Common sense and common sense policies can do a lot at an affordable cost to prevent your business from falling victim to cyber bad guys.

Scam Detection & Mitigation Tactics

It is unfortunate that cybercriminals have so many ways to attack a business that no “one” vaccination will protect you from an attack. Some of the threats all businesses need to be prepared for include:

  • Fraudulent payments
  • Data breaches
  • Ransomware

Following are some tips for protecting your business from cybercriminals.

Web Scams

Fraudulent Payments

This era of paying for goods and services online makes businesses of any size likely victims of payment fraud.

  1. Keep your employees informed regarding the latest email and phishing scams being perpetrated on businesses that encourage the business to give up private business information such as bank account numbers.
  2. If payment is made by phone, make sure all employees understand the importance of obtaining complete credit card information by having the person making the order read the name on the credit card exactly as it appears. Other information you want employees to collect from a person ordering over the phone includes the entire card number (16 digits), the verification number from the back of the card, the expiration date and the address the card is registered to. If you suspect some or all of the information is untrue, delay shipping until you can investigate further. The information you collect can be used to verify the card from the issuing bank’s verification service, or call the issuing bank to make sure the card is still good. Often, the issuing bank will contact their mutual customer to verify the purchase. According to Visa, this reduces chargebacks by up to 26 percent.

Data Breaches

Theft of data has serious consequences, and your business can be sued if Personal Identification Information (PII) or financial information is stolen from your computer system. Healthcare provider websites may be fined by the U.S. Health and Human Services Department, Office of Civil Rights (OCR). Fines are expensive, as are lawsuits. The Poneman Institute estimates the cost per stolen record is $221.00. However, this number includes firms that have higher-than-average record restoration costs such as healthcare and financial institutions; also included are small businesses, which are far below the Poneman Institute reported mean average.

The Online Trust Alliance (OTA) discloses in its 2015 Data Protection Best Practices and Risk Assessment Guides that nearly 90 percent of data breaches could have been easily averted by following basic procedures and processes along with available technology.

So, what measures can you take against a data breach?

External Intrusions

  • Forty percent of all data breaches are caused by an external cybercriminal. These crooks use a smattering of social engineering to try to find a business’s soft spots. For example, a criminal might use social engineering on a third party to the targeted entity to gain access to a firm’s data. By investing in appropriate access control technology, the potential of a hacker coming in through the “side door” of a company (where vendors collaborate and have limited system access).
  • Did you know that 29 percent of data breaches happened because of an employee error? The mistake may have been the loss of a laptop or tablet (18 percent) or social engineering and fraud (11 percent). Both areas can be tightened up quickly through employee education and promotion of best practices when using portable devices that are personal or business owned. Also, all portable devices that access your data systems should be encrypted and registered with a unique password.

Internal Intrusions

Your expectations that employees would never cause a deliberate data breach is, sadly, untrue. With increasing frequency, employees fall victim to unethical decision-making. When they feel that your company has wronged them, they sometimes respond by sabotaging your data systems. There is little you can do about it other than good reference checking. But, by routinely checking how all employees use the data system, you may notice unusual activity by an unscrupulous employee and stop them from causing more harm.

Lost or Stolen Devices

This is another source of potential data breaches. Employees need to know that if it is their own device or that of the business, data must be encrypted, devices logged off and secured, and extraordinary attention paid when off the premises.

Ransomware Attacks

Ransomware attacks occur when a cybercriminal hacks into your system and locks you out of your data and software programs. You cannot get back in unless you pay the ransom and get an encryption key from the criminals. The two main sources for a ransomware infection are opening an infected email or visiting an infected website.

First, make sure you have a good virus and malware protection. Second, instruct your personnel to never open an email from an unknown sender or download a file from an unknown website.

RCOR Technologies is the trusted choice when it comes to staying ahead of the latest information technology tips, tricks and news. Contact us at (919) 313-9355 or send us an email at tim@rcor.com for more information.