Successful wire transfer fraudsters convince employees to send company money or social security numbers their way using a familiar email from a source they’ve hacked.
Ransomware hackers lock up computer files and demand money to release them, leaving businesses crippled without access to their own information.
These are among the cybersecurity concerns addressed by Brian Sniffen of Wildwood Law Group in Portland at a Roseburg Area Chamber of Commerce luncheon Monday at the Douglas County Fairgrounds in Roseburg.
Sniffen said businesses can take steps to protect themselves. Since most businesses will suffer some type of hacking incident, it’s best to be prepared, he said.
“Don’t pretend like it’s not going to happen, don’t rely on sheer hope,” he said.
Businesses can protect themselves by conducting a data inventory to figure out what data they’re collecting and holding but don’t really need. It’s best to purge unnecessary data, Sniffen said.
Businesses can also back up their information so they won’t be crippled by a ransomware attack.
It’s also a good idea to use multi-factor authentication, which involves having the person seeking private information or money online confirm by phone or email, an additional step that verifies the person logging in is the correct person, he said.
And he said businesses should prepare an incident response plan with information about who to call and what steps to take following a cyberattack.
When it comes to ransomware attacks, many companies do decide to pay the ransom because it amounts to several thousand dollars versus sometimes millions in costs for being unable to access the data and continue business operations. And some companies that have paid the ransom do get their data back, Sniffen said.
“Oftentimes what it comes down to is an economic decision, where it’s like alright it’s worth a shot,” he said.