Data theft and payment security are hot-button topics in the US, as many high-profile companies and organizations have recently fallen victim to attack from a cyber hacker. From Google to Apple, the headlines speak for themselves—companies have a major issue with data security. If you’ve yet to read Part One of our investigation into the Sony hack, you can find it here. This week we’ll be focusing on how you can protect yourself from the same fate as Sony.
Read below to learn what cybercriminals are looking for, how they get it, and what you can do to prevent a breach at your company.
What They Want
Traditionally, cyber hackers are looking for any information that 1) leads to direct access to your personal financial information, directly taking money from your accounts or charging credit cards, and 2) personal information they can sell, including social security numbers and email addresses.
Criminals who steal physical cards from “drops,” or brick-and-mortar stores with lax security, earn more than four times the amount per card than a cybercriminal who only takes the card information though a hack. The reason, as we’ve discussed before is due to the card’s value on the underground criminal market.
Physical cards may be used for in-store purchases, making them more valuable. Card information, while still valuable, can only be used for online purchases that allow shipping to a different address than the billing location—a rare find.
How They Get It
According to Inc.com there are several ways hackers will try to break into your accounts and steal your information.
Using a computer and a $300 graphics card, a cybercriminal can run over 420 billion simple, lowercase, eight-character password combinations every minute. Unfortunately, more than 80% of cyberattacks involve weak passwords, and it doesn’t help that over 55% of people use the same passwords for all accounts.
A cybercriminal can create a piece of malware delivered to your system by an infected website, USB drive, or application, which captures keystrokes, passwords, and data. Malware attacks have increased for small businesses by 8% since 2012, and the average loss from each attack is around $92,000, a hefty amount for most companies.
Cybercriminals utilize email lists purchased from underground markets to send fake but official-looking emails from respected companies that prompt you to enter your password or click links to infected websites. One of the fastest-growing types of attacks, instances of email phishing have risen 125% since 2012, the year phishers stole a record-breaking $1 billion from small businesses.
A cybercriminal browsing your social media accounts can often gain enough information about you to pretend to be you, resetting passwords for your accounts and locking you out. Over 29% of all security breaches involve some form of social engineering, and victims can lose between $25,000 and $100,000 per incident.
Instead of heading straight for your bank account, cybercriminals will make you to open it yourself by hacking your website and posting embarrassing content. The only way to quickly remove the content is to pay out a fee to the cybercriminal. While this sounds ridiculous, these criminals extort over $5 million a year. But the real cost is data loss—paying the random doesn’t mean you get your files back.
How You Can Stop Them
The best way to prevent your business from falling victim to a cyber-attack is by educating your employees about the various methods hackers will use, and the best practices to avoid exposure.
- Strong Passwords—Mandate that your employees use long and difficult passwords with various characters to prevent passwords from being hacked.
- Malware Detecton—Ensure your computers are equipped with malware and virus detection software, and direct employees to avoid suspicious websites on their home and work computers.
- Install Updates—Be sure to install the latest updates on your browser, as Internet Explorer, Chrome, and Firefox all release frequent patches to make their products more secure against hackers.
- Avoid Links—Don’t click links in an email unless they’re from a trusted source, look legitimate, and make sense in context. A second thought is often all it takes to detect a fraudulent link.
- Payment Security—Ensure any type of transferable data or funds, whether from your company to another, or a customer to you, is protected by governmental standards, including PCI compliance.
For more information on how E-Complish keeps your data secure, browse our payment solutions. All E-Complish payment systems are PCI compliant and rigorously tested to ensure the highest-level security for our customers.