There are many forms of cybercrime that can affect a small-to-medium-sized business. The AICPA recently released a study of the top five cybercrimes in virtual environments. They include:
- Tax refund fraud
- Corporate account takeover
- Identity theft
- Theft of sensitive data
- Theft of intellectual property
While all are to be taken seriously and need to be considered, corporate account takeover and theft of sensitive data are particularly important concerns for businesses.
In a corporate account takeover, network login credentials are taken in order to gain unauthorized access to corporate functions (such as banking). Transactions can then be made by the criminal, which appear totally legitimate.
With theft of sensitive data, a cybercriminal gains access to a company’s private data for their own use. The most common examples of this type of theft include credit card numbers, social security information, trade secrets, or other personally identifiable information. Often, a security breach is not found until after long after the breach, allowing further intrusion with the passage of time. Small-to-medium-sized businesses are particularly vulnerable to both of these threats due to fewer controls in place and less attention paid to information security.
Some of the strongest weapons (as ranked by the Computer Security Institute) against cybersecurity vulnerabilities are security audits and control reviews, adequate business insurance, and strong incident response plans. A security audit can identify the major risks and help determine the proper preventive controls to put in place. The development of an incident response plan and determination of how an entity deals with a cybercrime can provide additional insight into possible vulnerabilities. These threats can also be remedied through proper control and policy development.
If you have any questions regarding your company’s cybersecurity or other IT policy questions, please contact our specialists at 301.231.6200.