The Rise and Rise of Cybercrime
The onset and continuous impact of COVID-19 has been a whirlwind, disrupting countless businesses and industries. But amidst all of the chaos and confusion, cybercrime has thrived.
“A company is attacked by ransomware every 40 seconds in the U.S.,” said Paul J. Vitchock, supervisory special agent for the Federal Bureau of Investigation, while presenting as part of the 2020 AASA Technology Conference, a multi-day virtual event from the Automotive Aftermarket Suppliers Association. “My phone’s ringing constantly to deal with businesses that have had their emails compromised. Cyber scams have just skyrocketed since COVID-19 hit.”
Business owners only meet Vitchock after they’ve already become victims of a scam, and even then, there may be little the Bureau can do.
To grasp the full scope of the digital threats facing shop owners these days, cybersecurity, identity theft and fraud expert Adam Levin shares his observations and recommendations for warding off cybercrime.
How has COVID-19 impacted cybercrime? Why are threats on the rise?
Cybercrime was high before the pandemic, but there’s been an astronomical 30,000 percent increase in cyberthreats just this year. Ransomware, compromised business emails, every other possible scam there could be—they’re all off the charts. We all have day jobs, but to a hacker, we are their day job. There’s a big prize in it for them if they can get you to click the wrong link, and for a business owner that could mean your employee’s W2 information landing in the hands of the bad guys, which could get used to file false tax returns or apply for unemployment benefits in the name of your employees.
It’s all about distraction because when people are distracted they’re vulnerable and there’s been nothing more distracting than COVID-19. People are on high alert for all things COVID and anything that comes over the bow in relation to unemployment benefits, stimulus payments, deferred tax filing dates is a prime target for a phishing scam. More people are working remotely, so they may not think twice about the email requesting a wire transfer that looks like it came from their boss or maybe they’re one of the millions of people who’ve been furloughed or laid off recently. As those people turn to unemployment and government sponsored programs for help scammers are ready to take advantage of that grief and suffering by posing as official staff reaching out with key updates, etc.
Are there any new types of cyber threats owners should have on their radar?
It’s the same song, someone’s just added a verse or two. Data breaches, ransomware, hacking and phishing are all still top cyber threats for business owners, but the real issue is that a lot of these scams are not new and businesses still aren’t prepared when they hit.
I advise everyone to focus on the pantheon of “ishings,” including: phishing (“Dear member” or “Dear employee” emails), spear phishing (personalized emails), vishing (receiving phone calls from someone impersonating someone from the home office or a government agency or financial institution), and smishing (SMS or text-based phishing).
How can owners best prepare? Are there any new or emerging cybersecurity strategies you’d recommend implementing?
Everyone should still be observing the basics: long and strong passwords, multi-factor authentication, cautious clicking, and independent confirmation of where updates and directives are really coming from.
Establishing strict password protocols (using password managers and making sure your employees are using truly unique passwords), ensuring employees use business-specific devices and staying diligent with updates and patches (updating your software with any of the fixes developers have discovered over time) are vital as well. Coordinating penetration testing with a third-party organization will also help identify any vulnerabilities and keep your system as bulletproof as possible.
Educating employees is also critical—employees who understand the kinds of scams they could be vulnerable to could help cut down on the number of people with access to your systems that could put you at risk.
Finally, cyber liability insurance. Get it. Depending on the insurance you have, it could cover legal expenses, costs of notification in the case of a breach, you could have access to experts who can help fix the problem that caused the breach, help you communicate with clients and more.
What should owners keep top of mind when it comes to managing cybersecurity these days?
Protection isn’t guaranteed, it’s an ongoing defense that’s all about vulnerability management. Keep in mind, there are no victory laps in cybersecurity. You could be secure at 9 a.m. and by 9: 05 a.m. someone could click on the wrong link and you’ve been compromised. A breach or a compromise can be a defining moment in the history of an organization—it can be a bad experience you move on from or it can be an extinction-level event. If you’re staying focused and up to date, you have ways to manage your fate, but you can’t do it all yourself. Getting that outside help is more important now than ever.