Cybercrime is a huge 2016 buzzword, and yet it’s been around for decades in both reality and our imaginations. Consider the 90’s film, Hackers, in which teenage computer hackers discover a corporate thief’s plot to release a dangerous computer virus that could capsize an oil tanker fleet. The corporate thief’s virus hides and distracts from his embezzlement, but with horrifying potential consequences. He’s ultimately thwarted by the, as we’d call them now, white hat teenagers.
This fictional portrayal of cyber hackers was released more than 20 years ago, and yet our modern-day cybercrime reality has only become more sensational. No longer are black hat hackers merely concerned with diverting millions of dollars to their own personal accounts when data is king and more can be done with millions of people’s personal data.
3 Crippling Risks of Organizational Cybercrime
With organizational data breaches abounding across the US and even impacting the federal government – think OPM’s 21.5 million SSN breach still under investigation – we’re all thinking longer and harder about how to protect our clients, our employees, and our organizations at large. The cost of cyber security may seem prohibitive, but the risks associated with cybercrime are too great a threat to business survival to ignore.
Some of the risks of cybercrime to your business can include:
- Theft: The 2015 Ponemon Institute of Cybercrime Study reports that cybercrime costs an average of $7.7 million in worldwide company losses annually, while the average cost to a US company is $15.4 million. The same institute reports that 68% of the funds lost during cyber attacks are unrecoverable or unlikely to ever be recovered. Small businesses are at risk, also. The Association of Certified Fraud Examiners (ACFE) reports that small businesses lose approximately $155,000 each year due to fraud. This can be due to credit card and bank account abuse by employees, as well as inadequate security across a business’ networks and infrastructure.
- Sabotage: Malicious insiders and outsiders can use cyber attacks to sabotage and hurt businesses. They may do so by installing malicious software or malware on company computers, deleting records and pertinent business information, disseminating proprietary information to the public, and providing attackers with corporate security vulnerabilities that can be exploited.
- Employee Harassment: Disgruntled or malicious employees and outsiders with a propensity for cybercrime can use electronic methods to harass your staff and create a hostile work environment. For example, an employee may connect her cell phone to her work computer’s USB drive to charge the device, and cybercriminals can use vulnerable networks to hack your employee’s phone and steal personal information. We work hard to find and keep great employees, and it’s our responsibility to do everything we can to ensure their work environment is a safe one.
How HR and Leadership Can Impede Cybercrime
How can we protect against the ever-growing list of technical vulnerabilities that provide black hat hackers with the ins they need to rip off us and our clients? Hackers are getting smarter all the time, and it’s imperative that we stay ahead of them. Many of us don’t know how to implement the systems that can protect us, which is why we employ IT professionals, but that doesn’t mean cyber laymen are defenseless.
According to IBM’s 2015 Cyber Security Intelligence Index, 55% of organizational attacks were carried out by people with insider access. Widespread access to internal databases creates organizational vulnerability, but there are steps we can take to mitigate the risk of internal cyber threat.
- Background Check Candidates – Prevention is the first line of defense against risks such as cybercrime. Conducting pre-employment background checks can tell you about a candidate’s history and alert you of any previous instances of cybercrime. Background checks are particularly important if you’re trying to place for positions that handle sensitive or financial data or have access to business assets.
- Educate Staff – HR staff are often in charge of organization-wide education, and this provides the opportunity to continually teach your workforce about the consequences of cybercrime and the preventative measures that can be taken. For example, conducting annual companywide reviews of corporate security protocols and sharing information on new vulnerabilities can remind employees of the importance of data security and provide tips for improvement. StaySafeOnline.org provides numerous resources for teaching employees about computer and network safety.
- Engage Your Employees – Only 29% of employees in the US are actively engaged, which lends to cybercrime as disengaged employees are 5 times more likely to steal company data. Merely educating your employees on the personal and corporate risks of cybercrime may not be enough to dissuade cybercrime, but actively engaging them in the topic and encouraging feedback and discussion can improve the impact of your teaching.
Cybercrime is on the rise and it’s not a problem that’s going away anytime soon. We will increasingly rely on our IT and security professionals to keep us ahead of the hacks, but we can take action to prevent security and data breaches with a bit of preparation. As company leadership and HR professionals, we have a duty to help protect our businesses by ensuring IT’s hard work isn’t constantly undermined by uneducated or disgruntled employees.