A Forward-looking View on Digital Extortion
Safeguarding Your Company’s Biggest Cybersecurity Target
Top executives are a prime target for cybercriminals and face even greater risks when traveling abroad. Here’s how you can protect your C-level officers from being victims of cyberattacks.
By Goh Chee Hoh, Managing Director, Trend Micro Malaysia
Traveling be it for leisure or business is a fact of modern life. However, when senior executives roam beyond the safety of the corporate network, cybercriminals are ready to exploit any vulnerability in these busy travelers’ devices.
The C-level executives are among the preferred targets mostly because they tend to hold valuable information and have some of the highest access to important data. According to Trend Micro’s Security Prediction for 2018, the chief executive officer (CEO) emerged as the most spoofed by cybercriminals, while the chief financial officer (CFO) remained the most targeted for attacks.
With emails being an essential work tool even while traveling, senior executives are in greater risk of becoming victims of business email compromise (BEC). This global threat sees cybercriminals design emails that trick businesses to initiate a transfer of funds or confidential information. In 2018, it is forecasted that BEC will lead to more than US$9 billion in losses globally.
Here are some steps organizations can take to protect the C-level executives and the associates from being the entry point into major security breach.
Enable encryption on data. If PIN numbers and passwords are good for keeping casual eyes off information, encryption does the same thing for more determined snoops. When you encrypt your data, only you and those holding the decryption keys will be able to access it. So even if an attacker breaks into a server or steals your hard drive and gains access to your information, they won’t be able to make sense of it. Store data on a USB thumb drive or other removable media that can be destroyed after use.
Be wary of wireless networks. While public wireless networks provide great convenience, they are unsecure and can allow cyber criminals access to any Internet-enabled device. Make sure to only connect to legitimate network. Check the URL for odd changes to the expected format/syntax, possibly indicating a spoofed malicious website.
When connecting to wireless data networks, activate the virtual private network (VPN) as soon as possible. A VPN adds a layer of encryption and security that is valuable when using any unknown connection. At a minimum, make sure that “https” is present in a web address before accessing a secure site (i.e., webmail, social media, or any site that requires a login). Financial transactions should be avoided on an unfamiliar WiFi network, including checking for bank balance or making ecommerce purchases.
Use personal charging equipment to recharge mobile device. Public charging spots may be tampered with “juice-jacking”, where malware can be installed on device via USB, to copy all data covertly.
Do not put NFC-enabled Android smartphone in a pocket that could be “bumped” in a crowded public space by a hacker, who can install viruses or malware on the phone. Be mindful of posters that sport unprotected NFC chips. Exposed chips can be pasted-over with spoofed, malicious chips. Aside from this, be sure to check NFC-enabled ATM is not tampered when using it to withdraw money from bank account.
Turn off Bluetooth in public spaces, unless it is to connect to your keyboard, mouse, or smartwatch. Bluetooth snoopers can potentially access device to control it or to download malware. Turning off Bluetooth also helps save battery life.
As cybercriminals continue to refine the tactics used for financially motivated schemes, organisations need to beef up their cybersecurity practices. Educating executives and employees of all levels on how to adopt relevant security steps are a company’s best defence against the growing, costly threat.