YOUR BUSINESS AUTHORITY

Springfield, MO

Log in Subscribe

Opinion: Businesses are just one email away from cyberattack

Posted online

Imagine you are in charge of your company payroll. For every employee, you have their Social Security number, date of birth, bank account information and much more.

You just got an email from an employee requesting to change their bank account for their direct deposit on the next pay period, which happens to be due in two hours. Just like every other day, you are extremely busy so you push the change through because you don’t want to be responsible for an employee not getting paid.

Come Monday morning, the employee calls to say they didn’t get their money on Friday. You tell them that you got their request last week and had the paycheck deposited in their new checking account, just like they asked. Of course, your employee asks, “What are you talking about?”

This is just one of the many ways companies are victimized by cybercrime.

If you are not concerned about cybercrime and the potential impact to your bottom line, you can stop reading now. If you are concerned, let me share some examples of local cyber events, what it can cost and what you can do to proactively prevent it.

Common threats
For the last several years, cases of ransomware have been rampant, even in Springfield. Typically, someone will click on something in a fraudulent email that takes control of your computer or network. The bad guys hold your system hostage for a ransom, usually paid in bitcoin. In addition to possibly paying the ransom, you will likely pay your information technology provider to clean it up, potentially replace computer equipment and likely lose income while you are not operational. Even if you can go to backups, the cost for this is typically at least $10,000.

Banking Trojans have impacted several businesses in our area. Again, an employee clicks on a bad email or goes to a fraudulent website, often through social media, and downloads malware that gives them access to your online bank system. The bad guys steal your money and you are left in the cold. The amounts on these losses range wildly, but a local company lost over $400,000 to this type of scheme a few years ago.

Social engineering is probably the most common type of loss today. The criminals create a fake email that makes it look like the CEO, or someone else in management, is requesting the controller or chief financial officer to wire money to a consultant or other business partner. The bad guys today are really good at making this sound very real and extremely urgent. If you transfer that money, you have “voluntarily parted” with your funds and the bank is under no obligation to make it right. On top of that, many insurance policies will not provide coverage for this. These can be very expensive, at well over $25,000.

Email protections
Are you seeing a common theme? According to Verizon’s 2018 Data Breach Investigations Report, 96 percent of all financial and phishing crimes are attributed to an employee falling victim to an email scheme.

If you are ultimately responsible, what can you do? Here are three recommendations to get you started.

1. Employee training. There are several resources available to help your employees identify fraud, and some inventive ways to get them engaged in prevention. If you did nothing else, this would be the most important prevention strategy.

2. Consult with your IT professional about email and web browser security. Most providers can offer tools to help your employees avoid malware while they are on their computer and other devices.

3. Back up your system, and test it. If something bad happens, you will likely need to go to your backups. If you haven’t tested them, you could be very disappointed and lose thousands of dollars.

According to the U.S. Small Business Administration, 60 percent of small businesses are out of business within six months of a cyber security event. Because of our dependence on technology, all of us are susceptible to cybercrime. Addressing this proactively will help protect the future of your business.

Jeff Eiserman is a commercial risk adviser with Ollis/Akers/Arney. He can be reached at jeff.eiserman@ollisaa.com.

Comments

No comments on this story |
Please log in to add your comment
Editors' Pick

Summer 2019 Architects & Engineers Project Report

The community’s architectural and engineering professionals present these 25 projects as an insight into their portfolios.

Most Read
SBJ.net Poll
Will the parking fee hike affect your attendance at Springfield Cardinals’ games?

View results