Globally, the threat of cybercrime is consistently growing. In the US alone, the number of cybercrimes reported to the Internet Crime Complaint Center increased by 17% between 2017 and 2018. With more internet users and more businesses developing a web presence, the risks to both consumers and companies are continually evolving. Cybercriminals develop new strategies every day, and for small businesses, this could mean that necessary cyber measures aren’t going to cut it for much longer.
The combined losses from cybercrime in 2018 were almost double that of 2017, with the number rising from $1.4bn to $2.7bn. This massive spike suggests that, while more people use the internet for more varied tasks, our awareness of cyber hygiene is still rudimentary at best.
Some of the crimes with the highest increase in the number of reports in recent years include extortion, personal data breaches phishing, and business email compromise. Many of these crimes disproportionately affect businesses, and the damages they can incur can, in some cases, be disastrous.
Research by Analysys Mason discovered that the costs to businesses of a security incident are dramatically different for small companies compared to the costs for large companies. For organizations with 250 or more employees, the cost stands at around $25 per employee. However, businesses with nine or fewer employees could suffer $400 per person in the event of a breach or hack.
1) IC3 reporting and business-focused crimes
In the IC3’s 2018 report, a number of the fastest-growing crimes mentioned previously were given particular attention. These include business email compromise, payroll diversion, and extortion. The variety of strategies used in these forms of criminal activity shows that there is no one way to solve cyber insecurities. However, understanding these crimes, how they are carried out, and ways a business can protect itself are vital.
2) Business email compromise (BEC)
A typical phishing strategy, cybercriminals will spoof or hack the email account of a member of the business to get sensitive information or manipulate the victim into approving insecure fund transfers. One form that’s mainly on the rise is whaling, where criminals will take the identity of a senior member of the team to emphasize the authority of their claims.
In the event of a compromised email account, it’s crucial to have extra offline safety measures to protect money and sensitive information. Communicating outside of email, such as on the phone, about unexpected fund transfers will ensure nothing goes ahead without the proper approval. Comprehensive staff training on spotting phishing emails and staying alert about discussing sensitive information will also keep the business as secure as possible.
3) Payroll diversion
Cybercriminals can use company login details to divert the salary of an employee whose details have been compromised. This is also typically achieved through phishing, where criminals manipulate staff into sharing their login details unsuspectingly. The criminal will then divert payments into an account owned by them, which is often only detected after payment has gone through.
Emphasizing the imperative necessity to keep login data safe at all times with staff members will help avoid issues like payroll diversion. This form of crime cost the US $100m last year in only 100 complaints to the IC3. Comprehensive and regular cybersecurity training is vital to maintaining the safety of the entire network at all times.
4) Data breaches
A form of cybercrime that is regularly in the news thanks to prolific breaches at companies like Facebook, Google, Amazon, British Airways, and Marriott. However, data breaches are not just a problem for large organizations and can be even more damaging to smaller companies. Losing clients’ sensitive information can not only incur fines, damage costs, and insurance claims; a significant breach could also cause a loss in reputation, which can reduce revenue and irreversibly damage a business.
While Cybersecurity training for staff is one of the essential elements of a security strategy, the best way to avoid data breaches is to ensure sophisticated software is used and that highly trained and experienced staff are responsible for security. Whether this is an agency or an in-house team, standards must be high for every aspect of security.
The threat of ransomware is a major issue, and many organizations end up paying the ransom, which is highly inadvisable for several reasons. Firstly, paying out for a ransom enables cybercriminals and encourages hackers to continue taking money from businesses. Additionally, placing your trust in a hacker doesn’t always work out, and many who pay out thousands are still denied access to their data, losing everything in the process.
Falling victim to ransom hackers can be avoided by ensuring that client and company sensitive data is stored securely and that back-ups are stored on separate servers disconnected from the main business network. This way, data is encrypted by a hacker; the business will be able to recover most of it without paying out, saving on productivity, revenue, and reputation.
The cost of cybersecurity measures can seem like a considerable and sometimes unnecessary amount, especially for small or fledgeling businesses. However, the damages which a security breach can cause far outweigh the price of preemptive protection. As the cyber landscape becomes ever more complicated and dangerous, business owners will need to understand this fact and ensure their companies are highly protected or risk untimely closure.