- Article
- Accessing Capital
- Protect the Business
How to prevent cybercrime
Cybercrime is on the rise. Protecting your business from cybersecurity attacks – and the potential consequences of lost income, business disruption and damages to your organization’s reputation – requires an ongoing effort and constant vigilance. Learn how to protect your business against cybercrime by managing risks and making it more difficult for hackers to exploit vulnerabilities in your technology, processes and staff.
How to prevent cybercrime
Organizations once ravaged by the COVID-19 pandemic are facing a new set of challenges since the shift to a digital economy has proven to be a hotbed for cybercrime. The potential consequences of lost income, business disruption and damages to a company’s reputation requires state-of-the-art security measures and constant vigilance. Learn how to protect your business by managing risks and making it more difficult for hackers to exploit vulnerabilities in your technology, business operations and staff.
Cyberattacks are on the rise in Canada
In 2020, organizations that were sideswiped by the pandemic needed to adapt and innovate to survive. Cybercriminals, too, were upping their game. A quick transition to remote work brought more businesses online — along with confidential data. Opportunistic hackers used the pandemic to take advantage of small- and medium-sized businesses, sometimes as an entryway to larger companies. In Canada, 30 per cent of organizations observed a spike in cybercrime during the health crisis and since March 2020, nearly 25 per cent of small businesses were targeted by cyberattacks.1 Given the rise of telemedicine, health care became prime real estate for cybercriminals and ended up being one of the hardest-hit industries.2 Overall, those impacted paid the price. Canadians lost $144 million to fraud so far this year, compared to $106 million in 2020.3
Click here to learn about typical vulnerabilities.
Phishing scams are also on the rise. According to research, 36 per cent of global data breaches so far this year involved phishing, a sharp increase from 22 per cent in 2020.4 It’s common for hackers to obtain valuable data by emailing individuals and requesting information like credit card details, personal login credentials, addresses and phone numbers. In the past, these emails were often laughably amateur. But they are becoming increasingly sophisticated. Hackers will conduct extensive research to tailor their emails with specific and customized details. It’s easy to become a victum. For example, emails requesting information for pandemic-related work policies or available COVID-19 vaccine appointments might seem legitimate. Employees who are working remotely and unable to reach a colleague or supervisor for a second opinion might be quick to hand over sensitive information and not think twice.
The pandemic has also ushered in a new wave of ransomware attacks that can cause major disruption for organizations of any size. A large percentage of the workforce is operating remotely and for employees to connect and share information, company data needs to be stored on the cloud. Accidentally clicking on an untrustworthy link can enable cybercriminals to install a malicious software that corrupts or steal files while demanding payment in return. Or you may be connected to a website that looks identical to a legitimate one you frequently log into so that hackers can gain access to passwords, usernames, or other sensitive data. In 2021, it’s estimated that every 11 seconds an organization will face a ransomware attack, resulting in global damages amounting to US$20 billion.5
Experts say data breaches tend to occur when an organization’s security protocols are outdated. While it’s possible organizations that moved online during the pandemic were not able to thoroughly stress-test their security systems, business leaders need to recognize the savvy nature of cybercriminals and be proactive.
Mitigating cybercrime
Protecting your business from cybercrime requires a multifaceted and up-to-date strategy. Reduce the weak points in your technology and processes by:
- Establishing strong response, recovery, and back-up processes.
- Ensuring firewalls, virus scanning software and endpoint security are all in place and updated regularly.
- Reviewing anomalies in network behaviour.
- Limiting access to systems and information based on job duties and splitting financial responsibilities between employees.
- Understand how recent technology used by the company works and identify any potential loopholes.
Siva Ram, HSBC’s Head of Business Security and Fraud, Global Payment Solutions, notes important precautions to protect your company’s financial systems and identify potential breaches include “multi-level approvals, secure integration between internal and bank systems, and daily account reconciliation to avoid or quickly identify unauthorized payments.” Processes and internal controls must be consistent across the organization and tested regularly.
Narrowing the education gap
There are many tools that provide strong lines of defense against cybercrime, from security intelligence systems and advanced perimeter controls to deploying encryption technologies. Training is also just as important. As Ram notes: “Many employees are either working remotely or in a hybrid setting so one of the best lines of defense against cyberattacks is ensuring everyone is on the same page. Employees should know what makes a fraudulent email stand out from a legitimate one, and who to contact when they spot something unusual.”
This means staff must be encouraged to adopt a healthy suspicion towards any out-of-the-ordinary emails, internet links, USB drives and more. Vigilance is key. Practical tips for preventing cybercrime include:
- Never opening attachments, clicking on links, or downloading software from unknown sources or questionable websites.
- Reporting unusual behaviour such as pop-ups, extended periods with no response or repeated requests to enter security codes.
- Using different passwords for different business logins and changing them frequently.
- Not using WiFi on public networks when conducting corporate work.
- Taking care to protect your laptop or mobile devices from theft.
If a security breach does occur and an employee suspects they may have inadvertently been the victim of a cybercrime, they must be encouraged to share this information immediately, without fear of repercussion. The faster the breach is identified, the more options you have for resolving the issue and preventing further damage.
Want to know more about preventing cybercrime attacks?
We’ve assembled some high-level overviews on protecting your business from cybercrime, including practical tips for defending your business against text and phone scam, phishing and malware.
Disclaimer
© Copyright HSBC Bank Canada 2021. All rights reserved. No part of this document may be reproduced, stored, distributed or transmitted in any form without the prior written permission of HSBC Bank Canada.
The information presented is not meant to be comprehensive and does not constitute financial, legal, tax or other professional advice. You should not act upon the information contained in this document without first obtaining specific professional advice. While reasonable care has been taken in preparing this document, HSBC does not make any guarantee, representation or warranty (express or implied) as to its accuracy or completeness. The information presented in this document is subject to change without notice.
Certain of the products and services offered by HSBC and its subsidiaries and affiliates are subject to credit adjudication and approval. This document does not constitute an offer to provide the services and products described and the provision of such services and products remains subject to contract. “HSBC” is a trademark of HSBC Holdings plc and has been licensed for use by HSBC and its affiliates.
