LAS VEGAS (KLAS) — In today’s Cyber Safe Parent segment, Brian Loftus gathers tips that can help a business stay safe from cybercrime.
Businesses rely on their networks, data, and the internet to exist and cybercriminals exploit that. From the mom-and-pop shop to fortune 500 companies businesses are always at risk.
“By the time they’ve found out, that money’s long gone and there’s almost no way to get it back,” Lt. Allen Larsen of LVMPD said.
“Today it’s Capital One, last year it was Marriott, the year before it was Equifax,” Ted Rossman of CreditCards.com said.
“The most common thing that we’re seeing with businesses is what we call a business e-mail compromise. It’s also called a man-in-the-middle attack,” Lt. Larsen added.
How it works: The business is about to start a transaction, a phishing email comes in saying wire instructions have been updated – some companies fall for the hook.
“Now they’ve wired – we’ve seen some cases with $200,000, $500,000… and for some of these small businesses, that’s enough to put them out,” Lt. Larsen said.
Lt. Larsen says that business owners should stop and make a phone call first to confirm the source of the email.
“In every single case where we’ve had somebody victimized, if they would’ve picked up the phone and made that phone call, prior to sending the wire, they wouldn’t have lost all that money,” Lt. Larsen said.
According to the FBI, the cost of cybercrime in the U.S. was $3.5 billion dollars in 2019 – with half of all businesses the victim of a cyber attack.
“Never send any money online or by mail or anything like that unless it’s somebody that you know, personally, that you can trust,” Lt. Larsen said.
Companies can better protect themselves by having encryption technology to cloak customer credit card records, supplier networks, and employee financial data.
An easy fix is to improve password security.
“If they compromise your bank account and then you use the same password on your e-mail, now they pretty much own you,” Lt. Larsen said.
He recommends multi-factor authentication so there is at least an extra step “the bad guy has to get through.”
To check the legitimacy of email correspondence, hover over the sender’s email address to see who it’s actually from.
The account might say Microsoft Team, but when you click on the email address, it could actually be jumbled letters, and “obviously that’s a scam!” Lt. Larsen said.
Companies skipping these important steps present cybercriminals and hackers with an easy lock to pick, and in some cases, a wide-open door.