Written by Maureen Paulsen on Monday, October 14th, 2019
As experts focused on marketing and communications, we don’t typically dole out information technology advice. But because IT touches virtually everything we do, we always try to stay apprised of general technology trends and issues that could help or impact our clients.
This month we felt compelled to pass along an urgent ‘public service announcement’ about cybersecurity because two of our clients recently became victims of hackers (more on this below). Aside from cybercrime hitting so close to home, October is National Cybersecurity Awareness Month. So, you may be hearing about cybersecurity from other sources in the coming weeks. Our guidance is to pay attention! Take a little time to brush up on cybersecurity protocols that can help protect you at home and at work.
Trust us, the creepiest Halloween horror movie doesn’t come close to the frights that are brought on by cyber criminals. Our clients who fell prey to hackers are very smart, very capable people. But no one is immune from the devious plots of hackers who are hiding around every dark corner of our digital world.
In one case, a hacker was able to successfully pull of a ‘Business Email Compromise’ or BEC scam on our client, which resulted in thousands of dollars of wire fraud (not to mention the time and hassle it took to unravel the mess). BEC scams typically involve phony e-mails in which the attacker ‘spoofs’ a message from an executive at a company and tricks someone into wiring funds to the fraudster’s account or clicking a link or attachment containing malware. Sometimes the hacker asks the recipient to change the account number for a wire transfer using a very businesslike and legitimate looking spoofed email message. This is exactly what happened to our client. But he isn’t alone: in a September 2019 public alert, the FBI called Business Email Compromise “the $26 Billion Scam.”
In the other instance, hackers penetrated a client’s LinkedIn account, which began sending odd messages to his contact list via LinkedIn. If any of our client’s contacts replied to the message and questioned its validity, the hacker replied from our client’s business email address confirming that the message was legitimate! So, this hacker gained access to both the person’s LinkedIn account and business email. It is truly astounding how sophisticated these hacking schemes have become. While no money was lost in this case, it still took our client considerable time to deal with cleaning up and apologizing to the contacts who had been messaged by the hackers. Not exactly how an executive wants to spend their day.
Just as our very smart clients became unwitting case studies in cybercrime, you too can be victimized by cyberthieves. These are crooks who spend every waking hour plotting how to steal your data, your money or your identity. So just because you have the latest antivirus software and an IT department that keeps careful watch over your network, don’t be lulled into a false sense of security. Cybercrime can happen to anyone. And often it’s the folks with the most on their plates—leaders with too much to juggle and too little time—who become easy targets because they’re always moving so quickly through their day (and often on mobile phones where it’s harder to detect).
Imagine you’re in the Starbucks line and an ‘urgent’ email comes in on your mobile device. You can’t tell exactly what the URL address of the link is, but it looks legit so you click through. That’s all it takes for a hacker to get what they want. The key thing to remember—especially when you’re out and about using a mobile device—is that our brains are often the first line of defense against cybercriminals. IT security experts call it acting as a ‘human firewall’ meaning you should always trust your instincts, read emails carefully and think before you click.
Here are some other simple tips from the National Cyber Security Alliance, excerpted from their press release kicking off Cybersecurity Awareness Month:
Hopefully your organization will never fall victim to cybercrime.
If you’re unsure how safe your business systems are or want a second opinion on your current approach, processes and tools, we’re friends with two trusted managed services/technology firms in DFW that we’ve known for more than a decade each: Sagiss and Ranger Solutions. I know either would be most pleased to chat about your technology.
And given how pervasive cybercrime is, your best bet is to be prepared with a solid reputation repair and crisis communications plan in the event of a data breach or other issue. We routinely assist clients with the preparation of crisis plans for a variety of situations. Contact us to learn more.
And stay cybersafe out there!