Corporate Security Breaches Come In All Shapes and Sizes

The national headlines may include names like Google and Facebook, but the latest email phishing scams impact all companies regardless of size.

Recent FBI reports state U.S. businesses lost at least $676 million last year due to hackers posing as fake business vendors. These business email compromise campaigns (BEC) are attacks designed to trick company executives or accounting departments into sending payment for fake services or goods. This is exactly how Google and Facebook lost $100 million over the past few years.

BEC campaigns work so well because they're disguised as typical business emails and rely on human error – or trust – to succeed. Given that 90% of small and medium sized businesses don't have data protection measurements in place and less than half of small businesses secure company emails, the risk of fraud is growing.

The National Cyber Security Alliance reports that 60% of small businesses fold within six months of a cyber attack, prompting an increase in education and awareness outreach initiatives across the country. In Michigan last month, the Grand Rapids Better Business Bureau, the Federal Trade Commission, and local law enforcement launched Operation Main Street: Stopping Small Business Scams. The goal is to help companies recognize the latest phishing scams, understand preventative measures, and establish recovery protocols should a security breach occur.

How do I recognize an email phishing scam?

Some email phishing scams are easier to detect than others. Our email spam boxes are full of odd emails, with strange stories and bad grammar soliciting money. The recent, more official looking emails require more detective work.

The latest scams are very effective because they include actual passwords in the subject line. Hackers have gotten hold of old passwords from previous breaches and are using them to convince people to pay ransom for various information.

Others appear to come from legitimate sources, like a bank, Amazon, or Facebook. They may ask for a routing number to complete a transaction or to click a link for shipping details. Engaging in any way with these emails opens your computer to a security breach, and ultimately puts your entire business network at risk.

How can I prevent a data breach?

Thankfully, there's a lot you can do to prevent hackers from infiltrating your network. We've heard it a million times, but the most important thing to do when you see an email of this nature is nothing. Don't open, click, or respond. If you're unsure of the true source, you should contact the source directly to see if an email was sent. For example, call your bank before you submit a routing number; check your Facebook messages before you believe your page was compromised; call the vendor to discuss company payments directly.

You can also proactively use websites like Spamhaus, SenderScore, and DNSBL to look up sender information, check to see if you've been involved in a data breach, and receive updates on the latest scams.

As a business owner, educate your employees on all of the above. Regularly send out emails to employees to bring them up to speed on the latest email scams and company protocols. Your company's security protocols should be established with your IT department or network security partner ahead of time (ie: now, if you haven't done it already). Protocols include regular database backups, password protections, and company email policies that are regularly promoted and enforced.

What should I do if my company already has cybersecurity issues?

If you suspect your network has been compromised, engage your IT partner for an evaluation. Network security experts can determine the source of the breach and follow the trail to uncover any data loss or confidentiality issues. An extensive data backup will likely begin or you'll rely on your most recent back-up to restore your system. If you have insurance, you may need to begin the process of damage evaluation. If you don't have insurance, this is a good time to investigate coverage. Working with a trusted cybersecurity partner will help determine what's missing from your technology infrastructure and develop a reliable data backup plan — a must for businesses of all sizes.

Protect your your SE Michigan business from data breaches and business email compromise by working with your local network security experts. Contact Steve Panoff, UTEC IT Sales Specialist at spanoff@utecit.com or (734) 234-5886.