As we all conduct more and more of our business online, cyberattacks have become a highly lucrative form of crime. Recent months have seen businesses bombarded with increasingly sophisticated attempts to cheat them out of critical data. A single successful attack can cost a business thousands or even hundreds of thousands of dollars.
A particular form of online crime that’s surging right now is a scam known as business email compromise. The FBI considers business email compromise to be one of the most financially damaging forms of cybercrime, warning about it in an article on fbi.gov .
A business email compromise attack involves criminals sending email messages that contain seemingly legitimate requests from trusted sources, with the intent of convincing the recipient to hand over something valuable. The approach typically begins with an email message from a hacker that’s known as a “phishing” attempt. Since the message is disguised to look like it’s from a familiar contact (such as a colleague or a bank), the recipient often follows whatever instructions it contains. A simple action like clicking a link or downloading an attachment can give the hackers all they need to steal sensitive data, gain account access or even transfer funds.
Like other businesses, SFM has recognized an uptick in business email compromise attempts in recent months. SFM’s Information Services team has observed a growing number of attacks directed at agent partners and policyholders.
“We’ve seen successful cyberattacks happen to organizations all around us,” said Chad Hagedorn, SFM’s Chief Information Officer. “The good news is that there are some clear measures that any business can take to make them a less attractive target for hackers.”
Protect your passwords
Make sure that everyone in your organization maintains diligent control of their passwords. Proper use of passwords is a critical line of defense against attackers. Just one weak or poorly managed password can put your entire organization at risk.
To keep passwords from being the weakest link in your security chain, follow these practices:
- Use strong passwords. Passwords should be 12 characters or longer, and be free of sequential or repeated characters.
- Never reuse passwords. Create a unique password for every website and service.
- Do not share passwords among your colleagues. Having a separate account for each user is more secure than sharing a common login.
- Use a secure password management application. Not only does this save you from having to memorize dozens of complex passwords, it keeps you from unsafe practices like writing login credentials down and storing them in plain sight.
Take the time to learn about the risks
Train yourself and your staff on security risks and prevention measures. This includes having a system to educate employees on how to identify and thwart phishing attempts. Make sure that everyone in your organization recognizes their responsibility in keeping your systems secure.
Work closely with your IT experts
Whether you have an in-house IT team or you rely on outside services, it’s important that you work together to manage the risk of cyberattacks. Your IT experts are likely working to protect you from attacks in ways you’re not even aware of, such as keeping your software and systems up to date with the latest security patches. You can add to the impact of that protection by cooperating with their security recommendations and encouraging others in your organization to do likewise.
“It’s important to recognize that maintaining security takes a concerted effort from your entire organization,” said Hagedorn. “Don’t try to pretend that security is easy, and don’t hesitate to ask for help when you need it.”