Cybercrime is a growing threat for businesses in the U.S. and around the world. The tactics used to steal information and money are becoming more sophisticated and involve a high level of technical expertise. Because the threats can change from one day to the next, protecting your business requires constant vigilance.
“Businesses of all sizes should be aware that there's a massive industry of bad guys working day and night to penetrate their defenses,” says Stephen Frew, Vice President, Risk Consultant with Johnson Insurance.
“It's impossible to guard against every threat, but there are a number of ways to prevent fraud and mitigate risks by strengthening your security and leveraging fraud prevention services and insurance protection,” says Sandy Bruhn, Senior Vice President, Treasury Management and International Banking Sales at Johnson Bank.
Ransomware is one of the most dangerous threats to businesses with the potential to wreak havoc on business operations. Ransomware is typically delivered through spam emails, phishing or applications that target software vulnerabilities. If the attack is successful, a business may be denied access to their computer systems until a ransom is paid. “Because this involves a direct demand of money and shutdown of operations, ransomware attacks are more threatening than residual threats like bots and invasive viruses that steal sensitive information to be used later,” says Frew.
Artificial intelligence (AI)‐powered attacks are another emerging threat. “Self‐learning computers with intellectual problem‐solving ability can be used by the offenders to attack,” Frew explains. “Because AI enables fraudsters to process information rapidly, this is increasingly becoming the weapon of choice.”
Social engineering is at the heart of many problems, and in some cases, AI is used to gather data about a person or their contacts. Email phishing schemes often target businesses with a request for employees to pay a fake invoice, share information or click on an infected link — and these schemes have been surprisingly successful in the business realm.
Small and mid‐sized businesses are frequently targeted and must be prepared for various types of attacks. “Small businesses tend to be in denial about being at risk because they might not perceive themselves as a valuable target; however, they most likely do have valuable data, and it's the vulnerability that makes them the target,” says Frew.
“If a business is attacked by ransomware, they may experience loss of data, business disruption, lost productivity, financial setbacks and the loss of their clients' confidence. The costs can be substantial if they aren't protected,” says Frew.
A cyberattack can have devastating effects on a business, especially when an organization doesn't have the resources or expertise to deal with the aftermath of an attack. The average cost to clean up after a cyberattack is reported at $690,000 for small businesses and over $1 million for mid‐sized companies in the U.S., according to the Ponemon Institute's 2017 Cost of Data Breach Study.
Frew recommends taking the following steps to improve operations defenses:
“When you have cyber fraud insurance, the insurance company brings in a team of experts who knows the laws and how to handle an attack. Rather than scrambling to figure out what to do after a cyberattack, help is just a phone call away,” Frew adds.
Learn more about cybersecurity tips in Stephen Frew's new book available on Amazon.com: Cyber Threats: Risk Management Tips for Businesses.
Payments fraud and check fraud are the top financial fraud threats for businesses. “As the use of mobile deposit increases, we're seeing a rise in fraud related to mobile capture. We're also seeing sophisticated wire fraud scams that are initiated by email,” says Bruhn.
According to the 2018 AFP Payments Fraud and Control Survey, 74 percent of organizations experienced check fraud, and nearly half of survey respondents reported an increase in the incidents of fraud attempts compared to the previous year. In addition, 77 percent reported that their organizations were exposed to business email compromise.
Financial institutions have increased their defenses against wire fraud so that fraudsters are no longer focused on hacking into banking systems — they are targeting authorized users and creating schemes to trick someone to authorize a wire transfer. In these types of scams, they impersonate an individual of authority in order to manipulate an authorized person into sending the wire,” Bruhn explains.
Bruhn recommends the following best practices to prevent payments fraud:
No matter how large or small the organization, it's important that someone is responsible for staying current on threats and knowing the proper steps to protecting your business. “Having an IT department isn't enough — a security officer serving as point person can make a big difference,” Frew recommends. If you have questions about how to protect your business or how we can help, contact a Johnson Financial Group advisor today. Visit our Security Center for more information.