Blog & Tools

New business environment brings fresh cybersecurity needs

BBB Presents a virtual cybersecurity program graphic with hacker

Email is the most common communication method fraudsters use to trick people out of information or money. They also use texting, however. So be suspicious of any unexpected links in texts you receive on your smartphone.

In addition to exploiting message receivers’ emotions by putting urgency into their messages, scammers often try to be topical. For example, you might receive a text stating that someone you have been in contact with has tested positive for COVID-19. Self-isolate, the message says, and click the enclosed link for more information.

Don’t click the link. Be safe. Ignore the message, block the sender, and seek independent confirmation of the information from health authorities.

Smishing, or phishing via text (SMS) messages, and other fraud risks that small businesses and business people in the region commonly face were among the topics experts discussed Oct. 22 in a virtual cybersecurity workshop presented by the Better Business Bureau Nebraska, South Dakota, Kansas Plains & SW Iowa. The focus of the program was “Protecting Your Business and Employees from Cyber Threats in Our New Normal.”

Ashley Podhradsky | Associate Dean, Beacom College of Computer & Cyber Sciences Dakota State University

The featured speakers included Dr. Ashley Podhradsky, associate dean at the Beacom College of Computer and Cyber Sciences at Dakota State University in Madison. She provided the warning about the fake texts with a COVID-19 theme.

She and other speakers said small businesses are particularly vulnerable to scam attacks because they might not have all the protections of larger businesses. But small businesses are vulnerable, partly because they consider themselves less likely targets than bigger businesses.

Podhradsky cited several other popular subjects that hackers use in phishing attacks. They include alerts about:

  • account verification
  • cloud-sharing files
  • electronic signing service
  • invoices
  • delivery notifications.

“We know not to click, but sometimes we do,” Podhrasky said.

Clicking on fraudulent links can lead to a variety of problems, including the theft and misuse of sensitive information.

Eric Rodriguez | President, ACFE Heartland Chapter - Click image for presentation

Eric Rodriguez, who has 36 years of experience in fraud-prevention work, said that because of the pandemic, there has been a shift in the way a lot of business transactions are made. A lot of payments are made with a credit card, either online or by phone, noted Rodriguez, who is also president of the Heartland Chapter of the Association of Certified Fraud Examiners, which has members from South Dakota, Iowa and Nebraska.

He suggests that restaurants and other small businesses take steps to protect themselves from remote transactions that might be fraudulent. For one, they should make use of Address Verification Service, or AVS, which is a tool that credit card processors and banks provide. The service checks to make sure the billing address in a credit card transaction is accurate.

Also, Rodriquez said, CVV2 codes should be recorded. A CVV2 code is the three- or four-digit security number printed on the back of credit cards and debit cards. Having a record of the number can help merchants in transactions that might be disputed later.

Paycheck Protection Program loans are another recent target for scams. The Small Business Administration loan helps businesses keep their workforce employed during the coronavirus pandemic. However, fraudsters might spoof the SBA logo in an email and ask for payment to expedite a company’s loan application to a bank. Or the scammers might seek detailed payroll information about the company or its employees.

The SBA is a government agency; it does not charge fees to expedite loan applications. Requests for details such as payroll information might seem legitimate, but make sure you’re not giving it to an illegitimate party.

Bruce Wray | Legal Counsel, Vendor Legal, Certified CISSP, PayPal - Click image for presentation

The other featured speaker in the workshop was Bruce Wray, a lawyer who focuses in the areas of information technology, information security and intellectual property. He works as legal counsel for a financial-services company in Omaha.

Wray quoted data indicating that ransomware is the biggest cyber risk businesses face. Hackers typically distribute ransomware through email. When recipients take an action that downloads the malware, it can become embedded in a network, lock up targeted victims’ online information and leave them vulnerable to ransom demands.

Other top risks:

  • phishing
  • data leakage
  • hacking by outsiders
  • inside threats.

With many corporate employees working from home these days because of the pandemic, providing workplace security has become a widespread challenge for employers.

In addition to making sure employees work from secure devices, employers can take steps such as limiting access to confidential information, Wray said. The need for good, ongoing training is among other precautions are that are important in today’s business environment.

The Better Business Bureau has made the event’s recording available online. Click on the images above to view each presentation at your convenience.

SDN is a leader in providing business internet, private networking and cloud connectivity to businesses and organizations in communities such as Sioux Falls, Rapid City, Worthington, and the surrounding areas.