Strategies & Tactics

To Serve and Protect: Cybersecurity Tips for PR Pros and Clients

October 2, 2018

[vs148]
[vs148]

On May 22, 2017, Ukrainian hacker Vadym Iermolovych was sentenced to two-and-a-half years in a U.S. prison for his role in hacking the distribution services Business Wire, Marketwired and PR Newswire. Iermolovych had stolen information from yet-to-be-published press releases, which was then used to conduct insider trading on U.S. stock markets. He accessed nearly 150,000 press releases over a period of five years, leading to more than $100 million in profit for traders.

The case is a good reminder that, as communications professionals, we often have access to information that cybercriminals find valuable — such as financial details, strategic plans and employee data about clients, colleagues and our own organizations. Hackers can target communications pros to access such information or use communicators as pawns in larger schemes, for example by tricking them into installing computer viruses that allow unauthorized access to an organization’s network.

Cybercriminals also look for personal information such as Social Security numbers, credit card details, and account usernames and passwords. According to the FBI’s Internet Crime Complaint Center, victims of cybercrime lost more than $1.4 billion in 2017 — a figure expected to increase in 2018.

When you’re at work, a successful cyberattack against you could lead to lost clients, diminished trust in your organization, negative publicity and decreased profits. At home, a cyberattack could make you the victim of identity theft or financial losses. Regardless of where we are, we all need to be mindful of cybersecurity — especially by knowing how and why we could be targeted.

Phishing attempts

Phishing is the practice whereby cybercriminals send seemingly legitimate emails that are actually designed to trick recipients into performing actions such as clicking on links or downloading attachments that contain computer viruses. Phishing also dupes email recipients into replying with sensitive information that senders request, such as credit card and bank account numbers. This form of cybercrime also fools people into performing urgent wire transfers.

Phishing remains a global issue. According to FBI estimates, phishing attacks cost American businesses at least $500 million per year. Whether motivated by money, espionage or revenge, phishing is now so dangerous that just one click on a link in an email can trigger a major cyber event.

Iermolovych used phishing emails to access the networks of organizations he targeted. Amid all the emails one might receive in a day, it’s easy to overlook phishing attempts — and cybercriminals know this. The following tips will help protect you against phishing crimes, especially in emails from unfamiliar senders:

  • Resist making the click: Avoid clicking links or downloading attachments in emails you were not expecting, unless you’re certain they’re legitimate. Hover over links to see if the destination appears safe.
  • Check the sender: Carefully review the sender’s name and email address — including on email messages that seem to come from familiar senders. Do the sender’s name and address match? Also check whether the email domain appears legitimate (for example, the real “support@chase.com” vs. the fake “support@CHA5E.COM”).
  • Be wary of urgent requests: Refrain from acting quickly on urgent requests, especially when the sender is asking for something that seems uncharacteristic or unreasonable. If possible, verify the sender’s request over the phone using trusted contact information. If you still find the email suspicious, then report it per your organization’s processes, or delete the email and block the sender.

Added protections

Here are some additional measures to help protect your clients, your colleagues, your organization and yourself against cybercriminals:

  • Establish processes for working with stakeholders: Talk with your organization’s stakeholders about cybersecurity. Identify concerns such as access to information and potential situations that could arise (like phishing). Implement proactive measures. For example, have a plan to manage and verify unexpected requests that stakeholders might receive via email.
  • Limit, guard, delete: Protect valuable information by limiting, guarding and deleting access to it. If highly sensitive client files are stored on your laptop, for example, limit access only to those who absolutely need it. And then guard that access by ensuring the files are password-protected and stored in a controlled location (such as a cloud site approved by your organization) with appropriate access settings. Finally, delete files or their access when they’re no longer in use.
  • Update apps, operating systems and software: As soon as they’re available, download and install the latest versions of all computer and smartphone apps, operating systems and software that you use. Updates typically contain fixes (or “patches”) to protect against cybersecurity risks. Unfortunately, cybercriminals continue to exploit vulnerabilities. The WannaCry ransomware attack that cost global businesses a total of $8 billion in 2017 reportedly took advantage of outdated Windows XP software.
  • Use multi-factor authentication for account security: Enable multi-factor authentication (also known as “MFA,” or “two-step verification”) when available for your accounts that contain valuable information, such as those for social media, email and banking. This way, you not only need a password to sign into an account, but also a unique identifier such as a code you receive via text message, an authentication app or fingerprint. This helps ensure that in the event somebody gets ahold of your password, they would still need a second verification method to access your account.
  • Consider using a password manager: Password-management software can create, store and change passwords for your accounts. Strong, unique passwords help protect accounts from unauthorized access, but password managers go a step further by automatically generating and storing complex passwords for all of your accounts, which would be difficult for cybercriminals to guess. You only have to remember one password (for the software itself), rather than many. If you’re interested in password managers, research the options available before selecting the one that best suits your needs.


In 2017, multi-industrial conglomerate Maersk lost upwards of $300 million from the effects of a computer virus known as NotPetya. This past January, on a panel at the World Economic Forum, Maersk Chairman Jim Hagemann Snabe said, “It is time to stop being naïve when it comes to cybersecurity. Many companies will be caught if they are naïve. I think that it is important that we are not just reactive but proactive.”

Proactivity is indeed the key. Cybersecurity might seem scary, but the good news is that changing a few habits can make your sensitive information far more secure.

Pete Donahue

Pete Donahue is an internal communications manager at Johnson Controls, a global multi-industrial leader, and a proud member of PRSA Oregon. Follow him on Twitter (@Comms_Pete) for more insight on employee engagement and communications.

Comments

No comments have been submitted yet.

Post a Comment

Editor’s Note: Please limit your comments to the specific post. We reserve the right to omit any response that is not related to the article or that may be considered objectionable.

Name:
Email:
Comment:
Validation:

To help us ensure that you are a real human, please type the total number of circles that appear in the following images in the box below.

(image of four circles) + (image of six circles) + (image of five circles) =

 

 

Digital Edition