Cancel OK

Don’t be an easy victim for cybercriminals

Analysis
cybercrime

Modern cybercriminals are as sophisticated as ever, but they’re no different than any other criminal in one way: they relish an easy victim. If your company’s digital security isn’t taken seriously, you may be low-hanging fruit to cybercriminals.

In a Town Hall hosted by the Produce Marketing Association (PMA) on August 4, security professionals laid out the threats and protections to cybercrime.

“Cybercriminals are looking to do something easy, an easy target,” said Dave Summitt, CISO for Alpha Omega Advisors. “But every one of [these attacks] is preventable. The threats are there, and you have to protect yourself.”

There are many kinds of cybercrimes, Summitt said. A common one is being hit with ransomware, where a criminal will shut down your system and demand money in exchange for turning it back on.

It’s easy to tell when you’re the victim of this kind of crime, he said, because they demand something.

It’s harder to tell when criminals have installed a bug to steal information or money, or when they’re using your system to perpetrate bigger crimes.

“Don’t think you’re too small to get hit,” Summitt said.

Where does a company start?

Greg Gatzke, president of ZAG Technical Services, said there are three things to do right away to be more secure. First, train your finance staff on the proper ways to handle ACH (automated clearing house) payments. Then use a multi-factor email authentication system. And finally, give your IT department time to maintain and patch your system. Gatzke warned that the biggest threat is inaction.

Lisa Shasteen, CEO of Shasteen & Percy, PA, said it’s wise to have a layered security defense system so that if something gets by one, it will be caught by another.

She said that from a legal standpoint, a company’s officers could be held liable and have a fiduciary responsibility during theft and loss, so it’s imperative to take the issue seriously.

Summitt said every company should identify someone who will be responsible and accountable for cybersecurity, and it’s that person’s job to make sure everyone in the company knows they’re also responsible.

Peter Jankowski, chairman of Next Level Security Systems, Inc., said staff training is an investment that will pay off.

“Most problems can be avoided if people don’t make mistakes, but the industries I work with are not doing a good job with this,” he said.

George Szczepanski, director of membership engagement for PMA, said cybersecurity is still a young industry, so companies that haven’t invested in it aren’t alone, but they need to soon. There are more security suppliers coming into the industry because there are more criminals, he said.