don’t Make Your Business Public: Free Wi-Fi is an Open Invitation to Hackers
If you’re like most Nutmeggers, you and your family and friends are on the road this summer. But, that doesn’t mean you’re leaving work at home. As a business owner and manager, you’re staying connected and logging on via Wi-Fi at airports, hotels, coffee shops and other free hotspots. In this case, “free” comes with risk, yet use of public Wi-Fi is all too common.
Consider investing in a mobile hotspot or use your mobile network connection – both are generally more secure than a public hotspot. Cyber criminals have been known to create similarly-named networks to existing ones, so always verify that a public network is legit. Most importantly, keep in mind that most public hotspots are far from secure and don’t encrypt the information you transmit. Do you really want to be online banking or reviewing your P+L statements while sipping your Venti Iced Mocha at a coffee emporium? Are you comfortable with your employees sending sensitive data via a public network while lounging at the hotel pool? At a minimum, make sure you’ve set up a Virtual Private Network (VPN) and establish a mandatory usage process for anyone traveling and/or working remotely.
You should also require employees to regularly change passwords (ideally every three months) and implement social media training that teaches your team the risks of combining business with personal topics on social posts (“Thanks, Joyless Air, for stranding me at LAX overnight!”) Posting personal information that alerts hackers to a key employee’s location – and potential use of free Wi-Fi – is a risk that you can and should avoid.
3. Payment Fraud: It’s Open Season Regardless of Your Business Size
If you accept payments for your goods and services electronically be aware that forecasts point to a significant increase in fraudulent transactions. An article by CNP, a leader in the card-not-present category, cites a report by Juniper Research which estimates that these type of transactions will “balloon from $10.7 billion last year to $25.6 billion in 2020. E- and m-commerce retailers will be hit particularly hard, the report said, accounting for 65 percent ($16.6 billion) of that total.” Add new EMV liability as chip card use becomes more prevalent and the plot to keep you up at night thickens.
To add to your misery, you’re equally at risk whenever you issue electronic payments to vendors or other parties. According to a 2016 survey by the Association for Finance Professionals (AFP), nearly three-quarters of U.S. companies had experienced an episode of fraud related to payments in 2015. That was the highest amount of fraud since 2009 and topped the figure for 2014, which stood at 62 percent. Unfortunately, the smaller your business the less likely you are to have the processes and systems in place to mitigate this growing cyber threat.
The level of hacker sophistication is increasing each and every day. From sophisticated “phishing” scams to attacks on your system infrastructure, keeping your data and your customers’ information safe can be a real resource drain. What else should you be doing? For small business, there are countless vendors and organizations that can point you in the right direction, including this list published by Business News Daily. Also check with the Small Business Administration, which publishes a wealth of information on all manner of business needs – including tips for mitigating cyber threat risk. Most importantly: be aware of developing threats. As this article from CSO points out, one of the future trends is that “preventive” technology will be replaced by “predictive” tech. In short, anticipate the worst and make sure you’re prepared.
Written by Melissa R. MacCaull
Director of Marketing, Union Savings Bank