Skip to main content

Combatting Cybercrime Has Never Been More Important in Business

Middle-market business owners and CEOs are ‘extremely worried’ about cybercrime, and with good reason. The threat has never been more urgent.

17% increase in data breaches in 2019 over 2018According to the 22nd Annual Global CEO Survey conducted by PWC, global CEOs consider cybercrime to be a top five threat to business growth prospects. In the same survey, North American CEOs rank cybercrime as the number one issue they are “extremely concerned” about.

 

And the problem keeps growing. There was a 17% increase in data breaches in 2019 over 2018, according to the Identity Theft Resource Center’s 2019 End-of-Year Data Breach Report. Given that many cybersecurity incidents go unreported, it’s likely that the actual percentage is even higher.

 

A cyber criminal could wreak havoc on your company. Now is the time to protect yourself.

 

Average Cost of a Data Breach in 2019

Source: Identity Theft Resource Center

 

Proactivity is the key to fighting cybercrime

“A lot of business owners think cybercrime will never happen to them, but in reality the chances are quite high that it will,” says Cadence Bank Treasury Management Sales Officer Joseph Cascio. “It is critical to be proactive in taking steps to protect your business from the potentially devastating effects of a cyberattack.”

 

According to Lori Frady, also a Treasury Management Sales Officer with Cadence Bank, middle-market businesses could be especially susceptible to cybercrime during the coronavirus pandemic.

 

“Whenever there’s a significant event, cyber criminals are quick to try to capitalize on it,” she says. “The coronavirus pandemic is no exception. Many employees are distracted due to working from home and dealing with personal issues like childcare, which can make them more vulnerable to falling victim to cyberattacks.”

 

Frady’s message? “Never let your guard down,” she says. “Cyber thieves and fraudsters win when you’re not paying attention.”

 

The link between cybercrime and fraud

Cybercrime and fraud typically go hand-in-hand, since thieves often use cyberattacks to commit fraudulent activities. According to the Association of Certified Fraud Examiners (ACFE) 2020 Report to the Nations, the typical organization loses 5% of its revenue to fraud each year, and the median fraud loss is $125,000. What’s more, the typical fraud case runs for 14 months before detection and causes an average loss of $8,300 per month.

 

The annual cost of global cybercrime damages is estimated to increase to $6 trillion by 2021, up from $3 trillion in 2015.

Source: Cybersecurity Ventures

 

While large firms detect more incidences of cybercrime than small and mid-sized businesses, according to the ACFE, middle-market businesses are often the most vulnerable to cyberattacks. “These businesses are in the cybercrime ‘sweet spot’”, says Frady. “They’re large enough to have significant corporate bank accounts, but they often don’t possess and deploy the latest cybersecurity defenses like large firms do.”

 

Data Breaches by Industry in 2019

Source: Identity Theft Resource Center

 

Much of the cybercrime directed against middle-market U.S. businesses is perpetrated by highly organized criminal operations located overseas that operate through proxy servers enabling them to mask their location. For example, the cybercriminals could be overseas in the Ukraine but it looks like they’re in Houston or Atlanta. Cybercrime activity targeting middle-market businesses often originates from former Soviet bloc countries and other nations in this region, such as China and Romania.

 

Recognizing cybersecurity threats

Boosting cybersecurity and reducing fraud starts with recognizing the biggest cyberthreats. One of these is business email compromise, or BEC, which is similar to email phishing and spear phishing.

 

Eighty percent of all businesses experienced this kind of cyberattack in 2018, according to the Association for Financial Professionals. Global losses attributed to BEC topped $26 billion between July of 2016 and July of 2019, according to the FBI.

 

Data Breach Causes in 2019

Source: Identity Theft Resource Center

 

“Business email compromise can take many different forms, but it almost always targets employees who have access to corporate finances,” says Cascio. In a typical BEC scam, cyber thieves use their knowledge of the company to trick an employee into initiating wire transfers to bank accounts that they think belong to trusted partners. But the money is actually transferred into accounts controlled by the cyber criminal.

 

“This may sound simple, but the level of sophistication is unprecedented,” says Cascio.

 

Once a wire transfer is sent, it can’t be reversed, which makes BEC an especially dangerous kind of cyberattack.

 

“For this reason, businesses should view every wire transfer request as potentially fraudulent until it has been verified,” says Frady. “Employees should call the initiator of the wire transfer to confirm its authenticity and verify the phone number in your system instead of using a phone number in the email. I’m aware of many BEC schemes that have been caught by taking this simple step.”

 

In addition, Cascio recommends requiring at least two separate employees to originate and approve all wire transfers and other electronic funds transfers. “We also recommend activating tokens and using multifactor authentication provided by your financial partners,” he says. “And use a dedicated computer for all financial transactional activity with no email use or web browsing allowed on this computer.”

 

Other best practices recommended by Cascia and Frady for preventing cybercrime include the following:

 

  • Train employees on the basics of computer security
  • Create individual user accounts for each employee
  • Update anti-virus/spyware software on a regular basis
  • Lock down your computer hardware
  • Add key-logger detection software to all company computers
  • Use the latest versions of web browsers with pop-up blockers
  • Implement employee awareness training for red flags

 

“It’s also important to educate employees about the importance of password security,” Cascio adds, “including setting strong passwords and usernames, and changing them regularly. A strong password is one that’s hard to guess but easy for the employee to remember without having to write it down.”

 

3 additional cybersecurity threats

1. Social media

The use of social media presents unique cybersecurity risks for businesses today.

 

“Many cyberthieves are using popular social media sites to trick employees into downloading malware or giving out sensitive information that allows thieves to hack into corporate accounts,” says Cascio. “Therefore, businesses need to establish social media policies that detail what kinds of social media activity is and isn’t allowed on work computers and other devices. This includes prohibiting social media activity on work devices, if necessary.”

 

2. Mobile devices

Mobile devices are a primary target of cyberthieves because they’re such an easy point of entry.

 

“Whatever your security policies are for corporate data and software should also be applied to mobile devices,” Frady says. “For example, they should be programmed to delete content after a certain number of failed log-in attempts. And you should be able to wipe them clean remotely in case they are ever lost or stolen.”

 

3. Cloud computing

The nature of cloud computing also presents unique cybersecurity risks.

 

“You have less control over your data when it’s stored in the cloud so you need to be more proactive when it comes to protecting sensitive data from cyberattacks,” says Cascio. “You should apply your business’ cybersecurity standards to the service providers who are storing your data. Also identify any third parties your service providers work with and determine if they will have access to your data—and if so, what kinds of cybersecurity standards they have.”

 

Cadence Bank has fraud prevention solutions for middle-market businesses

Cadence Bank offers a wide range of solutions designed to help minimize the risk of cybercrime and fraud for middle-market companies. For example:

 

  • Cadence Bank requires multifactor authentication for wire transfers to help prevent unauthorized wires from being sent to fraudsters.
  • Positive Pay helps combat check fraud by comparing checks presented to the bank for payment to a list of checks your business has actually issued. Only checks that match the check-issued file are paid—all others are flagged and reported to you (via email or mobile) for a pay or no-pay decision.
  • ACH Positive Pay helps protect you from automated clearing house (ACH) fraud by reviewing incoming debits against a list of approved vendors. You can also use filters to cap the amount of money that can be paid to any one vendor. Transactions that fall outside these boundaries prompt a notification so you can approve or deny the transaction before it’s deducted from your account.
  • We offer all our clients Trusteer Rapport®, a security software application that helps prevent phishing, spear phishing and malware attacks, at no additional charge. Trusteer Rapport works alongside your other cybersecurity software to provide additional protection from cyberthreats.

 

Download our free ebook for more cybercrime and fraud protection solutions

Ready to protect your business? Download our free ebook, How to Minimize the Risks of Fraud, to learn more about the latest types of fraud schemes, controls and best practices.

 

Download the eBook

 

You can also reach out to a banker to discuss fraud protection and how Cadence Bank can help.

 

 

This article is provided as a free service to you and is for general informational purposes only. Cadence Bank makes no representations or warranties as to the accuracy, completeness or timeliness of the content in the article. The article is not intended to provide legal, accounting or tax advice and should not be relied upon for such purposes.



Questions? We are here for you...

To ensure your safety, please do not include sensitive information in your submission.