Can a Cat Video can Kill your Business?

I spoke this week to a group in San Diego on Business Imposter Fraud. What is Business Imposter Fraud you may ask? It’s an insidious way that hackers can infiltrate your systems and networks, steal your profits, and cause havoc.

But how do they get into your system in the first place? Here’s the layman’s version of how it works.

The hacker has to have a way into your system. How do they do it? Usually, through innocuous emails. The emails can be anything.

The top ones are as follows:

• Special Invitation

• Secret Admirer

• Invoice Approval

One of the scariest statistics is a quote I heard when speaking at another conference last year. The man speaking was Jim Stickley, of Stickley on Security. He goes around the country and tests bank’s and credit union’s to see how well employees are following email procedures and policies. In most companies he's found that it usually takes less than 1 minute 41 seconds for someone in the company to click on one of his fictitious emails.

Think of that. Your network could be compromised in less than 2 minutes by someone, maybe even yourself, clicking on a link in an email.

But what happens when you click on the fictitious link?

The bad guys are trying to figure out your user ids and passwords, so they can access your network remotely. To do this, they need to be able to see when you are logging into your computer. The code that's injected when you open the email is a "keystroke logger" code. This code gives the hacker the ability to look at each key on the affected computer as it is being pressed. When you type in your user id and password, the hacker can see what you typed. From there, the hacker can find a way to access your network. In many instances, the hackers target your accounting department or bookkeepers.

I found a good video on YouTube which walks through the keystroke logger process. Most of the video is set up work, but you can see how it works starting at 2 minutes 25 seconds. At 4 minutes 8 seconds, you will see that the hacker now has the user id for the computer and the password that was typed in. This should freak you out as a business owner.

What can you do to prevent this from happening?

I call it the STOP, LOOK, and LISTEN method. You need to teach this to all your employees.

When we were young, our Mothers taught us how to walk across the street. They would say, STOP, LOOK both ways, and LISTEN. Then you could cross.

It’s the same today, we get so busy in our lives and work that we don’t take time to think, why am I receiving this email, who is this from, and what are they asking me to do? Your employees need to be fearful of clicking on emails that could be harmful. Even if it seems to be from a trusted friend, supplier or customer or company executive. When you receive and email ask yourself, not who is sending it to me, but what are they asking me to do?

I know of a company that uses a shaming technique to train their employees. On a regular basis, their IT group sends out fake emails to see who will click on them. The names of the people who click are posted. It’s an extreme, but effective method of teaching employees to STOP, LOOK, and LISTEN, before opening or clicking on an email.

Stay safe out there. Don’t click on that funny cat video.