[BreachExchange] Wiretapping Is a Threat to Small Businesses -- Here's How to Protect Yourself

Audrey McNeil audrey at riskbasedsecurity.com
Mon Jun 12 18:56:32 EDT 2017


https://www.entrepreneur.com/article/295453

If you've paid any attention to the news lately, you've probably heard
about President Donald Trump's explosive claim that former President Barack
Obama wiretapped his phones at Trump Tower to interfere with the election.
Although the conversations around security concerns have been centered on
the political sphere recently, wiretapping and other types of cyberattacks
have solidified their presence in the private sector, too.

Using spyware and other illegal surveillance tactics, crooked business
owners can hack into competitors' computers or phones to steal information.
While it may sound more like a “Bond” movie trope than a pressing business
issue, there are plenty of reasons why you should consider the possibility
of a wiretapping attack.

Why business owners should be concerned.

There are two different types of wiretapping threats that can harm startups
and established businesses alike -- especially if they house proprietary,
confidential information.

First, there's government wiretapping. You might assume the simplest way to
eliminate this threat is to abide by the law, but you’d be forgetting that,
aside from the U.S. government, there are plenty of countries that have
proven they’re willing to use Big Brother-style surveillance tactics to
compromise private companies. If you work with an opposition party or in a
sensitive industry in another country, your client’s government might
target your business.

Then, there's old-fashioned corporate espionage. If a competing company is
desperate to get an edge over your business, it may use wiretapping to
steal your information or otherwise compromise your company to gain an
advantage.

Unfortunately, it doesn't take a computer genius to obtain wiretapping
software -- a reporter for Motherboard bought one online for just $170. One
program allows hackers to send a single text message to anyone's phone and
activate the microphone, transforming your smartphone into a way for spies
to eavesdrop on everything you're doing. Similar software can track every
text message a phone sends or receives, download copies of all photos
taken, store a log of every phone call and even pinpoint the phone's
geographic location.

Protecting your company from wiretapping.

Luckily, there are legal protections in place should hackers target your
business. The Computer Fraud and Abuse Act prescribes up to 10 years behind
bars for illegally accessing someone's phone to install wiretapping
software. Illegally tapping a landline is punishable by hefty fines and up
to five years in prison, according to the Electronic Communications Privacy
Act.

But wiretapping is serious business, and it's unwise to bank on the idea
that it won't happen to you. Instead, there are a few ways to protect your
company from a security risk:

1. Beef up your IT infrastructure.

A CSID survey found that 58 percent of small business owners say they're
concerned about cyberattacks, yet more than half of them aren't putting any
money toward improving security measures. This is incredibly risky.
According to a Symantec report, small businesses were the target of 43
percent of cyberattacks in 2015. When clients and customers trust you with
their personal information, it's your duty to protect them in every way you
can.

At the very least, take the time to install software updates in a timely
manner. Just this month, tens of thousands of computers in 74 countries
fell victim to a ransomware attack that locked businesses, organizations
and even hospitals out of vital information, as reported by WIRED. While
the perpetrators behind the attacks are unknown, the method of their attack
is -- and it was entirely preventable. The attackers used a piece of
malware called WannaCry to exploit a flaw in Windows that Microsoft
released a patch for back in March.

2. Investigate anyone with access to your vital data.

Many business owners are blindsided by cyberattacks -- even if the
perpetrator was right under their nose the entire time.

According to an IRS report, a Kansas City, Kansas, company recently
experienced a nightmare situation in which one of its employees, Kenneth
Voboril, embezzled more than $6 million. He did so by creating fake
companies, entering false information about truck loads and deliveries into
his employer's database and then billing his employer for those fake
deliveries. Voboril was ultimately sentenced to 63 months in prison, but
that didn’t negate the harmful implications of his misdeeds.

Although most cases of corporate fraud don't result in losses amounting to
$6 million, it can be incredibly expensive for your business to clean up
one of these disasters. Small Business Trends analyzed a variety of
cybersecurity statistics and found that the average small business spends
nearly $900,000 because of theft or damage to its IT infrastructure. On top
of that, it typically loses more than $950,000 from the resulting
disruption of operations.

The good news is that it's relatively easy to find out whether a suspicious
employee or someone else close to your business is defrauding you. Hiring a
private investigator is far easier on the wallet than nearly $2 million in
damage control. My company has found that investigators typically charge
between $70 and $200 per hour, and the average cost to close a case came to
$675.

3. Establish data security policies for your company.

Sometimes, fraud is purely accidental, committed by employees who don't
realize the impact of their actions. For example, new hires may not even be
aware that some information is confidential and could end up revealing
proprietary info to someone with the power to take advantage of your
company. But there are also not-so-innocent situations, when departing
employees start competing businesses and leave behind wiretapping tools to
take advantage of their former employers.

This is relatively common in the corporate world. Waymo, the autonomous car
unit of Alphabet, recently filed a lawsuit against former employee Anthony
Levandowski. The company claims that Levandowski stole trade secrets when
he left to start Otto, a self-driving truck company that was later bought
by Uber. Furthermore, Waymo also alleges that other former employees who
left for Otto and Uber downloaded and stole sensitive files from the
company.

Create clear policies that explicitly state what is and isn’t confidential
information, and outline the ramifications for violating them in employment
contracts. Spend time educating your employees about types of suspicious
activity, too. As a result, you’ll help prevent your business’s trade
secrets from landing in the wrong hands.

Wiretapping, fraud and other forms of illegal surveillance may sound like
things that only happen in the movies, but they're very real problems that
affect small businesses every day. So take the necessary precautions to
protect yourself against this risk -- you won’t regret it.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20170612/a39eca98/attachment.html>


More information about the BreachExchange mailing list