We’ve all heard horror stories about cyberattacks: CryptoLocker virus, spearfishing, and data breaches. What do all of these nasty things have in common? They can cost businesses big money if not properly guarded against.
Here’s another reason why it’s so critical to deploy proactive IT services to protect against such crimes: if a cyber thief pilfers money from your bank account, your bank may not be obliged to replace it. That was brought to light by a recent NPR story, which spotlighted several business owners who lost money because of stolen debit cards, social engineering, and the exact kind of business email compromise we wrote about last month.
Individuals are protected from fraudulent bank transactions under the Electronic Fund Transfer Act, but small businesses don’t enjoy the same level of protection. The Uniform Commercial Code states that banks must offer business customers a “commercially reasonable” set of security protocols. If those are followed, the bank is then entirely within legal limits to refuse to reimburse businesses that suffer from fraudulent money transfers or other cyber theft.
The numbers on such crimes are staggering; the FBI recently estimated that 8,000 businesses had been affected over the past two years, with losses estimated at nearly $800 million. So what can you do to protect your business? Quite a lot, actually:
1) Have a trusted IT professional assess the security of your systems. Due to the constantly shifting nature of cyberattacks, stopping them requires more than just antivirus and a firewall. Limiting admin rights for user PCs, applying DNS filters, implementing strict browser settings, and employing constantly updated behavioral anti-spyware can help. But these are complicated measures that most business owners don’t have the time or ability to keep up with. However, an IT professional like CMIT Solutions specializes in that kind of 24/7 service.
2) Do not open ANY emails or attachments from ANY sender you don’t recognize, and validate ANY link in ANY unfamiliar email before clicking on it. Email security is paramount—infiltrated accounts are often what leads directly to breaches and fraud. Never open attachments you aren’t expecting, even if they appear to come from legitimate-looking email accounts. And hover over all links and look for legitimate IP addresses, not long strings of random characters, before clicking. All it takes is one click on one bad link by one employee to compromise the data of your entire company.
3) Check the email header, subject lines, and body copy meticulously for small errors. Beyond infected links and attachments, email compromise often involves impersonating email accounts but with one extra letter, or copying commonly used verbiage to create the impression that it’s a legitimate email. You can’t check every single email for these kinds of details, but any message that involves financials or the transfer of funds should be reviewed for minor spelling errors, extra characters, or naming discrepancies.
4) If you receive an email regarding a wire transfer or a large sum of money, BE SUSPICIOUS. For companies that conduct numerous wire transfers during the normal course of day-to-day operations, you are a much easier mark than a firm that never transfers funds in this manner. Unfortunately, scammers are smart enough to target the right kind of companies first. Possible remedies to this include requiring two different sign-offs on any financial transactions or dedicating a single computer for transfers.
5) Avoid using free, web-based email for business purposes. Establish a company website domain and use secure email accounts for all communications. Strongly consider a proactive monitoring or comprehensive network security solution, which should conduct regular malware scans and daily updates, as well as deploy strong firewalls and anti-spam protections that can filter out potential scams—and alert security experts to spoofed or hacked accounts.
Cybercrime will never disappear completely, which means businesses have to be extra vigilant in these rapidly changing times. And a trusted IT partner can deploy the right solutions to keep you and your precious resources safe. Contact CMIT Solutions today to find out how we protect our clients from cyberattacks of all kinds.