Guarding the Digital Fortress: Cybersecurity for Businesses

In today’s world, companies cannot afford to be unprepared for cybercrime. Virtual heists are as daring as a physical bank robbery, and the hackers behind the keyboards are as cunning as any criminal mastermind. What’s more, cybercrime today is similar to a business. That means legitimate companies need to protect themselves from the nefarious activities of the criminal underground. 

During a “Fraud & Cybersecurity Awareness” webinar hosted by Western Alliance Bank during Cybersecurity Month, Victor Vinogradov, the bank’s Chief Information Security Officer, outlined the different types of cybercrime organizations and shared tips on how legitimate organizations can defend themselves.

How Cybercrime Works

“Gone are the days where it’s one person in their garage that attacks an organization or individuals,” said Vinogradov. “These are syndicates. Just like we run our businesses to make a profit, to be innovative and to have services people want to consume, this criminal syndicate does the same thing, and it’s a multibillion-dollar-a-year industry.”

The cybercriminal ecosystem is based on services, distribution and monetization, all of which are available for a price, Vinogradov explained.

Services

Advanced tools and a network of affiliates enable cybercrime and drive the underground economy. For example, access brokers gain access to organizations’ systems and sell sensitive data on criminal forums or through private channels. “Data extortion happens based on business email compromise or other fraud events,” Vinogradov said.

Distribution

Cybercriminals adapt to security controls to initiate attacks on companies and distribute malware. They use tools like social media platforms and text and email spam to attack companies and individuals. 

Vinogradov advises avoiding posting personal information (including your email address) or detailed information about your organization’s inner workings on social media. 

“A portion of  the entities on LinkedIn are bots controlled by criminals,” Vinogradov said. “Their sole purpose is to gather intelligence about your friends and your community to target you and people you know.”

Monetization

Ransom payments and data extortion are the most popular avenues for monetization. Dump shops, which offer stolen credit card data or government IDs, are another way cybercriminals make money. 

How to Identify Scams

Servers, networks, media such as thumb drives or printed documents, devices like phones, laptops and tablets, and networks all are targets for cybercriminals. 

However, a company’s employees can be the easiest way to access a company’s sensitive information. Cybercriminals learn their victims’ behaviors to gain administrative access to an organization’s systems. They review stored emails looking for communications discussing the movement of funds before initiating fraudulent activity. 

It’s critical for organizations to ensure they are properly trained to spot scams and avoid divulging information cybercriminals can use to harm the company. 

For example, access brokers can compromise systems using phishing emails. To detect whether an email is legitimate or a phishing attack, look for: 

• Grammar and punctuation errors and the use of the word “kindly.” 

• A URL that is just slightly off from the legitimate URL, or an email supposedly from a company that comes from a non-corporate address. 

• A sense of urgency, designed to persuade you to respond without checking into the message.

• Inconvenient timing, such as late in the day before a weekend (especially a long weekend). 

• A sender you haven’t heard from before or in a long time, or a new email address for a sender. Reach out directly to your contact (ideally by phone) to verify a request is legitimate. 

How to Protect Your Business

Businesses can develop a cybersecurity-aware culture that’s rooted in people, process and technology to protect their businesses from cybercriminals. It’s smart to train all employees — from entry-level workers up to board members — to detect threats. Having specific, frequently updated policies and procedures provides a clear pathway for all team members to follow.

Companies can protect themselves with these strategies: 

• Utilize two-factor authentication, require long passphrases, and manage access and permission levels to keep bad actors out. Urge people to use unique passwords for each login and avoid passwords (including lock screen passwords) that use their birthday or ATM PIN.

• Register as many company domains as possible that are slightly different than the actual company domain to keep those domains out of the hands of criminals. 

• Instruct employees to avoid public Wi-Fi (including airport or hotel Wi-Fi) and instead use a hotspot created on their phone. For employees that use their personal phone for business, Mobile Access Management provides enterprise-level protection of company information.  

• Consider cybercrime insurance coverage to help mitigate costs in the event of a breach. 

Even if businesses take all the steps necessary, there is still a chance that criminals will breach their systems. In that event, it’s important to have a response plan outlining who to call when an incident occurs, how to contact clients and what to tell the media. 

Cybersecurity and Fraud Prevention Offerings from Western Alliance Bank

Western Alliance Bank has several solutions designed to prevent fraud. For example, customers can reduce incidents of payment fraud through Positive Pay¹ for checks and ACH transactions, which ensures only confirmed payments leave the account. 

We are also offering cybersecurity training to clients and their employees. To access the training : 

• Visit this link to sign in and begin. (Note that the training is hosted through SCORM Cloud, and you will be taken to a sign-up page that doesn’t have Western Alliance Bank branding.)

• For more information on how to use the training site, download our how-to guide [PDF].

 

To learn more about security solutions available from Western Alliance Bank, please reach out to your relationship manager or contact us.