We think of cybercrime as something that happens to someone else. Data thieves go after big companies; don’t they? The fact is, though, that anyone can be a target. If you’re on the Internet, hostile people regularly use machines to probe your servers for weaknesses. If they find one, it can cost you seriously.
A white paper by Hamilton Place Strategies estimates that cybercrime had a worldwide cost of $445 million in 2014, a bigger number than Microsoft’s or Exxon Mobil’s market capitalization. The median cost of a cybercrime nearly tripled between 2010 and 2015.
The cost doesn’t come just in direct harm, such as downtime, loss of data and recovery costs, but also in loss of reputation and legal liability. When an attacker grabs people’s credit card numbers — or even when there’s a reasonable chance it might have happened — customers are reluctant to do business with the same company again. You might have to mollify them with some kind of compensation.
Organizations might be legally liable for not being careful enough. If you handle personal health records, and they’re breached, the federal government might hit you with a fine under HIPAA, which can be as high as $50,000 per incident. If you’re managing a publicly traded business and fail to protect against financially related breaches, the business might have to pay a fine under federal law.
Types of attacks
The biggest single danger is social engineering attacks, which play on people’s trust. The usual form is a “phishing” email, which tries to trick you into divulging information. It may pretend to be a legal notice or a document from a colleague or customer. If you’re fooled, you might give them an important password or let them install malicious software on your computer.
The fastest growing threat is ransomware, which carries a very direct and painful cost. If this hits your computer, it encrypts your documents, and you have to pay an extortion fee through an anonymous channel to get them restored. One hospital had to pay $17,000 to get its systems running again.
Other channels of attack besides email include easily guessed passwords, insecure form processing and defects in server software. Attackers are constantly discovering new ways to exploit security holes and prey on people’s trust. It’s very hard to keep track of them all.
How to protect yourself
Guarding against cybercrime requires having at least one person on board who really understands computer security issues. A managed services company is often the best way to do this, especially for a small & medium business. You’ll get recommendations and services that will keep you much safer. Backup, keeping software up to date and implementing employee policies may seem annoying at first, but they’ll become part of standard procedure.
Training is important. I realize it’s difficult for managers to make the time, but managers need to learn about security risks and understand how to set a policy that will keep employees from making expensive mistakes.
Everyone is vulnerable to online criminals, and there’s no such thing as 100 percent safety on the Internet. By taking the right precautions, though, you can eliminate the large majority of the threats to your business.
403Tech Inc is the trusted choice when it comes to staying ahead of the latest information technology tips, tricks and news. Contact us at (403) 215-7506 or send us an email at [email protected] for more information.
Scott Gallupe of 403Tech Discusses Cybersecurity Threats in Business in Calgary Article
The COVID-19 pandemic sent businesses scrambling to pivot from an office-based environment to a remote workforce. A recent issue of Business in Calgary featured 403Tech President Scott Gallupe, who advised on how local businesses can protect their IT systems from cybersecurity threats. He explained that passwords and video collaboration tools are possible entryways for viruses and malware. The article, Alright, Stop, Collaborate and Listen, features several local IT leaders, describes the issues faced by business owners during the pandemic and provides guidance on ways to protect business data from ransomware and other types of cyberattacks.