3 Reasons Why Cybersecurity Is More Important Than Ever —
And What You Can Do About It
By Keith Barthold
In the time of COVID-19, devoting your attention to creating a best-in-class cybersecurity program could be a make-or-break decision for your business. The likelihood of being attacked in the collections industry is now close to 100% — and the impact of a major breach can be lethal to a business. Hackers are acutely aware that the reward of a successful ransomware launch could equal a seven-figure payout for a business that deals with highly sensitive data. Why? You are fully dependent on that data to continue operations and you likely have cyber insurance coverage for a maximum ransomware payout.
There is no doubt that the global pandemic and resulting economic uncertainty have created severe consequences for the collections industry. A recent survey of CFOs found these troubling findings:
- 61% reported a year-over-year increase in customer payment defaults
- 41% major coronavirus-related cash flow disruptions
- 80% experienced a loss of business due to stricter payment terms
This is an environment in which you, as a business leader, are likely examining your business model, reviewing risk management plans, and refining cost centers. So, is an investment in cybersecurity a cost or smart risk mitigation that could save you countless capital?
The increasing number of attacks, the growing sophistication of tactics, and the increased vulnerabilities by employees working from home have created the perfect storm for businesses to fall victim to cybercrime – and hackers know it.
#1 — Work From Home Means Relaxed Controls
When employees worked from an office, firewalls and other IT methodology enforce protocols such as not allowing the use of personal devices while working around sensitive customer data. Those controls might as well be thrown out the window when employees are working from home. Not only do you not necessarily know what personal devices your employees are using, you may not know how well their home network is protected, if they are working from public wi-fi, if a member of their household has access to their devices, or if compromised devices reside on their home network waiting to infect their work devices.
#2 — Growing Sophistication
More than 90% of compromises start with a phishing email. Many of these are advanced and highly targeted, indistinguishable from a legitimate email even to a moderately trained eye. Cybercriminals are taking advantage of the wealth of online information to successfully impersonate financial institutions, government agencies, and other organizations that may be affiliated with their potential victims.
We know from phish-testing — sending innocuous phishing emails to employees to test their ability to spot threats — that there are always test failures. Even if only two to three percent of employees fall victim to a phishing email, it could compromise the well being of your entire organization.
#3 — Increased Threat Level
There has been a marked increase in the scams during the coronavirus outbreak. Cybercriminals are setting up fake website and phishing emails purporting to have important information about COVID-19 or to raise money for victims. We generally see an uptick in criminal activity from opportunistic hackers during times of crisis, such as hurricanes, and this is proving no different.
What Are Some Immediate Action You Can Take?
While you are taking the time to ensure that you have the appropriate IT infrastructure and best practices in place, here are some immediate and impactful actions you can take.
#1 — Implement a Work From Home Policy
Put into place a formal work from home policy for all employees. Effective policies include instruction on:
- Wi-fi: Protecting wi-fi through a VPN, never using public wi-fi for sensitive activities
- Passwords: Using a password manager and adhering to password standards
- Devices: The proper use of company and personal devices
- Anti-Malware Software: Updating anti-malware and anti-virus software with next-gen solutions
#2 — Update Confidentiality Agreements
Review the confidentiality agreements issued to employees to ensure they include anything pertaining to remote work. Reinforce the importance of private information by re-issuing for employees’ signatures.
#3 — Continue Cybersecurity Training
We know that most company breaches can be traced back to employees who fell victim to phishing or another scam. Make sure that your employees are armed with the knowledge to recognize phishing emails by providing them with ongoing training and phish-testing.
Training, Security Software, and Updated Procedures Are a Smart Investment
Too often businesses wait until they are attacked before building and training a cybersecure organization. This new climate is the time to be pro-active by identifying, quantifying, and prioritizing your specific concerns — and setting up a plan to mitigate those risks.
Keith Barthold is CEO of DKBinnovative, a leading managed IT services firm that offers secure, reliable solutions to small and medium businesses globally.