Skip to main content

Cybercrime: How to Help Protect Your Company's Most Important Assets

Learn about the measures your Business should be taking to combat the threat of cybercrime. Part two of a two-part article series on cybercrime.

Dating back to the beginning of modern terrorism in the 1970s, our experiences have primarily been physical attacks — from the Oklahoma City and World Trade Center bombings to hijacked aircraft, and ultimately, 9/11. Today, the world is facing a new type of terrorism that is equally as devastating: cyber-crime.
Cybercriminals could have the ability to wreak havoc on society by shutting down power grids, contaminating drinking supplies, and disrupting communication and transportation networks. These kinds of terrorism events are no longer relegated to just a fictionalized episode of “24,” but are very real possibilities.


Cybercrime Risks for Businesses

Businesses are primary targets of cyber terrorists. As we noted in Part One of this series, the high-profile cyber attacks on major corporations have started to bring this issue to the attention of many business owners and corporate security experts.
According to Skip Westfall, former National Forensic Technology Services Practice Leader for Grant Thornton and Co-Leader of the National Cybersecurity Practice, businesses of all sizes face a number of specific cybercrime risks.
“One of the biggest risks is the loss of sensitive customer and employee data such as credit card numbers and any personally identifiable information like names, Social Security numbers, addresses and phone numbers,” says Westfall. “Once they have this, cyber thieves can get pretty much anything they want.”
The loss of proprietary business strategy is a relatively new type of cybercrime risk that businesses often don’t think about. “This happens a lot now,” says Westfall. “For example, maybe a restaurant has developed a way to get hot burgers to their customers faster than their competitors.” This isn’t necessarily intellectual property, but there’s no doubt it’s valuable competitive information.
In addition, Westfall notes that the Sony Pictures Entertainment hacking case made it clear that email is now a valuable corporate asset that must be protected from hackers. “The most damaging things to come out of that breach were emails about how much employees got paid and how easy or difficult certain actors were to work with. More companies are now securing their email exchange servers as securely as their intellectual property because of potential backlash. Being tried in the court of public opinion has its challenges.”


How to Combat Cybercrime

 Katrina Michalk, Cadence Bank Treasury Management Executive, says that corporate account takeover is the business equivalent of personal identity theft. “Staying informed about various ways to protect your company from cyber attacks is an important, ongoing effort,” she says. “It’s important to establish a baseline of normal activity for your company in order to detect when abnormal activity occurs.”
Michalk divides strategies for combatting different types of cybercrime into three broad categories:
  1. Social media — “The key here is to develop a social media policy to help regulate employee access and to establish what your business considers appropriate social media behavior,” says Michalk. For example, require your employees to learn and incorporate maximum privacy settings. You could even request that employees leave their employment status blank on their social media profiles, as hackers can use sites such as LinkedIn to build a company’s organizational chart and determine prime targets. 
  2. Mobile devices — “You should apply your existing security policies to mobile devices and communicate and enforce these policies regularly,” says Michalk. Also set your mobile devices to automatically delete all content after a set number of failed login attempts. And consider investing in tools to automatically wipe any network device that has been reported lost or stolen. Requiring PINs to lock devices and turning on standard encryption settings also are good practices.
  3. Cloud computingMichalk encourages companies to apply their business standards to cloud computing providers. “Ask the cloud provider for an independent security audit, as well as the last date an audit was conducted,” she says. Also identify any third parties with which the cloud provider deals and whether they will have access to your data. “Remember that you can outsource computing functions, but not cyber risks,” says Michalk.


“What If We’re Hacked?”


Despite all your precautions, your company could still be the victim of a cyber attack. In order to deal with an attack in the fastest and most efficient manner, Westfall says you need to create an incident response plan ahead of time.
“This plan should address everything from improper use of company computers to what to do if an employee leaves a laptop at the airport and can’t find it,” says Westfall. “Your incident response plan is a playbook that tells you how to walk through every conceivable cyber crime breach or incident.”
All cyber crime breaches are incidents, Westfall adds, but not all incidents are breaches. “Always treat every cybercrime incident as if it’s a federal offense,” he says. “You can always throttle back later if you need to.”


Consider the Costs


Cyber breaches can be extremely costly. According to IBM Security’s 2020 Cost of a Data Breach Report, a data breach can cost a business an average of $3.86 million. This includes costs for lost records, legal defense and settlement costs, as well as costs associated with notifying those impacted by the breach and staggering post-breach costs including credit monitoring for affected clients or employees.
The report goes on to detail that lost business costs accounted for nearly 40% of the average total cost of a data breach, increasing from $1.42 million in the 2019 study to $1.52 million in the 2020 study. Lost business costs included increased customer turnover, lost revenue due to system downtime and the increasing cost of acquiring new business due to diminished reputation. Even one cyber breach can impact a company’s reputation and devastate its bottom line.
“This makes cyber liability insurance coverage an essential tool in a company’s cyber security arsenal,” says Michalk. “A cyber liability insurance policy could limit the financial damage that results from a cyber attack.”
Download Cadence Bank’s best practices guide for helping to protect against cybercrime at your company.
This article is provided as a free service to you and is for general informational purposes only. Cadence Bank makes no representations or warranties as to the accuracy, completeness or timeliness of the content in the article. The article is not intended to provide legal, accounting or tax advice and should not be relied upon for such purposes.

Questions? We are here for you...

To ensure your safety, please do not include sensitive information in your submission.