Take advantage of tips and resources designed to help protect your business today and tomorrow. Are you digital ready?

In our connected world, the value of any business is increasingly tied to data. A cyber breach can be serious, costing you money and a loss of trust.

Mastercard Secure Remote Commerce

Mastercard is leading the way in defining a new streamlined guest checkout experience by balancing intelligent security with password-free convenience and control.

Cyber Readiness Institute

Mastercard established the Cyber Readiness Institute, a collective of business leaders from across sectors and geographic regions who are committed to improving cyber readiness for small- and medium-sized businesses (SMBs).

Global Cyber Alliance

The Global Cyber Alliance provides SMBs with free cybersecurity tools they can use to address risk and combat the increasing volume of cyberattacks.

Are you cyber ready? Here are some helpful tips, best practices and resources.

male executives are working on a laptop at a textile factory

Cyber readiness is critical for SMBs

A cyberattack affects more than your bottom line; it can affect your organization's reputation as well. A breach of your organization's cybersecurity can harm your customers, partners and employees. That’s why it’s important to prepare, protect and be cyber ready today.

60%

of cyberattacks target SMBs

66%

of SMBs had at least one cyber incident in the past two years

$2,235,000

average cost of cyberattacks to SMBs in 2017

Actual cyber incident

At the height of the holiday season, an attack of a major retail outlet by hackers exposed 100 million individuals’ personal data – notably credit and debit card information. Hackers used legitimate credentials to enter the retail outlet’s system, having stolen them from a refrigeration and HVAC supplier in its value chain. The hackers were able to extract data before it was encrypted. The retail outlet was accused of having been slow to act, thus failing to stop the theft of the data – despite being warned an attack was underway. This incident eroded the company's reputation and customer trust. Moreover, profits the following year were down by a reported 50%, and the store faced numerous lawsuits and fines for failure to act promptly and to disclose the breach. The supply chain weakness, characterized by the authentication vulnerability of the retailer’s third-party vendor (the HVAC supplier), was the source of this major event.

serious business owner working at laptop in a cafe

Up your password game

Passwords are the gatekeepers to your most important information. Cyber attackers are opportunistic and can easily crack a weak password. TIPS: Add a mix of numbers, characters, and cases. Use a passphrase or series of random words. Don’t use the same passphrase twice.

63%

of data breaches result from weak or stolen passwords

90%

of employee passwords can be cracked in six hours by hackers

Over 20%

of small business employees have shared their password with assistants or co-workers

Actual cyber incident

The attack on a sovereign Central Bank in 2016 was a true 21st-century bank heist. Hackers managed to steal $81 million after breaking into the Bank’s secure system. An investigation revealed that the attackers took advantage of authentication-related vulnerabilities. A password token protecting the SWIFT international transactions network at the Bank was left inserted in the SWIFT server for months before the attack; normally it should have been removed and locked in a secure vault each evening. This token connected the system to the internet, making it vulnerable to a cyber attack. Hackers entered the system, infected it with malware then issued fake transfer orders. The hackers introduced six types of malware, which captured keystrokes and screenshots and also delayed detection of fraudulent transactions. Having cracked the Bank’s authentication system, they attempted to move as much as $1 billion.

young man working in a cafe using a laptop and taking notes

Beware the Phishers

They will try to get you to share sensitive information like passwords, or to click on a link or attachment. This can put malicious software on your computer, putting your identity or organization at risk. TIPS: Check the sender. Never share sensitive information. If in doubt, don’t click.

89%

of phishing attacks mimic corporate emails

76%

of organizations reported being the victim of a phishing attack in 2016

81%

of companies that fell for a phishing attack lost customers

Actual cyber incident

On a Friday afternoon, the CFO of a small manufacturer received an email from one of the company’s major customers. The email said that the customer was changing their finance system and needed the CFO to update their banking information so they could send a payment. The CFO clicked on the link, which took him to what he thought was the customer’s website. As instructed, he entered his bank account information and “reset” his password. The following Monday he discovered that US$120,000 had been taken from the company’s bank account. A week later the CFO started receiving calls from customers saying they had received emails from him asking them to transfer money to a new bank account.

close-up of woman connecting usb stick to a laptop

Do you know the dangers of USBs?

USBs and other types of removable media are a handy way to share information. But they are often infected with malicious software that can damage your systems, and there’s no way to tell until it’s too late. So be USB smart.

27%

of malware infections for SMBs originated from infected USBs

87%

of employees have lost a USB memory device and not told their employer

48%

of USB sticks found are plugged into a computer within 10 hours of being picked up

Actual cyber incident

An employee at an airport was storing highly confidential information on a USB - against the company policy. None of the files on the USB were password-protected or encrypted. The employee accidentally dropped the USB on a city street. The USB was found and picked up by a member of the public, who looked to see what was on the USB on their personal computer (an aside: this was not a good idea). The person realized the USB contained highly confidential information, including information that would pose a security risk to public officials. The person contacted a prominent newspaper and gave them the USB. The resulting newspaper article caused enormous reputational damage to the airport management company. The government was appalled at the security breach and fined the company approximately US$150,000.

close-up businessman using cellphone and laptop in an office

Patch it. Protect it.

Patches are regular updates to your software, systems and applications. Updating your devices may be a little annoying, but these critical security updates protect against hackers looking for cracks to slip through. TIPS: Always update all of your devices as soon as possible.

77%

of attacks in 2017 were “fileless” (vulnerabilities in software already on computers)

Within hours

of a patch being released, hackers develop malware to exploit software vulnerability

200,000

computers were attacked across 150 countries due to patches not having been installed

Real story

A US-based credit ratings agency that collects and stores data regarding 800 million people and 88 million businesses worldwide was the subject of a cyber intrusion that affected an estimated 190 million people in the US, UK, and Canada. Hackers were able to access sensitive personal data, as well as credit card numbers stored by the agency. According to an investigation involving external cybersecurity experts, the hackers exploited a software vulnerability that the agency had failed to patch; additionally, there were flaws in its network, inadequate encryption of data, and insufficient cybersecurity surveillance processes. The agency’s shares dropped after the breach was made public, and numerous lawsuits were filed against it. Reportedly this attack was preceded by a smaller-scale test attack two months prior.

close-up businessman using cellphone and laptop in an office

Need help unlocking your digital life?

Ransomware is a type of malware that prevents or limits users from accessing their systems or devices and demands users pay a ransom by a certain deadline to regain control of their data. TIPS: Do not pay the ransom. Disconnect your device from the internet or other network connections (such as home Wi-Fi) as soon as possible in order to prevent the infection from spreading. Report the attack to your national police. Visit www.nomoreransom.org to check whether your system has been infected with one of the ransomware variants for which there are decryption tools available free of charge.

$13,000

is the average ransomware demand

7 days

is the average duration a ransomware incident lasts

100,000

victims have decrypted their files for free thanks to No More Ransom

Real story

What would you do if your computer files suddenly disappeared? When cybercriminals targeted Sebastian Nicolau’s computer, they sent him an ultimatum: pay $1,200 or say goodbye to all of your photos, work documents and emails. Criminals use dangerous software, known as ‘ransomware’, to hold computer files hostage in exchange for money. Thankfully, Sebastian went directly to the police, where cyber experts helped him solve the problem without paying the ransom. Mastercard has partnered with Europol to help protect victims like Sebastian against this new kind of criminal activity. Europol helps national police share vital information about cybercrimes and helps victims recover their computer files without paying a penny through the No More Ransom project.

Access the full Cyber Readiness Program by signing up today