You may think as a paperboard manufacturer you have immunity from the likes of cybercriminals. However, according to John Motazedi, CEO, and founder of SNC Squared, that couldn’t be further from the truth. John was one of the presenters at PPC’s virtual FEI forum and spoke extensively about the dangers of cybercrime as well as the best ways to avoid being a sitting duck to cybercriminals.
No Business Is Off-Limits to Cybercriminals
One of the common falsehoods that John addressed is that cyberattackers only prey on large businesses – a significant misconception that has led one in five small businesses to fall victim to cybercrime annually. This number continues to grow: small businesses are low-hanging fruit to cybercriminals because they have very loose or no security protocols in place. Another falsehood is that cybercrime only impacts businesses in specific industries. Within the past year alone, many major industries throughout North America reported cybersecurity attacks, including 13.9% in the manufacturing industry, 13.2% in the construction industry, 11.1% throughout utility industries, and 10.4% in service industries.
Ransomware is Alive and Well
As cybercrime continues to grow, so does the occurrence of ransomware. Ransomware, which in the past was used to attack people on an individual basis, is now a widespread threat to businesses of all industries and sizes. Ransomware is defined as a type of malicious software designed to block access to a computer system until a sum of money is paid. These types of attacks do not discriminate based on the type of device you use or the places you store your data. The following are now common places where ransomware attacks are administered:
- Mac, Android, iPhone, and iPads
- Mobile device scams (i.e., through Amazon and Microsoft, etc.)
- Text messages from ATT, Verizon, and other mobile carriers
- Cloud drives (i.e., Dropbox)
- Flash and Java installations
- Game apps often used on mobile devices
To give perspective, John says the average cost of a ransomware attack requires a person or business to spend about $180,000 to get their information back. To that point, it’s no surprise that the digital underground’s black market is thriving. In this digital underground, stolen credit cards and hacked PayPal accounts are worth an alarming amount. John says prices for stolen credit cards can range anywhere from $0.11 to $986, and hacked PayPal accounts can range from $5 to $1,767. In addition to stolen or hacked credit card data and bank account credentials, cybercriminals can also generate cash by hacking social media profiles. In fact, on average, a cybercriminal can receive about $75 per hacked Facebook account. And your personal or business email accounts aren’t protected either, with the average Gmail account going for $155.
The Cyberattack Warning Signs
So, how can we avoid being targeted by cybercriminals? According to John, cybercriminals have likely already tried to scam you, so it’s of the utmost importance to be armed with the right tools and know the key warning signs to deflect their attempts at stealing your information. For example, through phishing emails, cybercriminals may pose as a supervisor or colleague at your company, an online retailer, or they may even act as your banking institution asking for updated account information. When glancing at these communications quickly, they may appear to be legitimate. That’s why John says to be cautious of emails that arrive unexpectedly and read them closely to catch the following details that usually give away their validity:
- Before clicking on any URLs within an email, hover over the link to ensure it’s taking you to the website you intended to visit.
- As mentioned before, cybercriminals will attempt to pose as online retailers by using similar names and fonts as the actual retailer. For example, hackers will use com which when looking quickly, can easily be mistaken for amazon.com.
- Double check the sender’s email address to ensure it’s coming from the person/business that’s intended. For example, if a message is supposedly coming from Amazon, ensure that the sender’s email address is associated with amazon.com.
- Lastly, cybercriminals often don’t personalize email messages, instead addressing them in a generic way such as “Dear Client.” Remember, if it’s an important message from a retailer, they most likely will address you personally.
Think Before You Click
Ultimately, John encourages people and businesses to not believe everything they see. Cybercriminals are also known to act as “Online Protection Tools” that will pop up and look like a legitimate tool needed to protect your computer from malware. Before instinctively clicking “allow,” explore who it’s coming from further, do some investigating and make an informed decision, because once they have your information, it’s entirely too late to get it back without a price.
Now, what can you do to prevent cybercriminals from attacking? Implore your company and employees to do the following:
- Think before you click
- Embrace layered security
- Use different, complex passwords for various sites. Change your passwords at least 2-4 times a year. Use a password manager (such as LastPass) to help keep track of your information.
- Conduct a quarterly risk assessment
- Have a real IT company work on your products
- Ensure that there is employee education and have internet use policies in place
- Be aware that phones and mobile devices are a growing target
John says that by performing ongoing security assessments, giving education on spam email protection, using multifactor authentication, a comprehensive firewall, encryption, along with on demand phishing policies, your business has the best chance of beating the complex and sad reality that is cybercrime in 2021.
Want to learn more about cyber security in our industry? Join us for our upcoming Fall Meeting, where John Gift, Chief Security Information Officer at WestRock, will discuss his company’s experience with cyber-attacks and how to prevent them.