Many cybercriminals would say ‘yes.’

11.5 Trillion dollars. An unfathomable amount of cash—and yet, this is the amount that cybercrime is predicted to cost the world in 2023—skyrocketing up 40% from 2022. But why is this number so massive? The answer is pretty simple. As new technological advances are made, cybercriminals benefit, too. Every year, they tap into all sorts of new capabilities, and if your clients include churches, municipalities, healthcare facilities or schools, they’re considered top-tier targets.

Check out these industry-specific stats from Privacy Sharks:

HEALTHCARE

• Healthcare cybersecurity breaches cost more than breaches at other industries: around $17.3 million each year.
  
• On average, healthcare services have had 113,491 confidential files exposed per organization.
  
• In the past two years, 89% of healthcare organizations have experienced a data breach and in the past three years, 93% have experienced one.
  

EDUCATION

• Schools are the second most targeted industry for ransomware attacks.
  
• Out of 17 industries, education was ranked as the least secure when it comes to cybersecurity.
  
• Education records are highly profitable for cybercriminals, selling for up to $265 per record on the Dark Web.
  

RELIGIOUS ORGANIZATIONS

• Churches are the most targeted group when it comes to phishing attacks.
  
• Every 60 seconds, $17,700 is lost because of a phishing attack.
  
• Phishing attempts increased by 667% in March of 2021.
  

MUNICIPALITIES

• S. Governmental entities had 1.2 billion sensitive records compromised in 2018 alone.
  
• Ransomware is used on about 30% of government attacks.
  
• The average amount of monthly ransomware transactions in 2021 was a massive $102.3 million.
  

LOCAL BUSINESSES

• An average ransomware attack on a business costs about $133,000, and the overall loss a company incurs due to a data breach is around $3.92 million.
• Over 77% of businesses lack an incident response plan when it comes to cybercrime.
• Small businesses, those consisting of between 1 and 250 employees, are most at risk of receiving malicious emails —with 1 in every 323 being targeted.

It’s terrifyingly easy for today’s hackers—and your clients could be at much more risk than they realize. But there are several things you can help them do (and you can do at your agency as well,) to deter these times of malicious attacks. It all starts with communication and education. The more that you, your agency’s employees and your clients know about cybercrime and red flags, the better. Here's a quick regroup on best practices for red flag spotting.

Recognize red flags: 

• Emails that make you feel like you need to rush to do something—because they request a fast response or talk about some sort of immediate deadline
  
• Emails with misspellings and grammatical errors
  
• Emails that want you to click on links or open documents
  
• Names, email addresses and websites that are misspelled— (they can be off by just one letter, so look closely)
  
• Misleading links – (if you see a link, hover over it with your mouse before clicking to see what website appears. Does it send you to where it indicates, or does the website look strange?)
  
• Any email involving money—telling you that you owe something or have to pay a bill, or asking you to log in to your bank account to fix something
  
• “Winning” content that offers you a prize of some sort

Recognizing the warning signs for cybercrime is a great first step—but more can be done to proactively protect your agency and the clients you serve. Consider these best practices, too.

Smart cyber practices: 

• Click with caution – A general rule of thumb that can give a big boost to your overall security is: don’t click on any links in email or text. If you think someone you know is sending you a link, double check with them personally before opening it.
  
• Power up passwords – Substitute passwords for full passphrases, complete with characters and symbols, for example “TwinkleTwinkleLittleStar7&9.” Change them every six months or more.
  
• Step up your security question game – Don’t choose security questions with answers that people could find online (for example: What was your childhood street? or Who is your favorite band?) When you talk about things online (or share photos of a concert with your favorite band,) these questions become all too easy to hack.
  
• Communication is key – Cyber threats are changing all the time—so stay up-to-date on the latest best practices, read up on expert recommendations, and share them with your team and your clients.

As we’ve seen over the last few years, cybercrime is predicted to continue to exponentially grow. Cybercriminals likely see many of your clients as the “perfect victims,”—and chances are they see your agency in the same light. As cybersecurity month is upon us, it’s more important than ever to talk to those around you about their risk and put some proactive, best practices into place. Check out our Cyber Security Risk Resource Hub here, and share with your clients and coworkers.