Valentine’s Day and cyber fraud may sound like an uncanny union. But as per cybersecurity research firms and analysts, these two are far more bonded than most people would like to think of.
In February 2021, as consumers flocked online to buy flowers, chocolates, and other gifts for their loved ones to celebrate Valentine’s Day, researchers at cybersecurity firm Check Point came across something downright malicious. In the run-up to February 14, 2021, over 400 new Valentine’s Day-themed phishing emails were launched by cyberattackers, targeting innocent online shoppers and users every week, a 29% increase on the previous year.
Heartless hackers are now deploying a bigger-than-ever arsenal of Valentine’s Day scams, including phishing emails and fake e-greeting cards filled with malware, phony florist websites that steal credit card information, and dozens of other tricks. The Indian Home Ministry’s Cyber-safety and Cybersecurity awareness social media handle @CyberDost have also sent out warning messages against cyber frauds during the week leading to Valentine’s Day, and asked the public to stay vigilant while sharing personal information with strangers online.
If you’re security-savvy, you probably won’t be fooled. But that cannot be guaranteed about your employees.
Cybercriminals long ago figured out that most people are less guarded around special days when people are feeling festive. Bad actors escalate their attacks on unsuspecting users by luring them into online scams, like invitations to quizzes or links that offers discounts on the special day, or offers gift vouchers, high discounts or deals on Valentine’s Day items like chocolates, jewelry, roses, etc. But this can be fought back.
Here are five ways to protect your business from Valentine’s Day heartache.
1. Be on high alert during your high season
You’re well aware of the most critical times to your business. If you run a pool-cleaning company, the summer months are your peak period. The weeks and months before Diwali are make-or-break if you have a home decor store or a gold and silver jewelry shop.
These are the times when your systems and data must be up, running, and working smoothly. You know this. And so do the hackers! They will use this knowledge to target your business when it is most vulnerable and extort the maximum ransomware payoff. Hackers understand that if they choose a special day to compromise the website of a flower chain, the chain will pay a hefty price to get its systems back up and running because every hour down is more money lost.
All businesses should be on high alert during their high season. They must ensure that they have the proper protection to thwart hackers and that their defenses are strong when they need them the most.
2. Backup and encrypt your data
Offline backups and data encryption can play a crucial role in protecting your organization from ransomware attacks. You should quickly restore any compromised systems if you have good offline backups. The backups also need to be offline because all your online connected drives will be locked up in the event of a ransomware attack.
Encrypting your sensitive data is also highly recommended. If attackers gain access to your critical assets, they won’t be able to extort you if your data is securely encrypted.
3. Educate your employees
Almost 90% of security breaches are caused by human error. But a security-awareness training program can effectively teach your employees what they need to know to prevent breaches, such as how to recognize those phishing emails that open the door for almost half of all ransomware attacks.
You can also help by reminding your workers to practice good cyber hygiene, especially now that employees often do their jobs remotely. Stress the importance of basic measures like backing up data on a consistent schedule and in multiple places. If workers are storing data primarily on a USB drive, remind them to back up that data on a hard drive or in the cloud. If they’re storing data primarily in the cloud, remind them to save a copy offline.
4. Add MFA to your systems
Here are two stats to think about. Eighty-one percent of breaches leverage stolen or weak passwords. One million passwords are stolen every week.
But you can protect yourself against pilfered passwords with multifactor authentication (MFA). It’s one of the easiest and best ways to defend your company from a hack and brings an extra, effective layer of security to your systems.
Adding a second authentication factor, such as Google Authenticator, is vital for protecting your accounts. Using a password wallet that stores all your passwords and creates long, complex passwords for each account is also recommended. Always, of course, make sure to turn on two-factor authentication for the password wallet account.
5. Test your defenses
While it’s essential to have a strong backup, as mentioned above, it is just as crucial that you’re able to recover lost data quickly and thoroughly. Are you? To be sure, you must test. You should regularly test your backup copies to be sure they can reliably restore your data.
You should also test your security regularly. An excellent way to do this is with penetration testing. A pen test is a simulated attack on your business that evaluates the security of your IT infrastructure. A thorough, professional pen test will cost $10,000 to $30,000. Yes, that’s expensive. But keep in mind that the average cost of a data breach is now over $4 million.
General human nature is inclined to trust, and most of us expect love and trust to go hand-in-hand. Unfortunately, too many bad players are around to play a spoilt sport and break our trust online. Make sure you do not let them do that with you and your business. Take steps to protect your business from cyberattacks and spend your February 14 reaching out to those you care about—not desperately trying to reestablish contact with your lost data.
By Nikhil Korgaonkar, Regional Director, Arcserve India & SAARC