Cybersecurity, IT Alerting and Incident Response

‘Tis the Season for Cyber Fraud: Timely Tips to Protect Your Business

By Shannon Gallo

No matter the industry, being in business requires keeping cyber crime on your radar. Attacks from ransomware become more sophisticated every day.

While data is still being compiled for the remainder of this year, in 2020 the FBI’s Internet Crime Complaint Center (IC3) reported losses over $4.1 billion. During that same year, 155.8 million individuals were affected by data exposures, which are defined as the “accidental revelation of sensitive information due to less-than-adequate information security.”

Suffice to say, when it comes to cyber crime, there’s no such thing as being too vigilant. This is especially true considering the associated costs of notifying all stakeholders, paying legal fees and regulatory fines, and offsetting detriment to your brand.

And yet many organizations fail to put risk management strategies in place – including those covering vital critical communications – that will keep pace with existing and emerging risks. Only 46 percent of risk management professionals agree that risks and business disruptions can come from anywhere, according to a commissioned study conducted by Forrester Consulting on behalf of OnSolve, Failing To Plan Is Planning To Fail: Take a Proactive Approach to Critical Event Management to Improve Risk Preparedness. Meanwhile, just 38 percent say their current risk management strategies are effectively measured or optimized today.

This time of year that’s worrisome. While cyber security is an ongoing effort, the holidays up the ante on computer and internet-based fraud. During these incidents, an IT alerting system can help you get ahead of the crisis and mitigate damage. Critical communications or a mass notification system can help you:

  • Educate employees about best practices to avoid data compromise caused by hacking.
  • Notify all stakeholders when a breach occurs and deliver regular status updates.
  • Leverage automated workflows that activate globally dispersed teams to quickly coordinate incident response.

Whether hosting your company’s virtual holiday party, sending a digital greeting card to your staff and clients or setting an app-based timer for those twinkling lights around the office, this time of year you can never be too careful when it comes to protecting your online presence. Let’s take a look at some of the common causes of yuletide cyber fraud and how your organization can avoid them.

Seasonal Shopping Scams

It starts in November and you may have already been targeted, courtesy of Black Friday, Cyber Monday and Giving Tuesday. This is prime time for cyber criminals to gain access to sensitive information via sales offers that seem too good and later deliver nothing but regret. Many of these swindles involve emails requesting log-ins and personal information, under the guise of coupons and other incentives related to an actual purchase. Advise employees to take the extra time to navigate directly to the retailer’s website instead of clicking links that could be dangerous.

Delivery-based Phishing

Going into December, once the shopping extravaganza is out of the way, it’s on to the deluge of delivery. For those received at the office, as well as those sent to your people’s homes, additional ordering gives scammers yet another shot at prime phishing targets. These are often imbedded in fraudulent delivery notices via text and email that ask for updated credit card information, passwords and other sensitive data.

Many savvy retailers recognize this and are making efforts to prevent it. Bulk orders for seasonal items – everything from annual wall calendars to staff gifts to ice-melt – should be transacted only with vendors who’ve established clear cyber security protocols. Remind everyone tasked with online ordering to go over any directions provided at the time of purchase stating how the seller will make contact.

Tax Time Trickery

January is always a trying time of year. You’re busy collating receipts and departmental records and waiting for W-2s and other tax documents to arrive in the mail. Meanwhile, scammers are concocting stealthier means of impersonating the IRS and gaining access to your company’s data.

Whether it’s a trigger word in the subject line or a voicemail designed to sound authoritative, it’s vital to remember that the IRS only sends correspondence in writing, via USPS. That means texts, voicemails, emails and social media attempts are almost certainly fraudulent, even if they already contain some amount of confidential information.

Academic Antics

For institutions of higher education and high schools, February is an important month to be aware of the potential for hacking. While this can happen at any time throughout the school year, college application due dates can trigger both fraud and crimes of opportunity. Whether it’s ill-intended access to valuable personal and academic records or fraudulent alteration of those records for the purposes of improving entrance applications, schools need to ensure their security measures are A+.

Remind faculty to avoid passwords associated with their known hobbies, interests and family backgrounds. If a breach does occur, transparency with the student/parent body is imperative. An IT alerting system will ensure everyone gets the message immediately. It also facilitates simple, actionable instructions for damage control, such as directions to reset passwords and monitor accounts.

Looking Towards 2022

As we prepare to go into the New Year, this last month is a great time to take stock and update your risk management and critical communications strategies. Highly capable firms are those that demonstrate a “strong critical event management response,” as found by the commissioned study conducted by Forrester Consulting. This means considering all manner of business risk, including information security, travel, employee risk, data privacy and threats that could impact customer experiences.

When a breach does happen, stay calm and remember that trusted resources are just a click away. OnSolve® IT Alerting ensures you can react efficiently to activate your response team, communicate with all stakeholders and stay compliant with the regulations governing data breaches. When it comes to your ROI, during trying times IT alerting delivers measurable results. Check out our webpage to learn more.