News

Corporate Cybercrime

By Mark Gardiner

Corporate cybercrime has been in the news a number of times in the past couple of years.  Recently, Scoular Company was taken for $17.2 million in an international email swindle to a bank in China.  In addition, Target, P.F.Chang’s, Neiman Marcus and JPMorgan Chase, to name a few, all have fallen victim to computer hacking.  The latter companies mentioned spend up to hundreds of millions of dollars each year to safeguard their computer systems from hacking and breach of customers’ valuable information.  JPMorgan Chase spends over $200 million annually on cyber security.  Target stores spent more than any other retailer on cyber security, and yet they still got hacked. I have heard of local cooperatives being swindled out of money.

Many of those engaged in cybercrime hail from Russia, Ukraine and China.  These countries place a heavy emphasis on science, logic and math in their education systems.  Those skills are the building blocks of programming and computing.  As a result, these countries churn out millions of people who are quite good at coding and finding logical flaws in coding.  But in those countries they lack any sort of real pipeline for applying those skills into high-paying jobs.  Many of these individuals will turn to hacking and cybercrime because they view that activity as a way to supplement their income and live the lifestyle that they could not otherwise afford.  There is no deterrent for this lifestyle, because the majority of them will never get caught.

Stand back and take a look at the amount of information you have in your computer system.  You have the organization’s financial information stored and in addition you have your employees, probably their spouse’s name, employee’s addresses and social security numbers.  You also have your patrons’ information stored:  names, addresses, social security numbers and odds are, also their spouses’.  Many of you have thousands of patrons, think of the nightmare if this information is breached.  And what about the damage done to your reputation and your relationships with your customers, vendors and those who provide services to you?

Cyber security is a moving target, and staying secure means adapting your security measures to the latest attacks.  The attacks are constantly changing to circumvent the new security measures released.  Here are a few tips to help avoid computer hacking and breach of your computer system:

  • Lock down your browser and avoid surfing dangers. Even casual surfing on the web can expose you to malware and other cyber security issues.  Some tips on locking down your browser;  prevent pop-ups from loading, disable JavaScript, don’t accept third party cookies, delete cookies on exit, clear history on close, disable ActiveX controls and enable automatic updates.
  • Be wary of attachments to emails, especially email addresses you do not recognize.
  • Don’t use file sharing sites, or services unless you are familiar with them and know the people you are sharing files with.
  • Address security vulnerabilities by installing operating system and program updates as soon as possible.
  • “Scrub” confidential information from discarded equipment. It is a common misconception that deleted files are gone for good.  In fact, the deleted files on most devices are easy to recover using widely available forensic recovery tools.  Even reformatting or repartitioning a hard drive will not completely destroy all the data on it.  Physically destroying a hard drive or other device with a hammer is the free and low-tech option.  You can also use specialized software that will “scrub” all data from a hard drive so that it is not recoverable.
  • Be safe when using remote access and public computers. Be careful of the dangers of employees using family computers when taking work home.
  • Be careful about putting your firm data in the “cloud”. Much of your online banking has your data in the “cloud”.
  • Beware of data theft with USB sticks.
  • Enable a two-factor or two-step authentication on all software where it is available. At a minimum a two-step authentication process should be used by employees that have access to sensitive company, customer and employee data.
  • Use a secure and unique password that is changed regularly, especially for online banking. Many banks will provide you with a “Secure ID” device.  This device adds an extra layer of password protection.  The device provides a personal access code that is a random number that changes every 60 seconds and each code can only be used once.  This makes it almost impossible for someone to know your password.

Cybercrime is a real and present danger to you and your company.  At many companies, further time and work will be necessary.  This extra effort is well worth the investment, at the very least, a cybercrime incident will be costly and a significant interruption to your business.