Cyberthreats Target HR Department to Breach Small Business’ Security
Although cybersecurity technology has made some significant strides over the past few years, cyberattacks continue to threaten the livelihood of small- to medium-sized businesses (SMBs). According to Beazley Breach Response (BBR) security company, cyberattacks are evolving—along with preventative security measures—some of which "trick employees into providing bank account information."
Last month, BBR released its 2019 briefing analyzing email security breaches over the prior year. The report states the number of business emails that were compromised increased 133% from 2017 to 2018, with average ransomware demands estimated at approximately $10,300 per attack. In another report, published April 4, Vade Secure, an email protection company, shared how cybercriminals breached a business' security by creating an email for a fake employee.
"Impersonating HR staff, cybercriminals sent emails to employees requesting that they log in to the HR portal to either view a private email or view/make changes to their account," Vade Secure states. "Those emails included links to phishing sites where employees disclosed their login credentials. With those credentials in hand, cybercriminals switched the bank accounts for the payroll direct deposits. They also likely gained access to employee W2s and personally identifiable information (PII), such as social security numbers, which could be used for identity theft or other targeted attacks."
BBR suggests companies take precautionary measures to prevent any sort of email breach, such as routine anti-fraud training for employees and multiple forms of employee authentication.
—Andrew Michaels, editorial associate