The World Economic Forum believes cyberattacks are a more imminent threat for businesses than infectious diseases. We need to put in a great effort to avoid both. Why do we insist on ignoring cyber crime while we worry about the coronavirus?
Since late December 2019, the COVID-19 pandemic has now spread into 114 countries from a grimy, live animal market in Wuhan, China. Vendors there knew how to avoid infectious diseases: wash your hands, your food. But they didn’t care enough. It’s the same carelessness that brings companies thousands or even millions in dollars in post-hacking recovery damages. We now care about stopping the coronavirus, but we don’t seem to care about stopping cyber crime from reaching our company even though it has been a real danger for years.
Picture 1: The results of a 2019 survey by the World Economic Forum exploring business risk for the next 10 years. Circle 1 marks infectious diseases, circle 2 marks cyber attacks and circle 3 marks data fraud or theft.
The threat of a cyber crime virus affecting your business depends on the volume of data you keep, but it’s there. In a 2019 global survey from the Ponemon Institute, 66% percent out of 2,391 IT professionals of small and medium enterprises revealed hackers attacked their company throughout the year. Is there a real risk of a cyber attack on your business? Yes, if we look at the recent security breaches:
- In January 2020, Microsoft lost 250M customer service and user records from 2005 onward
- In December 2019, Facebook lost 267M records, but they wouldn’t know if it wasn’t for researcher Bob Diachenko, who uncovered the leak
- In November 2019, T‑Mobile lost 1M full-scale records including billing addresses
- In July 2019, Capital One bank — the third largest card issued in the US — lost 100M records with card numbers out in an insider attack
Cyber crime is preventable — if you act
So what’s the cybersecurity hygiene for your business? Consider the interview questions that each one of my prospects faces:
- Do you work with an administrator to keep all website components secure?
- Does your company review the website’s security at least once a month?
- Does your website use multi-factor authentication?
As a digital gateway for business, websites are at the forefront of defensive efforts. From my experience, companies at most have some system admin with whatever he or she knows about cybersecurity. Outside of IT, the management doesn’t register how often that person reviews online security measures. They imagine their website is secure just because they said it should be and because there’s a hidden backdoor link with login and the password in safe hands. The rule is not to shake hands in a COVID-19 infection area even if people look relatively healthy. Even when our website appears to be safe, our rule should be to keep it this way through conscious action. The virus symptoms show after 2 weeks, while it can take 5 days to a month to uncover a data breach for a security-focused organization. That’s twice the time needed to sell records on the black market for that early retirement fund. Which should lead you — the business owner or a friend of one — to consider what’s the next step:
- Commission a website security audit to assess the risk of a breach. Remember — if you hold any customer records in a considerable volume, you’re qualified for an attack
- Website hosting providers don’t protect websites from hacking and self-hosting is not safer either without 24/7 supervision. SaaS security solutions such as Titans24 can store your website, app, or data in a digital vault with real-time monitoring and prevention at a reasonable price.
- Digital assets that we mentioned should undergo security reviews once a month. Somebody knowledgeable has to do that. Or you can automate it if you use a secure hosting platform.
Businesses need cybersecurity hygiene
The fear of money loss caused by hacking seems to resonate with businesses the most. In that case, money burns in 3 main areas: there are GDPR fines; recovery damages; and lawsuit losses. You might wonder why are we talking about legal costs. Business offices close so that one infected employee doesn’t take out half of the company. But your online business office — which is your website — can spread a malware infection under your radar for months. For instance, criminals steal payment information from users by inserting malicious code to forms (“formjacking”). This happened to British Airways in October 2019. Not only the airline got slapped with a £183.4M data breach fine, but United Kingdom’s High Court passed a group litigation of 500,000 customers against the company with potential compensation of £6,000 to £16,000 per individual. Although only mega-corporations face financial damages of that scope, a client can sue any business for losing data if he or she proves the resulting damage. By protecting your website all year round, you protect your customers.
Cybercrime is a pandemic that will cost businesses $6 trillion in damages by 2021 (Cybersecurity Ventures). Stopping the COVID-19 starts with us following the advice from the WHO and local health authorities. We should approach cyber crime prevention with the same heightened awareness as it’s not avoidable by distancing ourselves. When the time comes, it hunts us down.
Stay safe during the COVID-19 outbreak with this safety guide from WHO.