If you haven’t recently heard, cybercrime and ransomware are at an all-time high across all industries. With business after business getting hacked, it is more important than ever to tighten up your security.
When it comes to cyber-attacks, it is not a question of if, rather of when.
To begin, let us cover the basics…
What is Cybercrime?
Cybercrime is criminal activity that either targets an individual computer or a network to perform activity that causes serious disruptions to the end user or business. There are quite a few types of cybercrime. To name a few:
- Email and internet fraud (phishing)
- Identity fraud (personal information is stolen and used)
- Ransomware attacks (demanding money)
- RDP compromise
- Vulnerability exploit (scanning of networks to identify weak systems and taking control)
- Account takeover or identity theft.
In 2020, the most common type of cybercrime as reported to the U.S. Internet Crime Complaint Center was phishing and similar fraud, with 241,342 complaints. In addition, 43,330 cases of online identity theft were reported to the IC3 that year.
Cybercrime takes many forms, and not all of them are something new, it just got easier and more widespread with new technologies. It is very important that we, both in our personal life and in our professional one, are mindful of these and other cybercrimes and keep an eye open, especially in a time of crisis (such as the COVID-19 global pandemic) when wrongdoers proliferate.
What Harm Does Cybercrime do to Firms?
Cybercrime leads to several negative effects on your business including:
- Reputation loss
- Financial loss
- Intellectual property loss
- Loss of customer confidence
- Legal implications
- Loss of goodwill
Report Cybercrime to Appropriate Agency
If you are the victim of online or internet-enabled crime, file a report as soon as possible. Crime reports are used for investigative and intelligence purposes. Rapid reporting can also help support the recovery of lost funds.
HOW TO RECOGNIZE & PREVENT CYBERCRIME
The Stop. Think. Connect™ campaign encourages all Americans to recognize these three common cybercrimes and to follow simple steps to protect yourself.
Identity theft is the illegal use of someone else’s personal information in order to obtain money or credit. How will you know if you’ve been a victim of identity theft? You might get bills for products or services you did not purchase. Your bank account might have withdrawals you didn’t expect or unauthorized charges.
Phishing attacks use email to collect personal and financial information or infect your machine with malware and viruses. Cybercriminals use legitimate-looking emails that encourage people to click on a link or open an attachment. The email they send can look like it is from an authentic financial institution, e-commerce site, government agency, or any other service or business.
Imposter scams happen when you receive an email or call seemingly from a government official, family member, or friend requesting that you wire them money to pay taxes or fees, or to help someone you care about. Cybercriminals use legitimate looking emails that encourage people to send them money or personal information.
- Keep a clean machine. Update the security software and operating system on your computer and mobile devices often. Keeping the software on your devices up to date will prevent attackers from taking advantage of known vulnerabilities.
- When in doubt, do not click. Stop and think before you open attachments or click links in emails. Links in email, instant message, and online posts are often the way cybercriminals compromise your computer. If it looks suspicious, it is best to delete it.
- Use stronger authentication. Always opt to enable stronger authentication when available, especially for accounts with sensitive information including your email or bank accounts. A stronger authentication helps verify a user has authorized access to an online account. Visit www.lockdownyourlogin.com for more information on stronger authentication.
- Consider sharing less online. Including information like your birthdate and the city where you live on your social media profiles can give criminals a more complete picture and make it easier for them to steal your identity.
- Take advantage of security settings. On your smartphone, tablet, or computer – use PINs or passcodes to protect someone from easily accessing all your information. For social media websites and apps, be aware of your privacy settings and change them to your comfort level so only the people you want to see information can see it.
The best advice an IT professional can give is as follows:
- Educate users periodically and keep them informed frequently of cyber activity on the net.
- Create a strong password. Passwords should be at least eight characters long, including at least one numerical value and a symbol. You should most definitely avoid common words and never disclose a password to anyone.
- Here’s a tough one – never select the “Remember My Password” option. It can be hard to remember a million passwords for various accounts and saving passwords can be super convenient, but you have to be cautious.
- Never click on a link from an untrusted source. At Geocomp, we test our employees routinely through Mimecast to see if they can tell if a linked source is secure or not.
- Of course, any device should have an antivirus software installed and is important to make sure it’s updated regularly.
- Unless you are expecting an attachment in an email, refrain from opening it! Ransomware activity via email phishing using Microsoft Office document attachments is very common.
Information is so accessible these days, that it is becoming easier for hackers to get access and harder for us to prevent. In order to protect your company, you need to do the following:
- Deploy an IP auto shun device
- Install a corporate high availability firewall
- Install a content filtering Barracuda appliance
- Use SSL certificates to internet facing websites
- Restrict access to confidential information (Accounting, Finance, Pay roll and HR)
- Implement Antivirus and Antispam software on end points
- Backup business data. Most importantly test the backup jobs by performing a restore operation.
- Identify critical data and ensure data is off network for a defined period.
- Define recovery point (RPO) and recovery time (RTO) objectives
- Replicate certain critical systems to ensure business continuity
- Have a standby generator to supply power in the event of extended period of loss of power from utility
- Explore cloud providers and costs associated with such providers.
Janakirama (Ramu) Bollapragada is the Senior IT Manager at Geocomp and has been with the company for almost 16 years. He is a certified Microsoft Systems Engineer and Information Technology Information Library (ITIL) foundation certificate holder with several years of experience in all aspects of IT management, especially in corporate infrastructure that streamlines system operations and optimizes productivity.