First Midwest BankFirst Midwest Bank logoArrow DownIcon of an arrow pointing downwardsArrow LeftIcon of an arrow pointing to the leftArrow RightIcon of an arrow pointing to the rightArrow UpIcon of an arrow pointing upwardsBank IconIcon of a bank buildingCheck IconIcon of a bank checkCheckmark IconIcon of a checkmarkCredit-Card IconIcon of a credit-cardFunds IconIcon of hands holding a bag of moneyAlert IconIcon of an exclaimation markIdea IconIcon of a bright light bulbKey IconIcon of a keyLock IconIcon of a padlockMail IconIcon of an envelopeMobile Banking IconIcon of a mobile phone with a dollar sign in a speech bubbleMoney in Home IconIcon of a dollar sign inside of a housePhone IconIcon of a phone handsetPlanning IconIcon of a compassReload IconIcon of two arrows pointing head to tail in a circleSearch IconIcon of a magnifying glassFacebook IconIcon of the Facebook logoLinkedIn IconIcon of the LinkedIn LogoXX Symbol, typically used to close a menu
A former Yahoo engineer hacked 6,000 accounts to look for sexual photos — including friends' and colleagues' accounts
GET INSIGHTS

Get monthly ideas delivered right to your inbox.

Subscribe for Insights

For Your Business April 30, 2020

An expert explains why spending more on cybersecurity isn't the best way to protect your business

More than a hundred billion dollars will change hands online in the coming months as e-commerce ramps up through the holiday season. For scammers and hackers, that means there will be more opportunities than ever for cyber attacks and online fraud.

Consumers are increasingly wary of online retailers that are susceptible to cyber attacks. Three quarters of US shoppers are less likely to spend money at large and small businesses that suffer breaches, according to a new report from the Cyber Readiness Institute.

The report found that consumers expect large and small businesses have the same level of security. That perception may be well-founded, since businesses of all sizes face similar risks regardless of their cybersecurity budgets, according to Kiersten Todt, managing director of CRI.

"Doubling your security budget doesn't double your security. It's not a one-for-one when you look at cybersecurity investment," Todt said. "What we focus on is investing in policies that don't actually involve investing money."

Todt told Business Insider about steps businesses can take to improve cybersecurity without spending more money, as well as red flags consumers should look out for when shopping online through the holidays.

The Cyber Readiness Institute study found that consumers make decisions about where to shop based on cybersecurity — 45% of respondents are less likely and 31% will never shop at a small business that was hacked and lost personal information.

Further, 55% of respondents said they stopped making an online purchase because of concerns around cybersecurity or privacy.

According to Todt, most consumers aren't well-educated about cybersecurity and only hear about breaches that make headlines or affect themselves or a friend. Nonetheless, shoppers make decisions based on this information.

To minimize the risk of cyber attacks, businesses should treat cybersecurity as workplace culture issue, rather than an IT issue, according to Todt.

"For a long time we saw cybersecurity residing in the IT department. In this day and age, everyone is a member of the cyber workforce," Todt said. "As a company, every individual has an accountability and a responsibility for security."

According to Todt, 91 percent of all breaches at companies come from phishing, wherein hackers gain access to a system by posing as someone else and fraudulently gleaning someone's personal information or passwords.

The best way to prevent phishing breaches, according to Todt, is to "create a culture of privacy and security at your company."

Employers should encourage workers to change passwords regularly, avoid using USB drives that come from outside the company, and study the warning signs of phishing, according to Todt.

In addition, "'password' is a bit of a misnomer - what you should actually be using is a 'pass phrase' and make that pass phrase as long and difficult as possible," Todt said.

Todt also suggests that shoppers be aware of phishing during the holiday season, given that "it's very easy to track your shopping history and phishers will say, 'Oh, we saw that you purchased this item, please click here ... always check the email addresses that these messages are coming from."

This article was written by Aaron Holmes from Business Insider and was legally licensed through the NewsCred publisher network. Please direct all licensing questions to legal@newscred.com.

Subscribe for Insights

Subscribe