If your business relies on computers or the internet in any way, you could be vulnerable to the threat of cybercriminals. Whether you have a complex eCommerce set-up that lets your customers buy from you online, or you just have a basic web page with your contact details, you could be subject to the same risks.
If your business presence is compromised, you could face significant repercussions, including financial costs and loss of reputation and customers.
Here are five ways cybercriminals will continue to target businesses in 2020:
This is a common scam whereby the cybercriminal sends a legitimate-looking email that looks like it’s from your bank, the post office, or another credible source. The email creates a sense of urgency, for example, by saying that your account will be frozen due to suspected fraudulent activity. Then it asks you to click on a link in the email and re-enter your account details and passwords. This lets cybercriminals access your login credentials and access your bank accounts, potentially cleaning you out.
To avoid falling victim to phishing scams, never click on a link in an email and then enter your login details. Only ever type in the URL or use a previously-created bookmark to access online banking and other sensitive platforms.
- False invoices
Sometimes scammers create and send fake invoices to businesses in the hope that, rather than question one invoice in the pile, the business will just pay it unthinkingly. These invoices usually look very realistic and are often created to mimic genuine invoices sent by real suppliers.
Another version of this scam sees the cyberattacker send an email to your business, which looks like it’s from one of your regular suppliers. The email explains that the supplier has changed its payment details and asks that you use a different bank account or payment method in future. This has the double-whammy effect of taking your money and preventing your supplier from being paid.
It’s important to keep careful track of the invoices being paid and ensure each invoice matches up to an approved purchase order before paying it. If in doubt, call the supplier directly to confirm the details.
In this attack, the cybercriminals commandeer your files and lock them up, encrypting them so you can’t access them. They then demand that you pay a ransom, which is usually relatively affordable. If you pay the ransom, they promise to unlock the files. However, on paying the ransom, most victims find that either the files remain lock or, if unlocked, have been corrupted. And, by paying the ransom, the business has painted itself as a lucrative target, so the cybercriminals attack more than once, creating an ongoing headache for the business.
To avoid this type of attack being successful, keep offsite backups of all your data so that, even if a cybercriminal accesses and locks your data up, you can restore your systems from a recent backup. This way, you can avoid paying the ransom and minimise the damage to your business.
Malware is a term for any software that’s harmful to your systems or devices. This can include viruses, spyware, bots, and more. Malware can cause different types of damage depending on what type it is, so it’s essential to have anti-malware software installed on all your devices.
Cybercriminals can potentially hack into your business’s website and/or social media pages and change the content, potentially damaging your organisation’s reputation.
Rectifying these issues can be costly and time consuming. It can distract you from your daily operations and it can erode the trust your customers have in your organisation. If their personal information or payment details are compromised, it can cost them money, too. These kinds of attacks can be hard to recover from.
How businesses can protect themselves from cybercriminals
The first step is to be aware of the risk, which is very real and very serious. Then, it’s important to do the basic security hygiene requirements such as set strong, unique passwords, avoid clicking on unsolicited links, install anti-malware and anti-virus protection, and educate your team regarding how to avoid falling victim to phishing and other scams.
It can be worthwhile to work with a cybersecurity expert to minimise your risk across the board.
It’s also important to consider cyberinsurance. This type of insurance can cover your businesses for the losses incurred as a result of a successful cyberattack. Cyberinsurance is important because, despite your best efforts, the sophistication and determination of cybercriminals is such that an attack is almost inevitable for most businesses. The question is how well your defences stack up against the attack and, if the attack damages your business, whether you have the right insurance in place to mitigate your losses.
Since cyberinsurance is a relatively new product, it pays to get an expert’s advice on what policy may be right for your business. For expert cyberinsurance advice that’s tailored to your business, talk to an NZbrokers member today.