Cybercrime. We hear about it in some way every day. It’s always at the forefront of current headline news, yet it hasn’t always been the hot topic that it is today. In my career as a Special Agent with the Federal Bureau of Investigation, my work began decades ago- before anyone really knew what anything “cyber” meant. In those twenty-nine years, it has been my experience that most individuals do not believe they will become a victim of cybercrime. Why? Think about it. Many people think they won’t become a target if they aren’t a large company, or if they don’t have anything substantial of value to steal. The thousands of cases I worked on only proves this: Cybercriminals do not care what you have to offer be it money, data, etc. Anything is leverage and they will use it for their benefit. A cybercriminal could be lurking anywhere in the world as you read this, in hopes of making a profit no matter what you have to offer.

As a speaker for Executive Speakers Bureau, I educate individuals and organizations all across the country by sharing my experiences from my FBI career. These takeaways aide in preventing them from becoming the next cybercrime victims. When I am presenting, the mood always becomes a bit dour when I explain to the audience that when the cybercriminals steal their data or money, the chance of recovering it are slim-to-none. The ambience of the crowd gets worse when I explain that cybercrime is no longer a local problem, since these criminals are located outside of the U.S., in places like Asia, Africa, Europe and the Middle East.  Try finding criminals thousands of miles away after they’ve logged off and closed-up shop? It’s no easy feat. Bringing them to justice is even HARDER than getting your money back, but we never stop trying.

Now there’s some good news, and some bad news, in all of this. What’s the bad, depressing news? The fact that almost 90% of the cybercrime victimizations to small businesses could have been prevented is quite depressing, don’t you think? It depresses me that’s for sure! However, the silver lining is that you can prevent all of this, without spending money. And I’ll tell you how!

Meeting planners connect keynote speakers with clients and negotiate the deals and contracts, relieving a ton of administrative burdens off both parties, but as a result, oftentimes have access to sensitive information. If this information got into a cybercriminal’s hands, it could be used for a large financial fraud data breach. In laymen’s terms, it would be a bad day for all of those involved.

Today’s cybercriminal only needs one piece of information to wreak havoc with meeting planners - an email password.  Most companies use a Gmail or Outlook email hosting service, which provides access to online storage for sensitive files. Let's think about this in a real-life example:

When “cybercriminal X” gains access to your username and password for your email account, he, by default, has hacked into the corporate jackpot. What kind of information could they access? Well, if it were a healthcare company it could be medical information in their One/G-Drive. If it were a CPA, it could be tax records. And if it was a meeting planner/company, it could be anything from invoices and contracts, to basic contact information. Besides stealing information, they would have access to the meeting planner’s email account, making it far too easy to send emails to either the clients or the speakers, requesting updated direct deposit information or W9 information. When we get emails from someone we know and trust, what do we usually do? We do what we are told.

The big question I often get asked is, “How did the cybercriminals steal my password?” There have been numerous major data breaches, where the only reported item stolen was username and password. Let’s recall Yahoo, LinkedIn, Facebook, MyFitnessPal, Marriott and hundreds more.  When these sites were breached the public was told to change their password for the site.  There have been numerous reports stating at least 60% of the population is using the same password for multiple platforms. There are large caches of passwords available on the dark web, and cybercriminals have unlimited access. Therefore, we need to make our email safety our first priority by implementing two-factor authentication (2FA). This provides an additional layer of protection by sending the user a random six-digit code through either a text message or an authenticator app (recommended).   In the thousands of cases I worked on with small businesses, 2FA could have prevented the victimization from happening.

Information security is a continuous battle.   

Just because you have 2FA on your emails does NOT mean you are safe necessarily. Cybercriminals create and configure emails, text messages, and phone calls personalized to you and your business. How will you know what’s a spoof and what’s not? Let’s say you are expecting an email invoice from a vendor, and they tell you they changed their bank account to a new account. Will you pay the invoice, or will you pick up the phone and call? These are things to really think about. A meeting planner should and must have a policy in place, stating that no financial transactions should occur without a follow-up call. Is it pain? Yes. However, if we don’t act, these criminals will win. We must consistently fight this growing epidemic, and it all starts and ends with us knowing what to do, and how to prevent it from happening. 

Key Points

• Secure your email with two factor authentication.
• Make sure you don't use the same password for multiple platforms.
• Become a human firewall and think before your click.
• Realize email is the main attack vector and question any email asking for change of bank account or to send money.
• Ensure your employees are being trained as to the first line of defense against cybercrime.

Over the past three decades, Scott E. Augenbaum has responded to thousands of Cyber Crime incidents and provided hundreds of computer intrusion threat briefings. His goal is to educate the community on emerging computer intrusion threats to keep you safe in a digitally connected world. To learn more or bring Scott to your next event, contact Executive Speakers Bureau at (901) 754-9404.