HOW A COMPANY WAS AFFECTED BY SOCIAL ENGINEERING AND HOW IT COULD HAVE BEEN AVOIDED
As cybercriminals become more sophisticated in their approach, organizations of all sizes have become increasingly exposed to risks that previously did not exist.
Earlier this year we hosted a webinar, 5 Cybersecurity Risks Every Business Leader Needs to Know. It explains how hackers gain access to your systems, what they’re looking for, what they’re going to do once they get access and why existing legacy applications can’t protect against their methods.
October is National Cybersecurity Awareness Month, so we want to share 5 simple tips to minimize the risk of a cyber-attack in your organization.
- Implement an employee training program.
- Have a good password management system.
- Install the appropriate firewall and malware detection software.
- Encrypt and backup sensitive and confidential information.
- Have a breach response plan.
Companies get hacked every single day. It doesn’t matter the size, industry or number of employees –no one is safe from a cyber-attack. Here is a real-life example of how a company was successfully attacked through social engineering and how this costly result could have been avoided.
An employee in HR receives an email from the company’s CEO informing her that the organization is working with an outside consulting firm for employee taxes and needs a copy of all the employee W2’s. The employee believes the email to be legitimate. She doesn’t confirm with her manager or contact the CEO through a secondary communication to verify the email and therefore, sends the information.
The email is from a hacker impersonating the CEO. The hacker utilizes the information to file false tax returns. Once the mistake is discovered, multiple tax returns have already been filed electronically and paid. The company must notify the state attorney general of the breach, which subsequently opens an investigation. The company must retain an attorney, notify all affected employees, set-up a call center, implement credit monitoring, have identity theft restoration and pay for all legal fees for employees to reverse the IRS claims and/or reimburse the employees for lost tax returns.
With cyber insurance, there would be coverage for breach notification cost, call center set-up, credit monitoring and identity theft restoration, forensic investigation, and regulatory defense, fines, and penalties.