EXECUTIVE SUMMARY:

In 2019, 88% of enterprises reported that cyber schemes deliberately targeted executive-level leaders. Here’s how you can safeguard your person and protect the rest of your leadership team. Discover common attack types and get the latest on how to avoid falling prey to them. You don’t want to wake up to find your bank accounts drained or your client information on the dark web.

The importance of online privacy

Executives are 12X more likely to be targeted in cyber attacks than rank-and-file employees. Forty percent of companies state that their leadership team represents their highest cyber security risk. Members of the C-suite have access to financial accounts, intellectual property, client information and other resources that are attractive to cyber criminals. Understanding how to keep executives’ online data safe will enable organizations to maintain integrity and to ensure business continuity.

Common threats

1. Spear phishing. When cyber criminals set out to conduct a spear phishing attack, they begin with reconnaissance. First, they seek easily available online information about the target. Then, they may move on to more sophisticated means of obtaining personal information about an individual.While there are many means of executing a spear phishing attack, a cyber criminal or cyber criminals commonly impersonate an organization, a colleague or a friend of the intended victim, attempting to trick the individual into disclosing sensitive business data, client information or similar. In some cases, hackers aim for targets to click on malware, or to unwittingly approve remote access desktop control. New variations of this general business executive dupe frequently emerge.
2. Impersonation attempts. In this type of fraudulent activity, a cyber criminal poses as a high-level executive. The criminal then uses this “disguise” to launch a whaling attack, where another executive is then tricked into sharing information (personal information, client information…etc.,) or tricked into wiring financial resources to the criminal or criminal group. According to the FBI, $200 million or more is lost per year due to these types of attacks.
3. Mobile & device attacks. Business executives commonly engage in domestic and international travel in order to negotiate deals, expand business operations, meet with board members and more. When executives are on the move, hackers often follow. Threat actors may attempt to engage in social engineering, wi-fi interference attempts, physical device breaches and other mobile disruption attempts.Many organizations have Bring Your Own Device policies, or provide corporate phones with security applications already in-place. Either way, executive leaders are notorious for flouting the rules in order to increase their productivity levels, speak with family or friends while traveling, or for other legitimate reasons. This can make security a challenge.

Best ways to protect privacy for business executives

Spear phishing. Guard against spear phishing by deploying the right technologies and by staying cyber security aware. Consider a cyber security solution that blocks spear phishing attacks; from Business Email Compromise (BEC) attacks, to malicious attachments. Machine learning tools can also assist in anomaly identification, providing an early warning about a possible threat. Traditional security may not be enough.

Implement multi-factor authentication for accounts. In addition, train executive assistants and others on direct staff to take note of and to report cyber threats. Attack attempts on business executives may come through email, and they may also arrive via voicemail or text message.

Impersonation attempts. Executives should maintain a working knowledge of common cyber security fraud campaigns. Cyber criminals often prey on and pinch resources from executives who lack cyber security awareness. Both cyber security education and an effort to stay current with the latest trends can yield dividends in the long run.

To actively prevent the unintentional dispersal of monetary resources to cyber criminals, organizations may want to consider requiring dual authorization of monetary transfers. This can assist organizations in limiting risk. In addition, organizations may want to require for wire payment instructions to be verified through multiple channels.

Mobile & device attacks. To minimize risk of executives casting threat prevention technologies aside, ensure that your organization adopts mobile security solutions that are comprehensive, allow for easy email accessibility, protect devices from apps that leak data and that offer security analytics capabilities.

Beyond investing in security solutions, in geographic locales where the telecommunications operators are considered potentially hostile to an executives’ interests or their nations’ interests at-large, business executives should consider using hardened devices. Avoiding surveillance may be critical to continued business operations or business growth.

Organizations may also prefer to send executives on business trips with ‘burner laptops’ and ‘burner phones’ that only carry necessary PowerPoint presentations or other essential information. Items that cleared customs upon an executive’s return can be checked for malware, spyware or other security threats.

Summary

The C-suite is responsible for collaboratively working with IT to close a business’s cyber security loopholes. This includes loopholes that executives are directly responsible for; such as those created via digital communications and business travel.

Business executives should stay up-to-date regarding emerging threat types and strategies. This can help executives and IT professionals keep business data and operations safe. For more information about the security threats that business executives face, click here.