The FBI warns that cyber criminals are posing as HR employees and using a phishing scam to get employees to provide the scammer with access to the company’s self-service payroll platform.
When employees click on the link within the scammer’s email and provide the requested information, they unknowingly provide the scammer with their W-2 and pay stub information. The scammer can then change direct deposit instructions, passwords, credentials and email addresses linked to the account to avoid detection. In the majority of cases, employers were not aware of anything until workers reported they weren’t receiving their wages.
To learn how you can prevent this from happening at your organization, please view the FBI’s suggestions or request employee cyber security training materials from Warren G. Bender Co. today.
It’s no secret that your company depends on the capabilities of your computer systems to function. You should be aware that simple actions your employees take could be putting your company’s equipment and networks at risk of cyber crime, including cyber attacks, cyber theft and other computer security incidents. The average cost of a single cyber attack is incalculable—cyber attacks can directly target finances and ruin a business’ reputation. Your business is at stake, and you should do everything you can to protect yourself.
The Risks of Web Searches
As an employer, you should educate your employees about searching for certain topics on the internet due to the risk of coming across websites encrypted with viruses or malware that could be detrimental to your computer systems. Stress that the potential for cybercrime could affect employees individually as well as the business as a whole. More than 90 percent of companies surveyed by the DOJ incurred either monetary loss, system downtime loss or both because of cybercrime, so take it upon yourself to put search engine guidelines in place.
The Web’s Most Dangerous Search Terms
Common term searches conducted online one can expose your business to the risk of cyber crime. Encourage employees to avoid following suspicious results in search engines. Any result that promises free products or materials is suspect. The least risky search terms are usually health-related topics and searches about economic news.
It is essential to remember that the number of dangerous search terms is ever-changing. Hackers want to impact the highest amount of people with the least amount of effort, so they aim for popular search terms most. Ill-intentioned hackers also adapt quickly to the fast-paced nature of the internet and the public circle, so oftentimes social or celebrity events popular at a given moment climb quickly to the top of the internet’s most dangerous search terms and are a high risk for infecting your company’s computers.
According to the DOJ, industries considered a part of critical infrastructure businesses account for a disproportionate amount of computer security incidents. If your company is in any of these industries, be especially careful about internet searches to ensure computer safety and protect against potentially devastating loss, both monetary and in down time:
• Chemical and drug manufacturing
• Computer system design
• Health care
• Internet service providers
• Petroleum mining and manufacturing
• Real estate
• Transportation and pipelines
Take Precautions to Protect Your Business
There are examples of companies and organizations around the globe that had to shut down operations to address a large-scale virus or other malware issue. These problems can affect both large and small businesses and can cost hundreds of thousands of dollars to fix. Avoid putting yourself at risk by doing the following:
• Enact a stricter internet use policy
• Put more strict website blockers or filters in place
• Educate employees about the hazards that risky search engine exploration can present
Some of these solutions may cost you in the short run, but lowering your risk will ultimately save your company in potential identity fraud, monetary cyber theft or informational cyber theft in the future.
Filed under: Cyber Liability
— Jillian Bender-Cormier @ 10:13 pm March 21, 2018
According to Symantec’s 2017 Norton Cyber Security Insights Report, more than one-half of the adult internet population in the United States was affected by some form of virus, malware, spyware or phishing scam in 2017. That accounts for roughly 143 million Americans. From those attacks, consumers lost $19.4 billion, and the average cyber crime victim spent 23.6 hours dealing with the aftermath.
Many of the crimes resulted from consumers making basic security mistakes. For example, 60 percent of victims made the mistake of sharing at least one of their passwords for their online accounts or devices with another person. Another cyber mistake was using a single password across multiple online accounts, which is something 24 percent of U.S. consumers made the mistake of doing, according to the survey.
The group of U.S. consumers with the best password management was the baby-boomer generation, with 69 percent ensuring they used a different password for each online account. However, 24 percent of them made the mistake of writing down their passwords on a piece of paper.
Prevention is Key
Symantec recommends following these basic cyber security best practices to ensure safety online:
• Change your passwords every few months.
• Don’t use the same passwords for multiple accounts.
• Don’t share your passwords.
• Use an anti-virus program.
• Use due diligence when opening emails, clicking on links or downloading attachments online.
Filed under: Cyber Liability
— Jillian Bender-Cormier @ 7:42 pm March 9, 2018
Gone are the days when chief financial officers (CFOs) solely had to focus on managing their organization’s financial risks. These days, CFOs need to think about the costs of cyber security as well as the costs associated with not having enough of it. When their security tools are inadequate or threats go unnoticed, there is an increased risk of incidents that can costs thousands or millions of dollars in repairs, lost business and reputation. CFOs need to apply new strategies when it comes to tackling cyber risks.
Work With the Chief Information Security Officer
According to recent data, 39 percent of IT workers don’t believe their senior management understands the impact that a security breach could have on their company’s reputation. CFOs should become active members of their security teams, instead of passive observers, in an effort to protect their revenue with a more focused and effective cyber security plan. The most effective partnerships involve weekly cyber exposure reviews with management and IT.
Invest in IT
A recent report found that firms that invest more in IT security experience an average of 6.8 fewer breaches and save more than $5 million. With the growing number of available devices that employees can use to stay connected and do their jobs, new approaches are needed to deal with increased cyber exposure that may have been more easily contained in the past.
CFOs need to realize how cyber risk affects financial risk. According to a recent study by Ponemon Institute, data breaches result in an average stock price decline of 5 percent and an average revenue decline of $3.4 million. CFOs cannot manage risks of that magnitude by themselves. It is in the best interest of the entire company if its CFO partners with others in the organization who have a vested interest in managing cyber risk.
Contact Warren G. Bender Co. today to see how we can be of assistance in helping you navigate the ever-changing world of cyber security.
Filed under: Cyber Liability
— Jillian Bender-Cormier @ 6:59 pm February 21, 2018
A new study from IBM Security and the Ponemon Institute has measured exactly how much businesses can save by quickly responding to cyber attacks and data breaches. The average cost of a data breach in the United States is $7.35 million, but businesses that were able to contain a data breach within 30 days were able to lower that figure by an average of $1 million.
Here are some additional findings from the study:
• Incident response teams, data encryption procedures and employee training programs were the most effective ways to lower the costs of a data breach.
• Businesses should evaluate the security of third-party providers to protect their customers’ data.
Filed under: Cyber Liability
— Jillian Bender-Cormier @ 6:06 pm August 25, 2017