Andrea Shaw on SMB Cybersecurity | NASDAQ Trade Talks Part 1

Practus LLPLegal Insights

smb cybersecurity on screen

Andrea Shaw Explains SMB Cybersecurity Risks

Cybercrimes impact SMBs everyday. What are they and how do you prevent them?

Practus Partner, Andrea Shaw talks about small and medium sized business (SMB) cybersecurity with NASDAQ Trade Talks Global Markets Reporter, Jill Malandrino. 

Andrea discusses the latest challenges of addressing cybercrime for small and medium sized businesses with helpful tips to stay protected and secured.  Andrea is a well-versed consumer finance, bank regulatory and privacy lawyer with over 15 years of experience as a regulator and counsel to both state and federally chartered banks. Andrea has a deep understanding of the unique challenges SMBs face, and guides them through the process with clear communication and focus.

To learn more about Andrea’s legal expertise and background, click here to view Andrea Shaw’s bio page.   

Featured SMB Cybersecurity Topics

  • The four most common types of cybercrime
  • How cybercrime is often multi-layered
  • How SMBs can prevent cybercrime 
  • What SMBs can do if they are a victim of cybercrime

Read the Video Transcription of Part 1

Jill Malandrino: Welcome to NASDAQ Trade Talks. I’m Jill Malandrino Global Markets Reporter at NASDAQ. 

Criminals are the original entrepreneurs. They are always looking for a new way to make a lot of money and, as our world becomes more and more digital, criminals are digitizing too. They are finding ways to access business banking accounts and help themselves to your money. 

October is national cybersecurity awareness month so you’re probably hearing about this from various places right now.  Joining me to discuss is Andrea Shaw, partner at the law firm, Practus, LLP,  who has extensive experience on the regulatory and legal side of cybersecurity enforcement. 

Andrea it’s great to have you with us. Welcome to #TradeTalks. 

Andrea Shaw: Thank you so much. it’s a pleasure to be here. 

Jill Malandrino: Andrea let’s start with an overview of cybercrimes impacting businesses and what to do if you find yourself in this unfavorable position.

Andrea Shaw: Yeah, it is really a scary place out there online these days and we’re not going to talk about every potential cybercrime today because we’d have to be here all week. So, I thought we’d focus on four that are pretty common and have significant impact. Especially in the small business world. You’ve probably heard most of these before. 

The first one is phishing. That’s with the “P-H” not with an “F”. It’s not down in the lake. That’s when the bad guys are sending you emails or sending you links or text messages trying to learn more about you to get information they can then use to further some other sort of scheme. 

Another common cybercrime we’re seeing is malware ending up installed on small business’s laptops, phones and equipment. The malware gives the bad guys a gateway into the business computer system where they can do all kinds of really fun stuff for them; really bad and time-consuming things for the business. 

Once they get the malware they’ll add ransomware to the hardware. Ransomware is a real problem because they’ll encrypt all of the data on the computer system and hold it for ransom. They ask for Bitcoin or untraceable currency (usually some sort of digital currency) in order to restore your data. Sometimes they really do it. Sometimes they don’t. 

What’s really interesting about the ransomware aspects right now is that the governing regulatory body in this space has come out and said that it may not be legal to pay ransomware depending on where that’s coming from. So, there are all sorts of complications if that happens. 

Last, but certainly not least, businesses should be thinking about “corporate account takeover.” That’s when the bad guys somehow get your online banking credentials and take over your online banking account. Once they’re in there, the sky’s the limit. They can take all the money out of your account and it can be a significant financial loss for the businesses. 

Jill Malandrino: Andrea, are these types of cybercrimes mutually exclusive. 

Andrea Shaw: They aren’t and a lot of times they end up layered. 

For example you’ll start with a phishing attack. You get enough information so then you can somehow get malware on the computer. The malware opens the door for the ransomware. Usually there are phishing attacks that lead to the corporate account takeover. 

So, they sort of all work together. Cybercriminals are really good at teamwork, ironically. I always think if they just use their power for good, they could make a lot of money instead of stealing. 

Jill Malandrino: That’s a really good point, actually. The question is, “How do you prevent cybercrime?” 

Andrea Shaw: The best thing you can do, especially as a small business owner, is have strong password controls. This is more than just making sure you have a password. 

Don’t use your dog’s name. And that is so common that I’ve seen a t-shirt that says, “Oh shoot, I was hacked! I have to rename my dog.” 

Use a password that’s not a real word. Have it be long. The longer the password, the harder it is to crack. 

There have been studies that show the length of password is almost one of the best things that you can do [to prevent a hack or cybercrime into your accounts].

The other important thing of course is to have updated virus protection and firewalls . If you don’t have that expertise, this is one area where it’s really worth spending a little money and getting that expertise to protect your business. 

It is not quite as easy as hiring an expert to help you with your virus protection is employee training. Employees need to be aware and understand what these risks are to help you mitigate it.

Another important thing to think about is talking to your insurance provider about cyber insurance. 

I actually had a small business client have a data breach. It wasn’t massive but he had coverage and that helped him pay his legal fees, which I particularly was fond of. It also helped him recover some of his losses. 

Jill Malandrino: So, what should companies and individuals do if they become a victim? 

Andrea Shaw: First and foremost, if it’s involving any of the financial aspects, tell your bank right away. They can often do things to help block and prevent further losses. 

Change your passwords. Change them to a strong password. You also want to file a police report. Oftentimes these criminals are untraceable but you never know what sort of high-level investigations are going on where your additional information will be the key to unlocking a larger scheme. 

If a breach happens, make sure you update your virus protection.

Jill Malandrino: Andrea, this is incredibly valuable advice. Thank you so much for joining us on #TradeTalks.

Andrea Shaw: It’s my pleasure. Thank you! 

Jill Malandrino: Thanks for joining me. I’m Jill Malandrino, Global Markets Reporter at NASDAQ.

 

Practus, LLP provides this information as a service to clients and others for educational purposes only. It should not be construed or relied on as legal advice or to create an attorney-client relationship. Readers should not act upon this information without seeking advice from professional advisers.