New York and California. The mention of these two locations may have you conjuring up images of entertainment, celebrities, and people living the fancy life.
Unfortunately, when we mention New York and California here, we’re not referring to anything glamorous. In fact, these two states are famous for something that they don’t want to be known for: Cybercrime.
Cybersecurity firm Risk Based Security (RBS) has reported that an astonishing 90% of all cybercriminal activity occurs within these two states. That means half a billion records since January that have been compromised. The majority of this occurs through phishing emails with links that provide a way for the hacker to easily capture the credentials that they need to access an incredible amount of information.
So have hackers chosen to hone in on these states? It’s likely that since such large organizations are based there, the opportunity to hack them will reap copious amounts of data. It also means that with those large employee databases, odds are that the risk of human error is heavily weighted in their favor. An exposure or breach within a large bank or entertainment company would not only be scandalous, but it would also likely cost the affected company far more to secure and restore their reputations – a feature any cybercriminal would want to see if they were setting up a ransomware attack.
Well, I Can’t Move!
We aren’t suggesting that you pack your bags and move to another state, but if you are in these targeted areas, you should take extra precaution. Human error is always at the top of the list of risk factors in security breaches, so make sure that your team is informed, educated, and part of an ongoing testing platform that presents them with real-life scenarios. Continually remind employees that their personal behaviors can also affect the security of the company – using repeated passwords and sharing confidential information even with friends or family puts a business at risk.
It’s the Law
Know your state laws for security compliance. You may need to hire a security expert, but at the very least, ensure that your IT team or partner knows what they need to be doing to be compliant and that they are actually doing it. With the average number of 74 days passing by before the breach being realized, you are putting your business and clients within tremendous risk for damaging behavior. You must take action before the damage begins – and hopefully prevent it altogether.