Every year the global cost of cybercrime gets worse and worse. This is going to increase from $6 trillion today to a $10 trillion problem by 2025, according to Cybersecurity Ventures. And small businesses, like professional snow and ice management operations, are the most vulnerable to become a cybercrime victim. So, are you prepared to defend yourself, or will you become the next statistic?
During my decades with the FBI, I witnessed first-hand the devastation cybercrime has on small business owners. In today’s digital age, simply clicking on a link in an email opens the digital doorway for a bad actors to damage a business with malware. They steal data and money, disrupt workflow, and ask for significant amounts in ransom. I’ve witnessed the same story over and over again of victims whose lives were ruined. So, while interviewing cybercrime victims, I discovered some commonalities, which I call “The Four Truths About Cybersecurity”.
Truth 1: No victim expected to be a victim. Every victim is caught off guard.
Truth 2: Once the cybercriminals steal our money or data, it is almost impossible to retrieve it.
Truth 3: Most cybercriminals are located outside the US. Therefore, the chances of law enforcement bringing them to justice is harder than getting your money or data back.
Truth 4: Most cybercrime incidents were preventable if the victims had been armed with a couple of key pieces of information.
While an FBI agent, I researched and analyzed the root causes of cybercrime victimization. My goal was to make individuals and companies aware of cybersecurity truths. So, I created the Cybersecure Mindset Framework. To keep your money and data safe and to prevent cybercrime incidents in your workplace, you must focus on the following steps and understand their underlying strategies.
Understand The Problem’s Scope
As the cybercrime problem continues to grow, we continue to spend more money on products and/or services hoping they will keep us safe. However, having these products and services in place is important but not enough. Embracing a cybersecure mindset reduces vulnerability.
Cybersecurity’s Four Truths
If I learned anything from my FBI experience, it’s the chances of law enforcement “saving the day” is practically zero. This does not mean people should abandon hope. However, the majority of cybercrime is preventable if the victims had knowledge of a few simple controls.Weapons Of Choice
Phishing, text messages and telephone calls are the cybercriminal’s preferred weapons. For the past 20 years, hackers have been using social engineering techniques to trick end users to turn over their account credentials and install malware. This resulted in money and data being stolen and then maliciously used. When we receive an email, text message or telephone call from someone we know and trust, that message likely passes through our spam filter and email protection. Nevertheless, we need to think twice before we click and act. The first line of defense is becoming our own human firewall.
The dark web and password reuse are the cybercriminal’s best friend and lead to the majority of cybercrime victimizations. The dark web is a place where billions of usernames and passwords – obtained through major data breaches – are bought and sold by cybercriminals. Hackers count on the fact that 66% of the population uses the same username and passwords across multiple sites.
Identifying Mission-Critical Accounts
Imagine a cybercriminal who receives your password on the dark web. That one password enable a cybercriminal to log into our financial, work or cloud accounts. Identify those accounts important to you (Google account, bank and work accounts, etc.) so you can take the appropriate measures to protect them.
Once the critical accounts are identified, make sure there is a strong, robust, and distinct password for each one. A good password should be 12 or more characters. I use special symbols, numbers, uppercase and lowercase letters, and no dictionary words. Using passphrases to remember the complex passwords is also something to consider. For instance, a passphrase such as “I can never forget my social media password” can be translated into the following password: #041cnfmysMP40#.
Adopt Two-Factor Authentication
Even though an account has a strong robust password, cybercriminals can still gain access. That’s why two-factor authentication (2FA) was created. Think of it as a second deadbolt on a front door. The password is the first key for entry, but a special six-digit code is needed to gain complete access. The code is obtained from an authenticator app or directly from the website host via text message.
The Business Email Compromise
People – commonly friends and relatives – are vulnerable to account takeovers. And then malicious emails are sent out on their behalf. The Business Email Compromise is a scam where hackers take advantage of unsecured emails. This is one of the greatest financial frauds today. It tricks end users to send money or information to cybercriminals because the email comes from a trusted source.
What would happen if you learned a cybercriminal locked up your business files and you couldn’t retrieve them unless you paid a ransom? Therefore, you must have backups of all critical information.
Keep Your Family Safe
Cybercriminals like targeting family members, especially children and elderly relatives who spend much of their time online. As technology advances, so do cybercriminals' techniques to gain access to information. Therefore, make family members aware of the scams targeting them.