Be much more vigilant and obtain better security/usability training to avoid falling prey to scams in the first place Use enterprise-grade VPNs to avoid getting snooped on while traveling.
Enterprises can adopt more fine-grained security postures (e.g., stricter access controls when traveling) and track the behavior of these high-profile C-level executives’ IT assets (e.g., laptop, tablet) to check for signs of compromise as soon as possible to minimize the damage Use two-factor authentication where possible.
Don't install the software you weren't expecting to install (for example, if you receive an email to install a software update) Verify unusual requests for sensitive information Have strong, unique passwords for important accounts, such as email, banking, etc. Have a PIN or passcode on your smartphone, in case you lose it
Mobile security. Executives and high-ranking officials are often called upon for domestic and international business travel. Their extensive use of mobile platforms while on the road and during their commutes increases the odds of a mobile security threat. Like viruses and spyware that can infect computers, there are security threats specific to devices such as smartphones, tablets, and connected IoT devices. Mobile threats can be divided into four basic categories: application-based threats, web-based threats, network-based threats, and physical threats. Biggest mobile security threats: *Data leakage, *Social engineering, *Wi-fi interference, *Out-of-date devices, *Cryptojacking, *Poor password hygiene, *Physical device breaches
Increased Likelihood of Cyber Crimes against Businesses. No matter the size of the organization, one of the most prominent challenges executives face is the risk of their business becoming a cyber crime target. Common motives for attacking a principal are financial, revenge, or activist related. Now more than ever, executive digital protection has become a business necessity. And with cyber crimes against businesses on the rise, it’s only a matter of time before executives are face to face with a cybersecurity threat
Social media. An executive’s social media habits and preferences can be leveraged by a threat actor to gain access to their data, and in turn, damage their organization’s brand. When considering any form of executive digital protection, analyzing the social media usage of the executive and their family should be a key part of the conversation. Hackers can use public information on social media platforms such as LinkedIn, Instagram, Facebook, and other sites to build profiles of targets. This profile can be used to tailor a phishing attack or coerce the target. An attack on an executive can cause a significant amount of brand damage. And being able to protect them on the cyber front is very important.
Business Email Compromise Scams (BEC). When targeting high level executives, hackers might rely on a combination of attacks: whaling phishing attacks, executive impersonation, and business email compromise. Business email compromise (BEC) scams can combine spear phishing, email spoofing, social engineering, and occasionally malware. BEC scams are an increasing problem for businesses of all sizes, resulting in massive losses to organizations. What makes these messages more devious is that they can usually avoid the spam filter since they’re not a part of a mass-mailing campaign. BEC scams are more targeted in nature, and typically avoid the usual spam indicators that get flagged by most email servers. Insider threats. What can executives do to protect themselves and their company against insider threats?
To reduce the chances of a breach caused by current employees, former employees, contractors, or business associates, cybersecurity professionals recommend auditing, securing, and regularly patching software as the first step. Applications to secure: *Legacy systems, *Communication and collaboration apps, *Cloud storage and file sharing tools, *Finance and accounting tools, *Social media and intranets
Mobile security. Executives and high-ranking officials are often called upon for domestic and international business travel. Their extensive use of mobile platforms while on the road and during their commutes increases the odds of a mobile security threat. Like viruses and spyware that can infect computers, there are security threats specific to devices such as smartphones, tablets, and connected IoT devices. Mobile threats can be divided into four basic categories: application-based threats, web-based threats, network-based threats, and physical threats. Biggest mobile security threats: *Data leakage, *Social engineering, *Wi-fi interference, *Out-of-date devices, *Cryptojacking, *Poor password hygiene, *Physical device breaches
Increased Likelihood of Cyber Crimes against Businesses. No matter the size of the organization, one of the most prominent challenges executives face is the risk of their business becoming a cyber crime target. Common motives for attacking a principal are financial, revenge, or activist related. Now more than ever, executive digital protection has become a business necessity. And with cyber crimes against businesses on the rise, it’s only a matter of time before executives are face to face with a cybersecurity threat
Social media. An executive’s social media habits and preferences can be leveraged by a threat actor to gain access to their data, and in turn, damage their organization’s brand. When considering any form of executive digital protection, analyzing the social media usage of the executive and their family should be a key part of the conversation. Hackers can use public information on social media platforms such as LinkedIn, Instagram, Facebook, and other sites to build profiles of targets. This profile can be used to tailor a phishing attack or coerce the target. An attack on an executive can cause a significant amount of brand damage. And being able to protect them on the cyber front is very important.
Business Email Compromise Scams (BEC). When targeting high level executives, hackers might rely on a combination of attacks: whaling phishing attacks, executive impersonation, and business email compromise. Business email compromise (BEC) scams can combine spear phishing, email spoofing, social engineering, and occasionally malware. BEC scams are an increasing problem for businesses of all sizes, resulting in massive losses to organizations. What makes these messages more devious is that they can usually avoid the spam filter since they’re not a part of a mass-mailing campaign. BEC scams are more targeted in nature, and typically avoid the usual spam indicators that get flagged by most email servers. Insider threats. What can executives do to protect themselves and their company against insider threats?
To reduce the chances of a breach caused by current employees, former employees, contractors, or business associates, cybersecurity professionals recommend auditing, securing, and regularly patching software as the first step. Applications to secure: *Legacy systems, *Communication and collaboration apps, *Cloud storage and file sharing tools, *Finance and accounting tools, *Social media and intranets
Unsecured wireless networks. While public wireless networks provide great convenience, allowing people to connect to the Internet from almost anywhere, they are unsecure and can allow cybercriminals access to your Internet-enabled devices. Beyond the typical public wireless networks found at airports, restaurants, hotels, and cafes, they are increasingly available in other places, such as on airplanes and in public parks.
Publicly accessible computers. Hotel business centers, libraries, and cyber cafes provide computers that anyone can use. However, travelers cannot trust that these computers are secure. They may not be running the latest operating systems or have updated anti_x0002_virus software. Cybercriminals may have infected these machines with malicious viruses or installed malicious software.
Physical theft of devices. Thieves often target travelers. Meal times are optimum times for thieves to check hotel rooms for unattended laptops. If you are attending a conference or trade show, be especially wary — these venues offer thieves a wider selection of devices that are likely to contain sensitive information, and the conference sessions offer more opportunities for thieves to access guest rooms.
Unsecured wireless networks. While public wireless networks provide great convenience, allowing people to connect to the Internet from almost anywhere, they are unsecure and can allow cybercriminals access to your Internet-enabled devices. Beyond the typical public wireless networks found at airports, restaurants, hotels, and cafes, they are increasingly available in other places, such as on airplanes and in public parks.
Publicly accessible computers. Hotel business centers, libraries, and cyber cafes provide computers that anyone can use. However, travelers cannot trust that these computers are secure. They may not be running the latest operating systems or have updated anti_x0002_virus software. Cybercriminals may have infected these machines with malicious viruses or installed malicious software.
Physical theft of devices. Thieves often target travelers. Meal times are optimum times for thieves to check hotel rooms for unattended laptops. If you are attending a conference or trade show, be especially wary — these venues offer thieves a wider selection of devices that are likely to contain sensitive information, and the conference sessions offer more opportunities for thieves to access guest rooms.
Unsecured wireless networks. While public wireless networks provide great convenience, allowing people to connect to the Internet from almost anywhere, they are unsecure and can allow cybercriminals access to your Internet-enabled devices. Beyond the typical public wireless networks found at airports, restaurants, hotels, and cafes, they are increasingly available in other places, such as on airplanes and in public parks.
Publicly accessible computers. Hotel business centers, libraries, and cyber cafes provide computers that anyone can use. However, travelers cannot trust that these computers are secure. They may not be running the latest operating systems or have updated anti_x0002_virus software. Cybercriminals may have infected these machines with malicious viruses or installed malicious software.
Physical theft of devices. Thieves often target travelers. Meal times are optimum times for thieves to check hotel rooms for unattended laptops. If you are attending a conference or trade show, be especially wary — these venues offer thieves a wider selection of devices that are likely to contain sensitive information, and the conference sessions offer more opportunities for thieves to access guest rooms.
Unsecured wireless networks. While public wireless networks provide great convenience, allowing people to connect to the Internet from almost anywhere, they are unsecure and can allow cybercriminals access to your Internet-enabled devices. Beyond the typical public wireless networks found at airports, restaurants, hotels, and cafes, they are increasingly available in other places, such as on airplanes and in public parks.
Publicly accessible computers. Hotel business centers, libraries, and cyber cafes provide computers that anyone can use. However, travelers cannot trust that these computers are secure. They may not be running the latest operating systems or have updated anti_x0002_virus software. Cybercriminals may have infected these machines with malicious viruses or installed malicious software.
Physical theft of devices. Thieves often target travelers. Meal times are optimum times for thieves to check hotel rooms for unattended laptops. If you are attending a conference or trade show, be especially wary — these venues offer thieves a wider selection of devices that are likely to contain sensitive information, and the conference sessions offer more opportunities for thieves to access guest rooms.
Non-technical executives often tend to think of cyber risk in terms of technological threats. This is a problem for several reasons. For one thing, when company leaders — who are often nontechnical — believe that cybersecurity is a technology problem, it makes the cyber risk even more frightening than it already is because they don’t understand it. Rather than attempting to manage cyber risk, those executives will outsource it, either relying on their IT or security organization to manage cybersecurity for the entire company or by trying to buy their way out of a breach, investing in solutions that will protect their data and networks.
Harvard Business Review recently wrote about the pitfalls of cybersecurity efforts that focus only on technology. HBR paints a bleak picture of meetings filled with tech jargon that CEOs and boards accept but don't understand, and threats unaddressed in favor of long mitigation lists.
Executive vulnerability assessments. Quantifying executives’ cyber risk vulnerability across the entire network – including their families – is essential. Assessments should cover not only the potential for corporate compromise but also individual and family compromises. Assessments can involve one-on-one discussions and data gathering, including examinations of both the open and dark web to evaluate an executive’s cyber security risk. Organizations can take steps to secure the executive and their family members with individualized cyber security solutions to bolster resilience in this particularly vulnerable threat vector.
Awareness campaigns. Mitigating executives’ cyber risk can include information governance, training on phishing and social engineering attacks, instruction on reducing exposure, and sharing knowledge of emerging fraud schemes. Resilience begins with executives’ awareness of the problem and guidance on how they can address their own risk. As with any culture change, building organizational cyber resilience works best when executives lead by example: modeling a culture in which every employee believes it is their responsibility to build and maintain a level of cyber vigilance. Implementation of cross-functional governance programs as well as comprehensive cyber awareness training programs – collaborating with learning and development experts in HR – can accelerate cyber risk maturity. Setting cyber maturity goals and expanding accountability for cyber resilience to leaders beyond the chief information security officer are also important.
Risk transfer. Risk-transfer mechanisms such as cyber insurance can help executives address the impact of identity theft, business email compromise losses, and ransomware attacks. Beyond cover that protects the organization from cyber attack losses, executives might consider adding a layer of personal identity theft protection. Many companies offer such coverage as an employee benefit and, while the market for personal cyber insurance is evolving, companies could consider offering it to board members, executives, and employees.
Executive vulnerability assessments. Quantifying executives’ cyber risk vulnerability across the entire network – including their families – is essential. Assessments should cover not only the potential for corporate compromise but also individual and family compromises. Assessments can involve one-on-one discussions and data gathering, including examinations of both the open and dark web to evaluate an executive’s cyber security risk. Organizations can take steps to secure the executive and their family members with individualized cyber security solutions to bolster resilience in this particularly vulnerable threat vector.
Awareness campaigns. Mitigating executives’ cyber risk can include information governance, training on phishing and social engineering attacks, instruction on reducing exposure, and sharing knowledge of emerging fraud schemes. Resilience begins with executives’ awareness of the problem and guidance on how they can address their own risk. As with any culture change, building organizational cyber resilience works best when executives lead by example: modeling a culture in which every employee believes it is their responsibility to build and maintain a level of cyber vigilance. Implementation of cross-functional governance programs as well as comprehensive cyber awareness training programs – collaborating with learning and development experts in HR – can accelerate cyber risk maturity. Setting cyber maturity goals and expanding accountability for cyber resilience to leaders beyond the chief information security officer are also important.
Risk transfer. Risk-transfer mechanisms such as cyber insurance can help executives address the impact of identity theft, business email compromise losses, and ransomware attacks. Beyond cover that protects the organization from cyber attack losses, executives might consider adding a layer of personal identity theft protection. Many companies offer such coverage as an employee benefit and, while the market for personal cyber insurance is evolving, companies could consider offering it to board members, executives, and employees.
