Each employee in your business, whether working at a networked keyboard, or answering a phone call or a letter, can be an attractive potential target for cybercriminals aiming to penetrate your business for their own illegal gain.
 
Undertrained, undersupervised, and unwary employees are ripe for the picking by the new generation of socially and technologically adept online thieves and fraud artists.
 
Understanding how to anticipate cybercriminals’ attempts to manipulate your employees, suppliers and customers for criminal gain will help you develop an effective strategy to make your business a “hard target” for cybercriminals.
 
Cybercriminals use a mix of well proven social engineering tactics (con artist psychology) and automated network intrusion tools to locate and manipulate unwary targets.
 
Today’s cybercriminals often operate across international borders, to frustrate the collection of court-admissible evidence, derail police investigations and quickly hide the financial gains from their crimes.
 
The best defence against professional cybercrime is to build your network security strategy as an integral part of enterprise best practices, risk management, and employee training, and as a mission critical part of effective supervision by management.
 
 
The threat
 
Cybercrime gangs now actively recruit skilled IT talent in many countries outside North America to develop automated tools for probing network security and executing theft, fraud and identity theft.
 
When a prospective target inside your enterprise is identified — for example, by your employee responding to an automated email, letter or phone call from a criminal posing as a customer, supplier or fellow employee — the criminal will then directly attempt to get the employee to perform an action that enables a crime to be committed.
 
The unwitting employee may give out personal information, issue a payment or make a purchase, allow access to the company network, or give out other sensitive information.
 
Cybercriminals in the past year have greatly increased the use of “spear phishing”: customized fraudulent emails or phone calls that often appear to be from a company colleague, or a legitimate supplier or customer.
 
If the targeted employee hasn’t been well trained and supervised, he or she may be easy to fool. Cybercriminals increasingly build “virtual twins” of legitimate websites that an employee trusts. So, the employee may go to an apparently legitimate website of a customer, supplier, financial institution, or a branch of their own enterprise and follow the fraudster’s instructions, believing them to be legitimate transactions.
 
The results can range from a one-time theft, to a major breach of sensitive information, such as customer information and credit card databases, passwords, proprietary information, or links to supplier and customer networks.
 
The potential damage to a company’s reputation, business relationships, intellectual property, and legal liability can be immediate, and immense.
 
 
Build a culture of consciousness

To reduce your enterprise’s vulnerability to cybercriminals’ activities, you may want to include a cybercrime-proofing program as part of your HR, training, IT and management policies.
 
Working in conjunction with your network security solution provider/IT system integrator, and as part of your overall risk management/ security strategy, include anti-cybercrime training as part of each new employee’s training, managers’ responsibilities, and as a periodic refresher for all employees, on both the evolving nature of cybercrime’s threat to the enterprise, and on the skills and level of awareness needed to counter it.
 
Above all, put yourselves in the shoes of the key categories of players critical to preventing cybercrime. These include your employees, customers and suppliers, and also the would-be perpetrators. With an understanding of current cybercrime tactics, you can better understand what you and your employees should be watching out for, reporting and guarding against.
 
There is no such thing as perfect security, but if your enterprise presents a difficult nut to crack, criminals will look elsewhere for an easy score. There are still lots of soft targets for them, in the form of enterprises that don’t take this problem seriously.
 
Ross Allen is the Canadian General Manager for McAfee Inc.