Common Sense and Cybersecurity

Common sense and cybersecurity

Earlier this month, Colonial Pipeline’s operations came to a halt after a ransomware attack orchestrated by DarkSide, an Eastern European cybercriminal organization. It took several days after the May 7 attack for the company to begin restarting parts of their systems as well as the mainlines. The effects were widespread and felt by most of us – gas prices at the pump fluctuated almost immediately.

As a society, we are becoming increasingly desensitized to news like this. Cyberattacks happen so often, it seems, that it’s hardly news. So why is it that so many businesses still don’t take cybersecurity seriously? There’s a shroud of mystery surrounding cyber – the media portrays hackers as hooded criminals lurking in a dark room. And while cybercrime methods change constantly, there are measures companies and individuals can take to protect their data. Those steps aren’t mysterious; they’re not hidden. Maybe they’re so simple – so rooted in common sense – that it’s easy to overlook them, and dismiss their importance.

 “The problem with common sense is that it is not so common.”

Maybe it’s easy to dismiss simple ways to implement cybersecurity because “well, everyone knows to do that.” The truth is maybe not everyone knows. Maybe “common sense” isn’t as common as we would like to think. For example – do you lock your doors when you’re not home? Chances are you do. It’s one of the most basic things to prevent entry and protect what’s inside. One of the easiest ways to protect your business data is to password protect your computer systems. This most rudimentary of security measures, which costs nothing to implement is still not being used by many businesses.

Along the lines of common sense, let’s revisit the events following the Colonial breach. Gas prices increased, media coverage heightened awareness of a potential (temporary) shortage. Some people took to the pumps to fill up before it got worse. Others took more drastic measures, filling up plastic bags with gasoline. Common sense would tell (most of) us it’s a bad idea to fill a plastic bag with gasoline, but the truth is not everyone has the same thought process and the same information. So much so that the US Consumer Product Safety Commission announced on social media that it was, in fact, a bad idea to fill plastic bags with gasoline.

This is an extreme case, most of us probably understand why it’s not a good idea to fill a bag with gasoline. But many businesses are doing the cybersecurity-equivalent of this, likely without realizing it. For example, if your company has data on computers that aren’t password-protected, or even protected by passwords such as “password1234” – that’s a potentially disastrous situation.

Cybersecurity: Start with common sense

Cybersecurity for your business doesn’t have to be complicated, unattainable, and cost-prohibitive. It would be irresponsible for us to reduce cybersecurity to just password-protecting your computers – but the truth is that you can start with simple steps like that. The password illustration is easy to understand but is by no means the gold standard as far as security measures go. Using common sense – perhaps the best of the senses – can help jumpstart your cyber approach. Your business technology is unique; your cybersecurity strategy should be unique, too. We can start where you are – whether that is as simple as password-protecting your systems or as complicated as monitoring network traffic for anomalies. Every business that uses technology in some way is vulnerable to cyberattacks, from pipelines to pop-up boutiques. Don’t wait until something disruptive brings your operations to a halt. Let’s start today.

Contact our team to talk about cybersecurity solutions for your business, from the tried-and-true to the cutting edge.

Protect Your Identity and Learn About BEC Scams

BEC scams

Today is the first annual Identity Management Day! We join the National Cybersecurity Alliance and the Identity Defined Security Alliance to raise awareness and share resources for identity protection.

Protecting our data and promoting privacy is becoming more important to the wellness and security of our lives both professionally and personally – and not just on Identity Management Day. Cybercriminals are continually evolving their strategy and tactics to compromise their targets; it is paramount that end users stay aware of the dangers that lurk beyond the firewall.

One of the most common threats seen today are “Business Email Compromise” scams – or BECs. These involve criminals impersonating key organizational staff or vendors – perhaps an executive, HR, or other members of leadership – with the end goal being the fraudulent transfer of money.

The most common type of BEC scam is invoice or payment fraud. 

  • 65% of organizations faced BEC attacks in 2020.
  •  In 2020, BEC costs increased rapidly, from $54,000 in Q1 2020 to $80,183 in Q2.
  • In 2020, 80% of firms experienced an increase in cyberattacks.
  • 62% of BEC scams involve the cybercriminal asking for gift or money cards.
  • Payment/invoice/billing scams skyrocketed by 155% in 2020.

Don’t become a cyber statistic! Read on for tips on how to recognize (and avoid) these increasingly popular email scams.

Be Skeptical

If it seems strange, investigate. Last minute changes in instructions or recipient account information is a red flag that something could be wrong. Trust your gut.

Don’t Click it

Verify information related to any contacts associated with the request. If it is a vendor requesting something, do not contact them through information provided in email – use trusted information on file. If you get a strange request from someone you work with, call them on their known phone number. A quick call can save a big headache!

Double Check that URL

If there is a URL in the email, make sure it’s associated with the business it claims to be from. Discrepancies are a likely indicator that hostile actors may be involved.

Spelling Counts

Make sure to check for misspellings in domain names. Cybercriminals will often exploit similar names, hoping that the recipient will only glance at it and not realize it is different. Writing style will also be very simple and brief with little information added.

Look for Other Clues

Does it seem strange that the CEO is contacting you personally, via email, with an urgent request? Is a manager, with whom you just had a meeting, asking you to send money? Are you receiving invoices from clients that you aren’t responsible for? All of these are common tactics that are used that can be caught by paying attention to oddities.

See Something? Say Something!

If something looks suspicious, report it to your I.T. department or your MSP! If you’ve been of victim of a BEC scam, file a detailed complaint with www.ic3.gov.

Want to learn more about how to protect yourself and your business from cybercriminals?

Back To Business I.T. specializes in creating and managing secure I.T. environments and has the tools and experience to provide proactive, customized cybersecurity training for businesses of all sizes. Don’t become a cyber-statistic! Get in touch today and let us help you take steps to ensuring your cyber safety.

Skip to content