The Founder and President of our organization, Fred Moore, recently hosted a workshop for The Alexander Group on the State of Cybersecurity in 2024. Most of the audience were small business owners; while they were the primary target of Fred’s advice, anyone could benefit from the information he presented.
Dive into the State of Cybersecurity in 2024 and see how business owners, employees, and individuals can protect themselves and their assets.
What comes to mind when you think of a hacker or a digital scam? A lone, 40-year-old man typing away at a computer monitor hunkered down in his mother’s basement? An older adult who thinks she’s on the phone with her granddaughter? Certainly not you? If that’s your belief, it’s time for a reality check.
Cybercrime has increased by over 250% over the last two years, and the global cost of cybercrime is estimated to have exceeded 6 trillion dollars in 2023. The criminals behind these numbers are running highly efficient and effective operations – and many cybercrime organizations have hundreds of members/employees. The cybercrime industry intersects with international law, global politics, high-level business interests, fast-paced technological advancements, and human trafficking.
While this information can be daunting, and the large-scale implications seem intangible, small business owners can’t let overwhelming feelings prevent them from taking action. While many cybercrime organizations target large corporations, small businesses remain the most frequent victims of digital scams.
Phishing remains one of the most common scams affecting business owners and employees. The idea behind phishing is simple: a bad actor sends a message pretending to be someone else and prompting the recipient to reveal private information. Phishing scams are constantly evolving, with scammers designing email messages that resemble a standard email from a company, a client, or even the recipient’s boss.
Our Moore Computing team asserts that vigilance with links is vital. Be wary of any links sent in emails, especially those that ask you to share certain information. Verify the link before clicking on it. Take caution if you notice glaring spelling errors, conspicuous vocabulary, or something fishy in the email’s footer. It takes time to recognize these emails, and training can help.
Ransomware is one of the most detrimental cybercrimes. When cybercriminals target individuals or businesses with ransomware, a virus infects the computer system, encrypts data, and blocks the victim from accessing their information until they pay a ransom.
The ramifications of a ransomware attack can be disastrous. Even if an attacked company can work with its legal team to pay the ransom or regain its data, the average downtime from a ransomware event is 21 days. When MGM Grand suffered a severe ransomware attack in 2023, getting its casinos and properties up and running took significant time since every aspect of the business connects directly to their computer system. Companies may incur costs from the ransomware attack itself, along with costs from loss of business and reputation.
Business email compromise scams are another common issue. These scams take phishing one step further, with cyber criminals hijacking email accounts. Once the bad actor can access the victim’s account, they often orchestrate unauthorized fund transfers or manipulate account details. Like phishing, vigilant training and awareness are critical to lessen the chance of these attacks. Always be alert, never cut corners, and always follow company protocols to minimize risk.
Call scams can feel more personal. A bad actor calls you from a number and pretends to be tech support, a service provider, or even an individual you know in person. AI voice technology takes these scams one step further, and now advanced attackers may use an AI model to simulate the voice of someone you know. Trust your gut, and verify where calls are coming from and why.
Pig Butchering is growing in popularity, combining romance or companionship with investment deception. The scam starts with the bad actor building trust through casual conversations online or even through the premise of online dating. As the victim’s faith in the scammer grows, they’ll receive information about an “investment opportunity” (beware of these schemes, including fake investment portfolio sites, which can look and feel very real).
The scammer then convinces the victim to start “contributing” to the financial scheme through digital payment or cryptocurrency, clouding the transaction trail so that the victim won’t be able to recover their funds. After the fraudster has the money they need or the victim gets suspicious, the fraudster cuts the “relationship” off and terminates the contract. The scammer “fattens the pig” before “butchering” their finances. Seniors, especially those who are divorced or widows/widowers, are a common target.
After examining these scams (and understanding that they develop more each year), the natural question for business owners is how they can protect their business. Mitigating payment diversion risk is an excellent place to start. Wire and ACH transfers are prime targets for diversion. Business owners should set up clear protocols regarding payments and invoices within the company and with clients/vendors/other businesses they work with. Verbal confirmation, on top of foundational cybersecurity measures, can help ensure payments go between the intended parties without diversion.
Multi-factor authentication (MFA) is all the rage right now, and for good reason. When there are multiple steps safeguarding accounts and information, it is harder for bad actors to step in. A typical MFA setup is when a user must type in login info and enter a unique code sent directly to their phone number or email. While the extra steps can seem tedious, the few extra seconds are a small price to pay in comparison to a cyber attack.
Cybercriminals are intelligent, but so are well-trained employees. Email diligence is a critical skill that comes with training and experience. Small business owners should seek out a program that works for their team and trains them on spotting fraudulent opportunities in emails. Our team recommends KnowBe4, which sends out fake phishing emails for recognition practice.
The reality behind cybersecurity for small business owners is that it’s the culmination of many efforts over time. Think of specific tasks as “cyber hygiene,” ensuring your digital assets and systems are healthy and clean. Using a password manager, training employees on understanding scams, having MFA wherever it’s available, and taking extra precautions with online payments are just a few ways to improve your small business’s cyber hygiene.
At Moore Computing, we also emphasize the need for cyber insurance. It may have seemed excessive to business owners a few years ago, but now, more than ever, it is necessary. A cyber insurance agent can work with you to determine which plan best fits your business needs. When a cyber-attack happens, your policy can help you connect with legal and PR teams to resolve the issue and get your business back up and running as soon as possible. The insurance price is small compared to the havoc cybercriminals can wreck your company and its reputation.
Every company needs an IT team they can trust to protect their business, improve operations, and catalyze growth. Businesses of every size and industry trust Moore Computing, LLP, to be their “IT team.” We are a full-service IT firm based in St. Louis with over two decades of experience. Check out our website and give us a call today!