The State of Cybersecurity in 2024
Recently, our team attended a fascinating workshop hosted by our client, The Alexander Group about the State of Cybersecurity in 2024. The workshop's featured speaker was Fred Moore, President of Moore Computing LLC, Read on to learn some of Fred's key points and his recommendations for the critical actions small business owners can take to safeguard their businesses, employees, assets, and their reputation.
What comes to mind when you think of a hacker or a digital scammer? A lone, 40-year-old man typing away at a computer monitor hunkered down in his mother's basement? An older adult who thinks she's on the phone with her granddaughter? Certainly not you? If that's your belief, it's time for a reality check.
Cybercrime has increased by over 250% over the last two years, and the global cost of cybercrime is estimated to have exceeded 6 trillion dollars in 2023. The criminals behind these numbers are running highly efficient and effective operations – and many cybercrime organizations have hundreds of members/employees. The cybercrime industry intersects with international law, global politics, high-level business interests, fast-paced technological advancements, and human trafficking.
While this information can be daunting, and the large-scale implications seem intangible, small business owners can't let overwhelming feelings prevent them from taking action. While many cybercrime organizations target large corporations, small businesses continue to be the most frequent victims of digital scams.
Types of Cyber Crime in 2024
Phishing Scams
Phishing remains one of the most common scams affecting business owners and employees. The idea behind phishing is simple: a bad actor sends a message pretending to be someone else and prompting the recipient to reveal private information. Phishing scams are constantly evolving, with scammers designing email messages that resemble a standard email from a company, a client, or even the recipient's boss.
Fred asserts that vigilance with links is vital. Be wary of any links sent in emails, especially those that ask you to share certain information. Verify the link before clicking on it. Take caution if you notice glaring spelling errors, conspicuous vocabulary, or something that needs to look right in the email's footer. It takes time to recognize these emails, and training can help.
Ransomware
Ransomware is one of the most detrimental cybercrimes. When cybercriminals target individuals or businesses with ransomware, a virus infects the computer system, encrypts data, and blocks the victim from accessing their information until they pay a ransom.
The ramifications of a ransomware attack can be disastrous. Even if an attacked company can work with their legal team to pay the ransom or regain their data, the average downtime from a ransomware event is 21 days. When MGM Grand suffered a severe ransomware attack in 2023, getting their casinos and properties up and running took days since everything was tied to the computer system. Businesses may incur costs from the ransomware attack itself, along with costs from loss of business and reputation.
Business Email Compromise
Business email compromise scams are another common issue. These scams take phishing one step further, with cyber criminals hijacking email accounts. Once the bad actor can access the victim's account, they often orchestrate unauthorized fund transfers or manipulate account details. Like phishing, vigilant training and awareness are critical to lessen the chance of these attacks. Always be alert, never cut corners, and always follow company protocols to minimize risk.
Call Back Scams
Call scams can feel more personal. A bad actor calls you from a number and pretends to be tech support, a service provider, or even an individual you know in person. AI voice technology takes these scams one step further, and now advanced attackers may use an AI model to simulate the voice of someone you know. Trust your gut, and verify where calls are coming from and why.
Pig Butchering
Pig Butchering is growing in popularity, combining romance or companionship with investment deception. The scam starts with the bad actor building trust through casual conversations online or even through the premise of online dating. As the victim's faith in the scammer grows, the scammer will send the victim information about an "investment opportunity." Beware of these schemes, including fake investment portfolio sites, can look and feel very real.
The scammer then convinces the victim to start "contributing" to the financial scheme through digital payment or cryptocurrency, clouding the transaction trail so that the victim won't be able to recover their funds. After the fraudster has the money they need or the victim gets suspicious, the fraudster cuts the "relationship" off and terminates the contract. The scammer "fattens the pig" before cutting them off. Seniors, especially those who are divorced or widows/widowers, are a common target.
How Small Businesses Can Protect Themselves from Cyber Crime
Mitigating Payment Diversion Risks
After examining these scams (and understanding that more are being developed each year), the natural question for business owners is how they can protect their business. Mitigating payment diversion risk is an excellent place to start. Wire and ACH transfers are prime targets for diversion. Business owners should set up clear protocols regarding payments and invoices within the company and with clients/vendors/other businesses they work with. Verbal confirmation, on top of foundational cybersecurity measures, can help ensure payments go between the intended parties without diversion.
Multi-Factor Authentication
Multi-factor authentication (MFA) is all the rage right now, and for good reason. When there are multiple steps safeguarding accounts and information, it is harder for bad actors to step in. A typical MFA setup is when a user must type in login info and enter a unique code sent directly to their phone number or email. While the extra steps can seem tedious, the few extra seconds are a small price to pay in comparison to a cyber attack.
Email Diligence
Cybercriminals are intelligent, but so are well-trained employees. Email diligence is a critical skill that comes with training and experience. Small business owners should seek out a program that works for their team and trains them on spotting fraudulent opportunities in emails. Fred recommends KnowBe4, which sends out fake phishing emails for recognition practice.
Robust Cyber Hygiene
The reality behind cybersecurity for small business owners is that it's the culmination of many efforts over time. Think of specific tasks as "cyber hygiene," ensuring your digital assets and systems are healthy and clean. Using a password manager, training employees on understanding scams, having MFA wherever it's available, and taking extra precautions with online payments are just a few ways to improve your small business's cyber hygiene.
Cyber Insurance
Fred also emphasizes the need for cyber insurance. It may have seemed excessive to business owners a few years ago, but now, more than ever, it is necessary. A cyber insurance agent can work with you to determine which plan best fits your business needs. When a cyber-attack happens, your policy can help you connect with legal and PR teams to resolve the issue and get your business back up and running as soon as possible. The insurance price is small compared to the havoc cybercriminals can wreck your company and its reputation.
Work With Cole-Dalton Marketing Services
Although cybercrime is a significant issue that small business owners face, it's certainly not the only obstacle to overcome. Our Cole-Dalton Marketing Services team aims to help small businesses succeed. We focus on marketing management services so you can focus on your business's core.
Check out our capabilities and marketing systems here, and let's get in touch to take your business to the next level!
