Do you think your business is immune from cybercrime because you’re small enough to “fly under the radar” of criminal hackers? That may have been true five or ten years ago, but not anymore. Cybercriminals’ preferred point of entry is now malware—the “spyware” and “viruses” that infect your computer through emails and Web sites—and cybercrime is increasingly a crime of opportunity rather than a targeted attack.
According to an article in Infosecurity Magazine (http://www.infosecurity-magazine.com/news/magazine-house-loses-15-million/), criminals were able to steal $1.5 million from US company, Bonnier Corporation, by sending a message from the CEO’s email account, directing an employee to transfer funds to a bank in China.
Bonnier Corporation has 600 employees—far fewer than the stereotypical hacking target. This is one of the latest cybercrime events to make the news (the information security news, anyway), but it’s not an isolated case. Thousands of companies, much smaller than Bonnier, are victims of cybercrime every year. Most of these companies don’t make the news. They just quietly go out of business.
In the case of Bonnier, criminals were able to gain control of the CEO’s email account. The article doesn’t explain how, but most likely it was accomplished by spyware that captured the CEO’s logon credentials. The spyware probably came from a “phishing” email message, or a Web site with malicious content. I want to reiterate that the hackers were likely not targeting Bonnier, or their CEO, but were able to determine that their malware had struck gold when it infected a high-value target.
Owners and CEOs of small businesses are particularly vulnerable to cybercrime:
- They tend to use multiple computers to access corporate data, some of which (like home computers) are not as well protected as their work computers.
- They tend to travel more, exposing their laptops, tablets, and smart phones to unknown, unsecure Wi-Fi networks, and increasing the risk that one of their devices might be stolen.
- While they may agree to require high levels of security for their employees (like Web filtering and mandatory password changes), CEOs tend to forgo these measures for themselves, out of convenience.
If you’re a business owner, CEO, or other executive, consider how your attitude toward security might be putting your company at risk. Cybercrime is not something you can wait to address when it occurs. You must implement a security strategy now.
To learn more about how Clocktower protects companies like yours from cybercrime, call us today, at 508-541-6143.