By Karen Kimerer
Introduction
Cybersecurity is a concern for everyone—not just IT professionals or large businesses. If you own a computer, work online, or use a mobile device, you could be putting enormous amounts of personal and confidential data at risk on a daily basis.
Many professionals are now working remotely at least occasionally, and this shift has accelerated the threat of unauthorized access to valuable data. The lack of an online, off-premises infrastructure mirroring what is used for an on-site workforce has caused data breaches to soar in the past few years. Since the onset of the COVID-19 pandemic in March 2020, the FBI has reported a 300% increase in cybersecurity complaints. Personal information and corporate data can be compromised in many ways, but some of the top risk factors include malware, computer viruses, and phishing via phone calls and e-mails.
As they strive to keep pace with today’s customer-centric marketing, many organizations are responsible for protecting a huge quantity of personal and confidential data. Security threats are numerous and well-publicized, so today’s consumers often view sharing their confidential data as a necessary evil—they want to receive more personalized marketing pieces, but they remain concerned that their information could be compromised. According to research from PwC, 85% of consumers wish there were more companies they could trust with their data.
Firms of all types must develop and follow a sound cybersecurity strategy. A strong effort to protect business, customer, and employee data can minimize business disruptions and expensive recovery requirements.
Cybersecurity is Everyone’s Business
The term “cyber” was first introduced in the late 1940s. At that time, it was used to describe the systems that controlled communication between people and machines. Today, the term encompasses the relationship between information, technology, and common data practices (e.g., storage, protection, access, processing, transmitting, and linking to other sources).
According to Datareportal, there were nearly 5.2 billion active internet users on a worldwide basis at the beginning of 2023. With so many people online, cybercriminals have countless opportunities to gain access to unauthorized or sensitive data. Due to the rising popularity of social media, e-mail, and cloud storage, cybercrime rates continue to skyrocket. Firms of all types and sizes must view cybersecurity from a variety of angles.
Some PSPs might not consider themselves at risk for cybercrime attacks. In many cases, these firms believe that cybercriminals are not after the data that is used in our industry. After all, a name imprinted on a portfolio, a company logo on a jacket, or even a personalized postcard will usually not contain the type of data that pays dividends. Unfortunately, this argument is rife with flaws. Every business that has employees is at risk. While most companies in our industry do not host the data of a financial institution, it should be remembered that employee data can be a link to larger gains. Cybercrime often unfolds in steps. According to research from security software firm Trend Micro, 91% of cyberattacks begin with a phishing e-mail. Additional vulnerabilities surface with the data files that clients share as a requirement to deliver on commissioned work. Even seemingly benign spreadsheets loaded with names and e-mail addresses can be a source of risk if they fall into the wrong hands.
The costs associated with cyberattacks and data breaches can vary greatly depending on the size of the organization and scope of the attack. During 2021, insurer specialist firm Hiscox commissioned Forrester Consulting to obtain a better understanding of cybersecurity readiness. The research revealed that each cyberattack will cost a small business with fewer than 500 employees an average of $25,000 per incident. When it comes to data breaches, meanwhile, the cost is even more unyielding. Research from IBM and the Ponemon Institute reveals that a single data breach can cost a small organization nearly $3 million. The expenses used to calculate that disturbing dollar amount include:
- The detection and audit services or activities required to identify a breach.
- Lost business from untrusting customers and the cost to replace them.
- Notification costs, including letters, e-mails, and communication with regulators.
- Post-breach protection for credit monitoring and legal expenses.
The value of a contingency plan for dealing with all security threats—even minor attacks—can save time, reputation, and money in the long run.
If you’re still wondering whether it’s worth the time and money to invest in cybersecurity, consider this: Statista estimates that nearly 361 billion e-mails will be circulating every day by 2024. E-mail continues to be the favored mode of communication for businesses and consumers alike. PSPs must establish practices to protect their employees and customers from advanced phishing practices. Your e-mail is the most likely place for a hacker to attempt to access company data or personal information. Certain software offerings can help filter our malicious e-mails, but researchers at Stanford University found that approximately 88% of all data breaches are caused by an employee error.
Taking Action
Hackers are getting smarter all the time. Many cybersecurity specialists have found that a dangerous number of people still fall victim to advanced phishing schemes and may click on a link or download a file that contains destructive and costly ransomware or malware. You can take immediate actions to mitigate phishing attacks, and education is on the top of this list. The most common reason people click on a phishing e-mail is that it appears to come from a known source. Teaching your employees how to identify phishing e-mails can reduce the risks of a cyberattack.
Other topics to address in a cybersecurity training program include when (and when not!) to use public wi-fi. If you don’t provide a VPN for your employees, warn them against opening sensitive information on an open wi-fi network. Devices that are connected to coffee shop or airport networks can literally broadcast information to anyone that wants access. Today’s hackers are skilled at setting up networks that resemble legitimate ones and can quickly skim any unencrypted traffic.
Training every person in your organization on the responsibility and regulations of collecting, protecting, and using data is a must. New privacy acts are rolling out on a state-by-state basis. Policies and standards must be understood and adhered to avoid legal and financial jeopardy. Instructions on how to create a strong password are also important because unauthorized log-ins can be an easy point of entry. Many passwords are easy for hackers to guess and therefore compromise.
A successful cybersecurity approach requires an extensive audit of your business operations. This includes considering how employee- and company-owned devices are used to share information, create content, and conduct business. During the audit, it is also important to track the manual or analog practices that take place each day. For example, data is frequently lost via unsecured paper documents and laptops. The most common locations for these losses include in the office and from employees’ cars.
Mapping your vulnerabilities may take some effort, but the information you uncover will help you put an inclusive plan together so you can prevent the loss of valuable information and data. Once a plan is in place, employees, suppliers, and customers must be given clear instructions on accessing, sharing, and storing sensitive data. Make sure everyone in your organization has the skills needed to keep cyberattacks down.
The Bottom Line
Much like the passage of time, cybercrime will never stand still. It’s more important than ever to establish and continually update continued learning best practices so you can stay current with the latest threats and new data privacy acts that will continue to shape our industry. Cybercrime can affect any business, and PSPs are no exception. Prevention is the most effective strategy for defending your business against today’s ever-increasing cybersecurity threats.
Karen Kimerer of Keypoint Intelligence has experienced the many challenges of expanding current market opportunities and securing new business. She has developed a systematic approach to these opportunities, addressing the unique requirements of becoming a leader in our changing industry. She is well-versed in 1:1 marketing, web-to-print, direct mail, book publishing, supply chain management, data segmentation, channel integration, and photo products.