Having guests outside the company join our podcast is always exciting. We did that, and more, by bringing in a guest from the FBI. In The Cowbell Factor Podcast’s new episode, our podcast host, Alexis Vaughn, invited none other than Elvis Chan, Assistant Special Agent of the San Francisco FBI, to speak about his experience with cybercrime for small and mid-sized enterprises (SMEs).
During his interview, Elvis gave helpful insights into his job and how the FBI can help SMEs if faced with a cyber event. Contrary to popular belief, small businesses are encouraged to reach out to their local field office, not just after an incident happens but even before. “Businesses should establish a good relationship with their local FBI office before an incident occurs and severe problems need to be solved immediately.”
Not only can the FBI give information and tips on cybersecurity, but after a relationship has been established, businesses can also add their FBI contact to their cyber incident response plan.
This is a helpful resource in every case. ”Even if we can’t open an investigation due to our financial loss threshold, we are very familiar with a lot of the major cybercrimes, and we can always offer guidance.”
In other cases, the FBI can get actively involved in the case: “ If your cyber insurance provider has a portfolio of recommended parties that get involved after an incident, for example, attorneys, and incident response companies, we will get in touch with them. We also participate in tabletop exercises for clients.”
In Elvis’s opinion, incident response plans (IRP) are one of the most important things that businesses can do to protect themselves from the impact of a cyber incident. “Businesses need to know exactly what they need to do if they experience an incident.”
He also recommends multifactor authentication (MFA) and system backups. “For backups, I believe in something called the three, two, one best practice. That means that businesses should have three backups of their most important data on at least two different mediums, like a cloud backup service, an external hard drive, or a tape drive. And one of those backups should be offline at all times.”
Cowbell Cyber agrees with this statement. In our support center, you can find more information on MFA, how it works, and what software offers company-wide deployment, often free of charge. Additionally, businesses are encouraged to download our incident response plan template that can give you a guideline on the most important steps to take after a cyber incident.. What’s more, policyholders can meet with our risk engineering team to perfect their IRP.
“Businesses need to know exactly what they need to do if they experience an incident.”
When it comes to cybercrime, it is essential to stay alert to new developments and trends. “Since the pandemic, I see ransomware and business email compromises as the most common form of cyber incidents”, explains Elvis. “After that come cyber-enabled fraud cases like spoofing and phishing emails, and lastly a scam called vishing, when cybercriminals write you an email that tells you to call a phone number which will get you in contact with alleged security experts or partners, who then end up stealing your data.”
Those risks don’t only apply to large companies. Often, it is the opposite. “Small businesses are oftentimes more affected by cybercrime because bigger companies have more protocol and more bureaucracy that can help prevent sending money to the wrong person.”
So, what should you do if you, for example, send money to a cybercriminal who pretended to be the CEO or important business partner? “If you experience a business email compromise, you should visit ic3.gov to put in a financial fraud kill chain request within 24 hours of wiring the money. Within this timeframe, the FBI has had an 82% success rate of getting your business the money back.”
If you are interested in learning how the FBI was involved in the Colonial Pipeline breach from last year, how they got the ransom back that they paid the cybercriminals, as well as why Elvis doesn’t normally recommend paying ransom in the first place, you can listen to the full episode on anchor.
If you are interested in getting appointed with Cowbell Cyber, you can reach out to us through our website, or by writing to [email protected].
You can visit the Cowbell Factor Podcast library to listen to last season’s episodes and stay up to date on new ones. It is available on most Podcast platforms (Spotify, Google podcast, Apple podcast, Anchor, Breaker, and Radio Public).