Take advantage of free cyber security tips designed to help
protect your business today and tomorrow

In our connected world, the value of any business today is increasingly tied to data. A cyber breach can be serious, costing you money and a loss of trust.

Mastercard established the Cyber Readiness Institute – a collective of business leaders from across sectors and geographic regions who are committed to improving cyber readiness for small- and medium-sized businesses (SMBs).

We have also partnered with the Global Cyber Alliance to provide SMBs with free cyber security tools they can use to address risk and combat the increasing volume of cyberattacks.

Are you cyber ready? Here are some helpful tips, best practices and resources.

 

male executives are working on a laptop at a textile factory

Cyber readiness is critical for SMBs

A cyberattack affects more than your bottom line; it can affect your organization's reputation as well. A breach of your organization's cyber security can harm your customers, partners and employees. That’s why it’s important to prepare, protect and be cyber ready today.

60%

of cyberattacks target SMBs

66%

of SMBs had at least one cyber incident in the past two years

$2,235,000

average cost of cyberattacks to SMBs in 2017

Actual cyber incident

At the height of the holiday retail season, an attack by hackers of a major retail outlet exposed 100 million individuals’ personal data – notably credit and debit card information. Hackers used legitimate credentials to enter the retail outlet’s system, having stolen them from a refrigeration and HVAC supplier in its value chain. The hackers were able to extract data before it was encrypted. The retail outlet was accused of having been slow to act, thus failing to stop the theft of the data – despite being warned an attack was underway. This incident eroded the company's reputation and customer trust. Moreover, profits the following year were down by a reported 50%, and the store faced numerous lawsuits and fines for failure to act promptly and to disclose the breach. The supply chain weakness, characterized by the authentication vulnerability of the retailer’s third-party vendor (the HVAC supplier) was the source of this major event.

serious business owner working at laptop in a cafe

Up your password game

Passwords are the gatekeepers to your most important information. Cyber attackers are opportunistic and can easily crack a weak password. TIPS: Add a mix of numbers, characters, and cases. Use a passphrase or series of random words. Don’t use the same passphrase twice.

63%

of data breaches result from weak or stolen passwords

90%

of employee passwords can be cracked in six hours by hackers

Over 20%

of small business employees have shared their password with assistants or co-workers

Actual cyber incident

The attack on a sovereign Central Bank in 2016 was a true 21st-century bank heist. Hackers managed to steal $81 million after breaking into the Bank’s secure system. An investigation revealed that the attackers took advantage of authentication-related vulnerabilities. A password token protecting the SWIFT international transactions network at the Bank was left inserted in the SWIFT server for months before the attack; normally it should have been removed and locked in a secure vault each evening. This token connected the system to the internet, making it vulnerable to a cyber attack. Hackers entered the system, infected it with malware then issued fake transfer orders. The hackers introduced six types of malware, which captured keystrokes and screenshots and also delayed detection of fraudulent transactions. Having cracked the Bank’s authentication system, they attempted to move as much as $1 billion.

young man working in a cafe using a laptop and taking notes

Beware the Phishers

They will try to get you to share sensitive information like passwords, or to click on a link or attachment. This can put malicious software on your computer, putting your identity or organization at risk. TIPS: Check the sender. Never share sensitive information. If in doubt, don’t click.

89%

of phishing attacks mimic corporate emails

76%

of organizations reported being the victim of a phishing attack in 2016

81%

of companies that fell for a phishing attack lost customers

Actual cyber incident

On a Friday afternoon, the CFO of a small manufacturer received an email from one of the company’s major customers. The email said that the customer was changing their finance system and needed the CFO to update their banking information so they could send a payment. The CFO clicked on the link, which took him to what he thought was the customer’s website. As instructed, he entered his bank account information and “reset” his password. The following Monday he discovered that US$120,000 had been taken from the company’s bank account. A week later the CFO started receiving calls from customers saying they had received emails from him asking them to transfer money to a new bank account.

close-up of woman connecting usb stick to a laptop

Do you know the dangers of USBs?

USBs and other types of removable media are a handy way to share information. But they are often infected with malicious software that can damage your systems, and there’s no way to tell until it’s too late. So be USB smart.

27%

of malware infections for SMBs originated from infected USBs

87%

of employees have lost a USB memory device and not told their employer

48%

of USB sticks found are plugged into a computer within 10 hours of being picked up

Actual cyber incident

An employee at an airport was storing highly confidential information on a USB - against the company policy. None of the files on the USB were password-protected or encrypted. The employee accidentally dropped the USB on a city street. The USB was found and picked up by a member of the public, who looked to see what was on the USB on their personal computer (an aside: this was not a good idea). The person realized the USB contained highly confidential information, including information that would pose a security risk to public officials. The person contacted a prominent newspaper and gave them the USB. The resulting newspaper article caused enormous reputational damage to the airport management company. The government was appalled at the security breach and fined the company approximately US$150,000.

close-up businessman using cellphone and laptop in an office

Patch it. Protect it.

Patches are regular updates to your software, systems and applications. Updating your devices may be a little annoying, but these critical security updates protect against hackers looking for cracks to slip through. TIPS: Always update all of your devices as soon as possible.

77%

of attacks in 2017 were “fileless” (vulnerabilities in software already on computers)

Within hours

of a patch being released, hackers develop malware to exploit software vulnerability

200,000

computers were attacked across 150 countries due to patches not having been installed

Real story

A US-based credit ratings agency that collects and stores data regarding 800 million people and 88 million businesses worldwide was the subject of a cyber intrusion that affected an estimated 190 million people in the US, UK, and Canada. Hackers were able to access sensitive personal data, as well as credit card numbers stored by the agency. According to an investigation involving external cybersecurity experts, the hackers exploited a software vulnerability that the agency had failed to patch; additionally, there were flaws in its network, inadequate encryption of data, and insufficient cybersecurity surveillance processes. The agency’s shares dropped after the breach was made public, and numerous lawsuits were filed against it. Reportedly this attack was preceded by a smaller-scale test attack two months prior.

Access the full Cyber Readiness Program by signing up today