Peddling cybersecurity during and following a pandemic is like telling a paraplegic to get a flu shot. Businesses are struggling to financially recover from the COVID-19 lockdowns and cyber nerds continue to scream about digital threats with comic-book-style villain names. But next to actually getting a flu shot, cybersecurity counsel is perhaps the most important part of self-defense for any business. Whether in construction, banking, education, medicine, the culinary arts, or retail, cybersecurity is vital unless you write everything down and store it in a fireproof safe, writes Sarah W. Anderson in an advice column for Business Report. Anderson is an attorney specializing in cybersecurity law.
A real horror story: Let’s say your business makes widgets. You sell 100 widgets to Customer X every month and because they are a routine, loyal customer, your invoicing schedule is somewhat irregular. Unbeknownst to you, an employee downloaded a malware-laced application on a work computer that allowed cyber criminals to watch your network activity for the past year to see how best to exploit you (because that’s what they do). The cyber criminals realize that Customer X knows that your invoices are irregular and pays them almost immediately. Therefore, criminals spoof your invoices to Customer X, pretending to be you for two months, and redirect payments to a different bank. You finally get around to invoicing Customer X to learn that they made the last two payments and refuse to tender any further sums. Eventually, you realize that you were spoofed, hacked, and now have to alert other customers and legal authorities. In addition to losing actual profits, you also lose goodwill.
While there is no full-proof plan to prevent any cyberattack and ensure forever cybersecurity, Anderson says there are 10 cybersecurity policies that, if implemented, are likely to reduce both insider threats and cyberattacks from third parties. Read them here in the full column.