Leading On Tech: 10 Tips For Preventing Cybercrime

Has technology outpaced our ability to prevent or decrease cybercrime?

The idea that credit card information, and even our identity, can be stolen is nothing new. The level of sophistication by which our personally identifiable information (PII) can be compromised is new.cybercrimeprevent

Links in emails, tweets, posts and online advertising may contain malware that helps cybercriminals infiltrate networks and access data. Furthermore, the prevalence of subcontractors or third-party vendors in the business world increases the risk of a data breach.

This is not simply a problem for corporate America. The majority of data breaches happen to companies of 100 employees or less. Small businesses and individuals alike should be proactive in protecting data and personal information.

The U.S. Government has sought to increase awareness through a campaign called “Stop.Think.Connect” launched in 2010 by the Department of Homeland Security.

In summary, the three tips suggest:

Stop: Keep your software, web browser and operating system current.

Think: Use long and strong passwords plus security questions when offered.

Connect: When in doubt, throw it out. Do not open a link in an email, tweet, post or online advertising if you are unsure about the source.

In other words, think before you click!

The Target Data Breach

On December 18, 2013, KrebsOnSecurity first reported the data breach at Target.

Cybercriminals from Eastern European and Russia breached Target’s U.S. point of sale (POS) devices in December 2013, stealing the credit card numbers of 40 million shoppers and the PII of an additional 70 million shoppers, totaling 110 million shoppers.

Target provided its third-party vendor in Pennsylvania, a heating, ventilation and air conditioning (HVAC) company, open access to its network in order to do maintenance on systems in their stores. This cost-saving measure is typical in the retail industry for maintaining the proper temperature in stores.

The cybercriminals infiltrated Target’s network via malware-laced emails sent to employees at the HVAC vendor in Pennsylvania, then installed malware into the POS devices and then began doing data drops to locations in Florida and Brazil. From there, the cyberattackers accessed the data and sold what they could on the black market for a hefty profit.

How do you react to this story?

First, it is worth noting that businesses typically grant vendors access to their networks for various functions.

Second, these vendors can have data either hacked directly from them or they can be a gateway into a larger data pool, as in the Target breach.

Third, Target was viewed as having a good, secure network.

Fourth, Target was, in essence, a victim of the hackers as well.

To date, the cost of the Target data breach is $236 million with a reported $90 million in insurance payments and a consistent drop in share prices.

The story of how and why Target was hacked illustrates that a data breach, large or small, may be prevented or decreased with a bit of vigilance and common sense. It also shows us that even after taking proper security measures, outside vendors, which are used by most businesses, may become a gateway for hackers to access our data.

After the Target debacle, changes began taking place in the United States. New laws were enacted, new insurance policy wordings were drafted and consumers began to take a closer look at where they shop and how they pay.

There is something to be said about our American resilience. We learn from disasters or high profile cases, we pause, we take notice, we make the necessary adjustments—then we get on with our lives.

So, are we overly concerned about cybercrime? Will our concern pass once we sort out our cybersecurity action plans?

For those people who’ve been victims of identity theft, it will take more time to recover than for those of us who’ve had our credit card information compromised. The actual damage or harm to victims of a data breach is usually inconvenience, and perhaps emotional distress.

Those profiting from a data breach are the hackers as well as counsel defending insurance companies from the lawsuits that arise. The biggest loser is the entity that has been hacked, particularly if they do not have cyber insurance to help alleviate some of the cost.

For those of us using online transactions, here are10 tips for preventing cybercrime:

1. Review your receipts.

2. Reset your passwords.

3. Review your bank statements.

4. Be vigilant and notify your bank of any unauthorized transactions.

5. Request a replacement card if you find unauthorized transactions.

6. Report illicit transactions within 60 days to avoid paying more than the $50 limited liability amount.

7. Monitor your transactions online if you used your card during a period when hackers were active.

8. Call the credit card issuer and report anything suspicious.

9. Contact one of the three major credit bureaus to establish a free fraud alert on your account if you see unauthorized transactions.

10. Order a free copy of your credit report annually from each of the three credit bureaus and be vigilant when reviewing them and report any discrepancies.

If you follow these tips, you will less likely become a victim of cybercrime.

Conclusion

Keep in mind that cybercrime is big business and growing every day. It is said that there are two groups: those of us who have been hacked and those of us who will be hacked. The alarming reality is that you may not be aware of cybercrime until it is too late.

Are you taking steps to protect yourself and your business from cybercrime?

Dawn Kristy

Dawn Kristy

Dawn Kristy has a writer’s love of words and storytelling, an editor’s keen eye for details, a risk manager’s proactive caution and an advocate’s desire to help those in need whether in the for-profit or non-profit community. Dawn is an attorney licensed to practice law in NJ and PA with over 25 years work experience in law, insurance, reinsurance, business development, writing, editing, presenting, sales, fundraising and campaigning. Dawn had the good fortune of working abroad for nearly 13 years gaining first-hand experience in cross-cultural client relationship management, business development, marketing and communications. Dawn has successfully led projects with determination and compassion, developed new business and raised funds for non-profit organizations. Disclaimer: This blog post is made available for informational purposes and is not intended to be a substitute for professional or legal advice. No attorney client relationship is formed or implied between you and the guest blog author or the blog/web site publisher.
Dawn Kristy
Dawn Kristy

Comments

comments

4 Comments

  • August 8, 2014

    dawnkristy

    gingerconsult Thanks Jen! #cybercrime, #cybersecurity, #databreach, #dataprivacy

  • August 8, 2014

    gingerconsult

    rhogroupee Thanks, Rosemary dawnkristy #bealeader

  • August 8, 2014

    rhogroupee

    gingerconsult My pleasure, and nice to meet you!

  • August 8, 2014

    gingerconsult

    rhogroupee Great to meet you as well.