Unheeded warnings about cybercrime nearly result in financial ruin
Told you so! Sometimes it feels pretty good to say that.
You may remember several months ago I wrote one of my pieces about cybersecurity and talked about a businessman who wasn’t particularly worried about his computer systems. “I don’t have anything they would want,” he told me.
I saw him again this past week and he shared a story with me. About a month ago, he was paying a $500,000 bill to one of his business affiliates. The check was cut to be deposited as usual. Before this happened, that affiliate emailed another associate and asked for the money to be wired into his account. The check was canceled, the wire sent, and the transaction was completed. All pretty routine.
Pretty routine for about an hour, that is. At that point, the affiliate called and asked why the check hadn’t been deposited. Panic ensued as everyone realized that the half-million dollars had been diverted. Banks were called, law enforcement engaged, and steps were retraced in an effort to recover something usually unrecoverable. The situation was bleak.
A large regional bank in the south chased after the bits and bytes moving this money to its illegal, untouchable location. The layers of financial institutions and intermediaries clouded the picture and made it hard to get straight answers. For more than three weeks there was silence, and the principals came to the realization that the cash was gone forever.
Fortunately, the story has a happy ending. The bank finally called, the money was recovered, and three businessmen are breathing easier again.
“So have your thoughts about cybersecurity changed?” I asked my friend.
“Slightly,” he replied sarcastically.
It turns out that an email account was hacked, and the hacker monitored the account for this opportunity. He then sent an email requesting the payment change — not a very hard scheme to execute — which was one of the things I warned my acquaintance and readers about.
The frustrating part of this scenario — and others I see across the state — is that it is also easily preventable. The basic protections are straightforward to implement and very effective against most threats.
Most experts agree some basic prevention will go a long way:
- Find a guide. The world of cybercrime is complicated and changes daily. Most of us have day jobs and need a good partner to help us address these threats in a systematic and cost-effective way.
- Install a firewall. If you want to protect your physical property, you build a fence. A firewall puts a fence around your electronic information.
- Run current software and perform the updates. It’s time to retire your Windows XP and other ancient software. Run the most current software. Also, install the upgrades. These upgrades include patches for known vulnerabilities.
- Use multifactor authentication. Usernames and passwords are better than no protection — but not much. Instead, use some form of multifactor authentication. The best include some combination of what you know, what you have, and who you are to verify your identity.
- Train and train some more. Over 40 percent of all breaches result from human error. Your employees want to do a good job for you. Give them the tools to recognize possible threats, remain vigilant, and take the correct actions.
Cybercrime is an existential threat to every organization. The statistics show that 60 percent of breached companies are out of business within two years. Don’t let that be you! Act now to keep yourself safe.
I don’t want to be telling you, “I told you so!”
Click here to sign up for the free IB ezine — your twice-weekly resource for local business news, analysis, voices, and the names you need to know. If you are not already a subscriber to In Business magazine, be sure to sign up for our monthly print edition here.