Is your business protected from cyber attacks?
- Auto/Toy Loans
- Home Loans
- Money Talk
- Money Tips
- Numerica News
- Recent Stories
What is cyber crime?
Cyber crime: criminal activities carried out by means of computers or the Internet. According to the FBI, the threat of cybercrime is incredibly serious—and growing. Cyber intrusions are becoming more commonplace, more dangerous, and more sophisticated especially for businesses.
Our nation’s critical infrastructure, including both private and public sector, are targeted by adversaries. American companies are targeted for trade secrets and other sensitive corporate data, and universities for their cutting-edge research and development. Citizens are targeted by fraudsters and identity thieves, and children are targeted by online predators.
Types of cyber attacks
Who are these cyber criminals?
Cyber criminals range from computer geeks looking for bragging rights… to businesses trying to gain an upper hand in the marketplace by hacking competitor websites, from rings of criminals wanting to steal your personal information and sell it on black markets… to spies and terrorists looking to rob our nation of vital information or launch cyber strikes.
Cyber crime rings may include the following players:
These skilled tech pros write and code the viruses that infect a business’s computer network.
Specialists distribute and sell stolen credit and debit card data. Sometimes they transfer the data onto blank cards, and then put foil on them to create duplicates.
These intruders break into a company’s PC networks via their vulnerabilities.
Such con artists concoct ingenious schemes to trick people into giving up personal information or visit websites that download viruses. These players represent the creative end of the crime ring.
Rogue systems providers:
They run scrupulous businesses that provide servers for cyber thieves.
These individuals purchase things at retailers using stolen credit cards. Some launder money while others ship products.
The head honchos of a crime ring hire the worker bees but rake in all the money.
What do cyber criminals want?
Cyber criminals want valuable data:
- Social Security and credit card numbers
- Bank account information
- Email addresses
- Home addresses
- Birth dates and more.
With this loot, they can take over existing accounts or open new ones to make fraudulent charges. They can conduct phishing operations with gathered email addresses.
Hackers seek out weaknesses such as employees who are prone to fall for social-engineering scams and outdated operating systems or browsers.
Protecting your business from such attacks requires:
- Acknowledging it could happen to your business
- Using technology to combat these threats
- Educating your employees on potential risks
- Staying vigilant
How to prevent cyber attacks
The Better Business Bureau (BBB) and the Federal Trade Commission (FTC) are both excellent resources for businesses concerned about cyber security. The FTC partners with the National Institute of Standards and Technology, the U.S. Small Business Administration, and the Department of Homeland Security to compile the latest information on Cybersecurity for Small Business.
Knowing some cyber security basics (see lists below) and putting them into practice will help protect your business and reduce the risk of a cyber-attack.
Protect your files & devices
Update your software: This includes apps, web browsers, and operating systems. Set updates to happen automatically.
Secure your files: Back up important files offline, on an external hard drive, or in the cloud. Make sure your paper files are securely stored, too.
Require passwords: Use passwords for all laptops, tablets, and smartphones. Don’t leave devices unattended in public places.
Encrypt devices: Encrypt devices and other media that contain sensitive personal information. This includes laptops, tablets, smartphones, removable drives, and cloud storage solutions.
Use multi-factor authentication: Require multi-factor authentication to access your network. This requires additional steps beyond a password — like a temporary code on a smartphone or a key that’s inserted into a computer.
Protect your wireless network
Secure your router: Change the default name and password, turn off remote management, and log out as the administrator once the router is set up.
Use at least WPA2 encryption: Make sure your router offers WPA2 or WPA3 encryption, and that it’s turned on. Encryption protects information sent over your network so it can’t be read by outsiders.
Make smart security your business as usual
Require strong passwords: A strong password is at least 12 characters that are a mix of numbers, symbols, capital and lowercase letters. Never reuse passwords and don’t share them on the phone, texts, or by email. Limit the number of unsuccessful log-in attempts to limit password-guessing attacks.
Train all staff: Create a culture of security by implementing a regular schedule of employee training. Update employees as you find out about new risks and vulnerabilities. If employees don’t attend, consider blocking their access to the network.
Have a plan: Have a plan for saving data, running the business, and notifying customers if you experience a breach. The FTC’s Data Breach Response: A Guide for Business gives steps you can take.
What are best practices for cybersecurity for business?
In addition to understanding and putting into practice the cybersecurity basics mentioned above, the FTC covers cybersecurity best practices. Use the links below for additional information on each topic:
Understanding the NIST Cybersecurity Framework. NIST is the National Institute of Standards and Technology at the U.S. Department of Commerce. The NIST Cybersecurity Framework helps businesses of all sizes better understand, manage, and reduce their cybersecurity risk and protect their networks and data. The Framework is voluntary. It gives businesses an outline of best practices to help you decide where to focus your time and money for cybersecurity protection.
You can put the NIST Cybersecurity Framework to work in your business in these five areas: Identify, Protect, Detect, Respond, and Recover.
Physical Security. Lapses in physical security can expose sensitive company data to identity theft. Check out simple safety checks to make sure your account and devices are safe.
Ransomware. Imagine an employee gets an email that looks legitimate, but with one click or one download of an attachment, everyone is locked out of your network. That link downloaded software that holds your data hostage. That's a ransomware attack.
Phishing. You get an email or text. It seems to be from someone you know, and it asks you to click a link or give your password, business bank account, or other sensitive information. Don’t be hooked by a phishing scam.
Business email imposters. A scammer sets up an email address that looks like it’s from your company and sends out messages using that email address. This practice is called spoofing, and the scammer is called a business email imposter.
Tech support scams. You get a phone call, pop-up, or email telling you there’s a problem with your computer. Often, scammers behind these messages want to get your money, personal information, or access to your files. This can harm your network, put your data at risk, and damage your business.
Vendor security. Your business vendors may have access to sensitive information. Make sure those vendors are securing their own computers and networks. For example, what if your accountant, who has all your ﬁnancial data, loses his laptop? Or, a vendor whose network is connected to yours gets hacked?
Email authentication. Using email authentication technology makes it a lot harder for scammers to send phishing emails.
Hiring a Web Host. Whether you’re upgrading a website or launching a new business, there are many web-hosting options. When comparing services, security should be a top concern.
Secure remote access. Employees and vendors may need to connect to your network remotely. Make sure they follow strong security standards before they connect to your network, and give them the tools to make security part of their work routine.
Cyber insurance. Recovering from a cyber-attack can be costly! Cyber insurance is one option that can help protect your business against losses.
At Numerica, we take cybersecurity very seriously, both internally and externally, with our members. We hope this information serves you and your business, well.