15 February 2019

How to prevent cybercrime

Cybercrime is on the rise. Protecting your business from cybersecurity attacks – and the potential consequences of lost income, business disruption and damages to your organization’s reputation – requires an ongoing effort and constant vigilance. Learn how to protect your business against cybercrime by managing risks and making it more difficult for hackers to exploit vulnerabilities in your technology, processes and staff.

Questions? Ready to get started?

Cybersecurity breaches are increasingly common

In 2017, almost 11,000 Canadian businesses with 10 or more employees participated in the first Canadian Survey of Cyber Security and Cybercrime1 and reported on the incidents that impacted them. Over one in five respondents said their businesses had been targeted, with large businesses twice as likely to be affected. Incidents ranged from hackers attempting to access unauthorized areas and stealing personal or financial information to installing ransomware and blocking access to data or services unless a payment was made.

A 2017 report from Accenture – based on a survey of more than 250 companies operating in seven countries – found that security breaches were up 27% from 2016 and that the number of ransomware attacks doubled from 2016 to 2017. Companies are spending more money and time to recover from the disruption caused to their organization and customers. The financial costs associated with cyberattacks are up 62 percent over the past five years2, and the time required to resolve malicious code attacks and ransomware are also up, averaging 55 and 23 days2 respectively.

The Accenture study also found that larger firms were more likely to be the victim of denial of service and malicious code, while smaller organizations were more likely to experience malware and phishing incidents.

Click here to learn about typical vulnerabilities

We’ve all received emails that look like legitimate requests for information – requiring us to click on a link or download an attachment – but that on closer examination seem suspicious.

In the past, these emails were often laughably amateur. But they are becoming increasingly sophisticated. Many hackers will conduct extensive research to tailor their emails with specific and customized details. It’s easy to be fooled.

Clicking on a link may install ransomware or malware on your system that is able to capture keystroke data or corrupt or steal files. Or you may be connected to a site that looks identical to a legitimate site you visit frequently and asked to log in so that hackers can gain access to your passwords, user names or other sensitive data.

Security breaches happen in other ways, too – from clicking on corrupt links on websites or inserting an infected USB drive into your laptop. Hackers can also deliberately target your network system to gain access.

Prevent cybercrime

Protecting your business from cybercrime requires a multifaceted strategy. Reduce the weak points in your technology and processes by:

  • Establishing strong response, recovery and back-up processes
  • Ensuring firewalls, virus scanning software and endpoint security are all in place and updated regularly
  • Reviewing anomalies in network behaviour
  • Installing network behaviour anomaly detection software
  • Limiting access to systems and information based on job duties, and splitting financial responsibilities between employees

Siva Ram, HSBC’s Head of Business Security and Fraud, Global Liquidity and Cash Management, notes that basic precautions to protect your company’s financial systems and identify potential breaches include “multi-level approvals, secure integration between internal and bank systems, and daily account reconciliation to avoid or quickly identify unauthorized payments.”

Processes and internal controls must be consistent across the organization and tested regularly.

Technology, yes, and training too

There are many tools that provide strong lines of defence against cybercrime – from security intelligence systems and advanced perimeter controls to deploying encryption technologies.

Just as important is training. As Ram notes, “most unauthorized access is committed using impersonation fraud…or [through] phishing where it is user behaviour rather than controls on infrastructure that creates the vulnerability.”

This means all staff must be encouraged to adopt a healthy suspicion towards any out-of-the-ordinary emails, Internet links, USB drives and more.

Vigilance is key. Practical tips for preventing cybercrime include:

  • Never opening attachments, clicking on links or downloading software from unknown sources or questionable websites
  • Reporting unusual behaviour such as pop-ups, long periods with no response or repeated requests to enter security codes
  • Using different passwords for different business logins, and changing them frequently
  • Not using WiFi on public networks when conducting corporate work
  • Taking care to protect your laptop or mobile devices from theft

If a security breach does occur and an employee suspects that they may have inadvertently been the victim of a cybercrime, they must be encouraged to share this information immediately, without fear of repercussion. The faster the breach is identified, the more options you have for resolving the issue and preventing further damage.

Want to know more about preventing cybercrime attacks?

We’ve assembled some high-level overviews on protecting your business from cybercrime, including practical tips for defending your business against text and phone scam, phishing and malware.

1https://www150.statcan.gc.ca/n1/daily-quotidien/181015/dq181015a-eng.htm

2https://www.accenture.com/t20170926T072837Z__w__/us-en/_acnmedia/PDF-61/Accenture-2017-CostCyberCrimeStudy.pdf

Disclaimers

The information presented is not meant to be comprehensive and does not constitute financial, legal, tax or other professional advice. You should not act upon the information contained in this document without first obtaining specific professional advice. While reasonable care has been taken in preparing this document, HSBC does not make any guarantee, representation or warranty (express or implied) as to its accuracy or completeness. The information presented in this document is subject to change without notice.

Certain of the products and services offered by HSBC and its subsidiaries and affiliates are subject to credit adjudication and approval. This document does not constitute an offer to provide the services and products described and the provision of such services and products remains subject to contract.

Issued by HSBC Bank Canada ("HSBC")

You are leaving the HSBC Commercial Banking website.

Please be aware that the external site policies will differ from our website terms and conditions and privacy policy. The next site will open in a new browser window or tab.

You are leaving the HSBC CMB website.

Please be aware that the external site policies will differ from our website terms and conditions and privacy policy. The next site will open in a new browser window or tab.