Our Q3 2022 Cybersecurity Risks & Trends feature covers the topics of cyber hygiene, preventing business email compromise (BEC) scams, and cybersecurity tips for business travelers:
Essential Elements of Cyber Hygiene
As cyberattacks become more frequent and severe, it’s increasingly important for organizations to practice good cyber hygiene—habitual practices ensuring critical data and connected devices are handled safely—to minimize their digital exposures. Some consequences of poor cyber hygiene include:
- Security breaches
- Data loss
- Software vulnerabilities
- Antivirus weaknesses
Here are some essential elements of cyber hygiene for organizations to consider:
- Passwords—Employees should be required to create strong and complex passwords and avoid sharing or using the same password across different accounts.
- Security software—A high-quality antivirus software can perform automatic device scans to detect and remove malicious software and provide protection from various online threats and security breaches.
- Data backups—Essential files should be backed up in a separate location, such as an external hard drive or the cloud.
- Firewalls—Organizations should have a network firewall to prevent unauthorized users from accessing company websites, email servers and other sources of information.
- Multifactor authentication—Important accounts should require multifactor authentication to limit the opportunity for cybercriminals to steal organizational data.
- Employee education—Workforce cybersecurity education is essential to teach employees to identify phishing attacks, social engineering and other cyberthreats.
Daily routines, good behaviors and occasional checkups can make all the difference in ensuring an organization’s cyber health is in optimal condition.
Preventing BEC Scams
A business email compromise (BEC) scam entails a cybercriminal impersonating a seemingly legitimate source via email. The cybercriminal uses these emails to gain the trust of their target, thus tricking the victim into believing they are communicating with a genuine sender. From there, the cybercriminal convinces their target to wire money, share sensitive information or engage in other compromising activities.
These scams are among the most expensive types of cyber losses, and they have emerged as a major threat. According to the FBI, BEC scams caused more than $43 billion in losses since 2016, with such losses increasing by 65% between 2019 and 2021 alone. Considering these numbers, it’s crucial for organizations to take steps to prevent BEC scams. The best way to do this is through staff education. Organizations should provide their workforce with this guidance:
- Refrain from sharing personal or work-related information on social media platforms, as cybercriminals could use those details to launch a BEC scam.
- Avoid opening or responding to emails from parties you don’t know. If an email claims to be from a trusted source, verify the sender’s identity by double-checking the address.
- Be wary of emails that lack personalization, contain spelling and grammatical errors, request sensitive details or use threatening language.
- Never click on suspicious links in emails. Avoid downloading email attachments from unknown sources.
Cybersecurity Tips for Business Travelers
Organizations face heightened cybersecurity risks when their employees travel. Business travelers are prime targets for cybercriminals, as they often carry valuable data and may not always be careful about securing their devices. According to research from Morning Consult on behalf of IBM Security, more than 1 in 7 travelers have had their personal information stolen on the road or abroad. Some common cyberthreats business travelers may encounter include unsecured Wi-Fi networks, publicly accessible devices (e.g., hotel computers), and stolen or misplaced devices.
To minimize cybersecurity exposures for traveling employees, organizations should implement the following best practices:
- Establish Wi-Fi policies. Organizations should have policies requiring employees to confirm the network name and precise login procedures with the appropriate staff before connecting to public Wi-Fi networks in airports or hotels. Sensitive activities, such as banking or confidential work-related projects, should not be conducted on public Wi-Fi networks.
- Enforce virtual private network (VPN) use. A VPN routes all online traffic through an encrypted virtual tunnel. Such a network can help reduce the risk of cyberattacks by establishing a secure connection between users and the internet. Organizations should require employees to utilize VPNs whenever possible, especially during business travel.
- Conduct physical security training for digital valuables. Organizations should encourage business travelers never to leave their devices unattended. Employees should also be instructed to utilize strong passwords or multifactor authentication capabilities (if possible) and lock devices in hotel safes upon leaving their rooms.
- Encourage employees to pack minimal devices. Leaving unnecessary technology at home can help reduce the chance of theft or data loss. As such, organizations should only permit employees to bring devices that are essential to completing their job duties on the road or abroad.
- Require regular software updates. Cybercriminals typically look for security flaws in outdated software. Updates are sent out to patch any holes in the software and reduce the opportunity for cybercriminals to attack. Employees should be required to update device software regularly.
- Establish response plans. Organizations should have specific response plans that outline steps to take when devices containing confidential information are compromised, lost or stolen while traveling.
Business travelers often carry sensitive information on various devices, leaving them vulnerable to cyberattacks. However, taking the proper precautions while traveling can help them keep their technology and data secure.