15 Aug 2016
As previously reported, the latest trend in hacking is still on the rise in which hackers are foregoing big companies and targeting the small guy.
As BlackHatters have become more sophisticated, so, too, have their earliest victims – larger businesses and financial institutions. While that was good news to smaller businesses, it, unfortunately also caused them to fall behind the cybersecurity bell curve, thus making themselves weaker prey.
A new, effective scam was first reported last week by The Wall Street Journal, in which cybercriminals are essentially re-routing legitimate purchases to their own back accounts. Hackers first hack into the email accounts of either suppliers or purchasers so that they can have access to entire email trails.
Their ultimate goal is to find all the big dollar transactions. Once they identify those transactions, all new correspondence from the big customers are auto-forwarded to a phony email account that has been set up by the hacker to look like it came from a company executive and/or supplier. Once the criminal has contact with the legitimate buyer, the hacker then gives the target fraudulent bank account information in which to transfer the “payment.”
Small businesses are not generally as savvy at picking up on fraudulent emails as bigger businesses. Additionally, small businesses tend to use cloud-based email accounts, which are cheaper than those with dedicated servers, but that low price comes with an increased risk of being compromised.
Additionally, it doesn’t matter which company’s email the bad guys get ahold of because both sides of the emails can be seen. So even if your business has strong security, if you are doing business with a less sophisticated company, you are at risk.
In fact, a June report from the FBI stated that, in the US alone, more than 14,000 businesses have reported combined losses of close to $1 Billion since 2013, and there has been a 1,300% increase since just last year.
While you may not be able to stop a hacker from targeting your small business, there are ways for you to protect yourself:
- Use Strong Passwords. You should not reuse or repeat passwords; with all of the compromised social media accounts, it is easy for hackers to steal passwords. F
- Implement Payment Verification Policies. Make it a policy that you and/or your employees must verify purchase orders or payment requests, ESPECIALLY IF THEY ARE ASKING YOU TO SEND THE PAYMENT TO A DIFFERENT BACK ACCOUNT. All it takes is a phone call.
- Use Business-Grade Security Software. Well known security software includes McAfee, Symantec and Webroot, all of whom have the ability to identify suspicious behaviors.
- Use Secure Email Servers. Virtual Private Networks (VPN) offer more secure network connections. If you are unable to purchase one of your own for $5,000, you can lease one for $5 to $100/month. VPN’s are effective at protecting against minor hackers
- Require Employees to Enable Two-Factor Authentication. If a hacker attempts to login on an unrecognized server, you or your employee will be notified and the hacker will not have access to the unique verification code, thus thwarting the attempt.
- Don’t Hesitate. If you are targeted, contact authorities immediately.
- Use Small Business Resources. The Small Business Administration has a great, free tutorial available regarding small business cybersecurity.