Cybercriminals are using highly compelling methods to steal business-critical data. If you're a small-to-medium business, the fact is that you are a cybercriminal's target. Many organizations operate hoping "it won't happen to us- we're too small." The reality is, protection today requires a dedicated effort and a defense that includes security awareness.
Here are two stories about businesses that suffered a data breach and lessons learned.
Recently, a local business owner took a call from a scammer posing as an IT person. The executive made no attempt to certify who the caller was and followed the scammer's instructions. The instructions gave the scammer complete access to the business owner's PC, email, and network resources. The scammer planted a remote access tool and proceeded to siphon off all of his email and documents. This data on this business owner's network was now in the hands of the scammer. It's important to note that the customer data did not belong to the business owner, it belongs to his customers. As the business owner, he is responsible for protecting his customers' data.
Here are 4 things this business owner could have done to prevent the data breach:
1. Be cautious and challenge every unsolicited call and the premise. As a full suite IT and cybersecurity firm, we reply to regular sales calls and suspicious calls with "I am not expecting your call, send me an email. Otherwise, I'm not interested."
2. If you have an IT support team, you can set up a code word for support or at least fake a code to throw off the scammer.
3. Never correspond with unknown sources or use any links sent by email. Go directly to the sites mentioned and use a verified number to validate requests that involve clicking any links.
4. Use the Internet with caution and answer phone calls with caution as there are a number of scams out there.
Here's another scam that happened recently that could have been prevented.
An experienced and well-respected doctor was scammed by a person posing as a court officer, notifying the doctor of a "contempt of court" order. The scammer convinced the doctor they would be immediately arrested unless she posted bond via money orders.
The call was so convincing that the scammer gave the doctor directions on how to fulfill the $3,000 bond requests and stayed on the phone with her for over an hour. The doctor went from convenience store to convenience store all day, losing out on seeing her patients, and eventually losing $500. She finally decided to call a policeman who confirmed it was a scam. The doctor was very embarrassed and humiliated by such an outlandish call. She could've lost a lot more of her money, but the big loss was not seeing her patients and falling for this scam.
1. As with the previous incident, any unexpected call should be validated. Caller ID can be spoofed easily and could convey any name the scammer would want the victim to see - just like the display name in an email.
2. Keep a skeptical attitude to unexpected calls. If a call sounds suspicious, it probably is.
3. Get their name, their supervisor, and department, then hang up and call the known and verified number for the organization the scammer is impersonating.
4. Warn your elderly relatives of scams and tell them to not answer any calls they don't expect.
As a full suite IT and Cybersecurity firm, Restech can help with your security awareness and technology. Contact us to learn more.