Last Fall’s election, where so much was said about hacked emails, should serve as a reminder to employers that cyber security is of the utmost important. Cyber crime continues to rise across the globe. In some European countries it even outpaces traditional crime. A single data breach can cost a company millions of dollars in lost revenue, fines, and corrective action, not to mention the damages to its reputation and brand loyalty. So what are the biggest cyber threats and how can businesses best defend against them?
There are a handful of common cyber crimes that consistently occur worldwide. An increasingly popular type of crime is the installation of ransomware, which holds company data hostage. Cyber criminals also have begun to try to exploit “contactless” payment systems to manipulate payments from devices to their advantage. This works hand-in-hand with the already common attacks on ATMs and online accounts to find and misuse financial data. Lastly, and perhaps most notably for all employers, hackers continue to use “phishing” scams – fake emails that look like they come from trusted sources, clients, customers or contacts that contain links that employees are instructed to clink on – which are aimed at employees at attractive businesses, especially those with access to large amount of sensitive company data.
The goal of most cyber crimes is to obtain data and exploit it. Some cyber criminals hold it for ransom. Others will use the data, particularly financial data, to their advantage by paying themselves, opening credit, or plain old stealing funds. Still others will sell this data to those who have other similar or their own unique nefarious designs.
All of this can sound overwhelming to employers, especially since it is employees who have often been the weakest links in the cyber security armor. Companies pay a lot of money to encrypt data, consistently update and test security measures, and properly monitor its data. Yet all of this hard work and protection can be undone by an employee carelessly clicking a link in a tainted email.
It seems so many cyber crimes still start with a simple attack, such as a phishing email. Once hackers gain access to a system, it becomes both difficult and expensive to get them out – and that is only after the business realizes they are already in. That is why it is critically important to consistently educate and train employees on cyber security. Regular reminders about clues that an email may be a phishing scam, repeating and enforcing best practices on password management, and general cyber security awareness initiatives have all been shown to be effective tools to prevent attacks from being unintentionally aided by employees. Some employers have even begun using artificial intelligence and behavioral analytics to study how their employees act towards potential threats to create a better understanding of security weaknesses. In all, a proactive approach that embraces both the technical and human elements of cyber security is the best way to prevent a cyber attack.
Every business is at risk. The smartest business are the ones taking all reasonable and appropriate actions to be prepared and prevent or fend off an attack, rather than being left to only respond to the damage after an attack has occurred.