Contributors
Michelle Maratto
Vice President, Cyber Advisory
Sana Hashmat
Associate, Cyber Advisory
In an increasingly digital world, products and services of all kinds have made the move online. As such, the rise in cybercrime is an alarming trend. From mom and pop shops to large corporations, no entity is immune to the threats posed by cybercriminals. But what are the reasons behind this surge in cybercrime, and what practical steps can business owners take to ensure their accounts and assets remain secure? Let’s get into it.
The escalation of cybercrime
Several factors are contributing to the rise in cybercrime. Firstly, the increasing reliance on digital platforms for business operations has expanded the attack surface for cybercriminals. The accelerated digital transformation of recent years pushed businesses to adopt remote work and online services at an unprecedented rate. Rapid technological shifts can often result in insufficiently secured systems and processes, making businesses vulnerable to attacks.
The sophistication of cybercriminals has also grown. They use advanced techniques, such as phishing, ransomware, social engineering and now artificial intelligence (AI) to exploit weaknesses in both technology and human behavior. These methods are constantly evolving, making it challenging for businesses to stay ahead of potential threats.
Lastly, the lucrative nature of cybercrime has attracted a growing number of perpetrators. The global cost of cybercrime is projected to reach $23.84 trillion annually by 2027.1 This immense financial incentive drives cybercriminals to develop even more effective and damaging strategies.
The vulnerability of small businesses
Many small businesses remain woefully underprepared for the current cyber environment in which we operate. As cybercriminals go where it’s easiest, it’s important for smaller businesses to invest in their defense before being impacted.
Protecting your business accounts and assets
Given the growing threat of cybercrime, businesses must take proactive measures to safeguard their accounts and assets. Here are some key strategies to consider:
Implement robust cybersecurity policies
Establish comprehensive cybersecurity policies that outline best practices for employees. These policies should cover password management, data protection and acceptable use of company resources. Regularly review and update these policies to address emerging threats and ensure they remain relevant.
Educate and train employees
Human error is often the weakest link in cybersecurity. Conduct regular training sessions to educate employees about the latest cyber threats and how to recognize them. Encourage a culture of vigilance where employees feel comfortable reporting suspicious activities without fear of retribution.
Use strong passwords and multi-factor authentication (MFA)
Enforce the use of strong, unique passwords for all business accounts. Passwords should be long and complex and include a mix of letters, numbers and special characters. Additionally, implement MFA to add an extra layer of security. MFA requires users to provide two or more verification factors to gain access to an account, significantly reducing the risk of unauthorized access.
Regularly update software and systems
Ensure that all software and systems are regularly updated to the latest versions. Updates often include security patches that address vulnerabilities exploited by cybercriminals. Automate updates where possible to minimize the risk of oversight.
Conduct regular security audits
Perform regular security audits to identify and address vulnerabilities in your systems. These audits should include penetration testing, vulnerability assessments and risk analysis. Use the findings to strengthen your cybersecurity posture and mitigate potential risks.
Backup data frequently
Regularly back up all critical business data to a secure, offsite location. In the event of a cyberattack such as ransomware, having recent backups can ensure that you can quickly restore your data without paying a ransom. Test your backup and recovery processes periodically to ensure they work effectively.
Employ advanced security technologies
Invest in advanced security technologies to protect your business from cyber threats. This includes firewalls, intrusion detection systems, antivirus software and encryption. These tools can help detect and prevent cyberattacks, providing an additional layer of defense.
Monitor network traffic
Implement network monitoring tools to continuously analyze network traffic for unusual activities. Early detection of suspicious behavior can help you respond quickly to potential threats and minimize damage. Establish clear protocols for responding to detected threats to ensure a swift and effective response.
Secure remote work environments
With remote work now commonplace, securing remote access to your business network is crucial. Use virtual private networks (VPNs) to encrypt data transmitted between remote workers and your network. Ensure remote devices are protected with up-to-date security software and that employees follow best practices for securing their home networks.
Develop an incident response plan
Prepare for the possibility of a cyberattack by developing a comprehensive incident response plan. This plan should outline the steps to take in the event of a breach, including how to contain the attack, assess the damage and restore affected systems. Regularly test and update the plan to ensure its effectiveness.
The threat of AI and deepfakes
As technology advances, so do the methods employed by cybercriminals. AI and deepfake technology have emerged as significant threats in the realm of cybercrime. AI can be used to automate and enhance cyberattacks, making them more efficient and harder to detect. For instance, AI-driven phishing attacks can generate highly convincing emails that are personalized for specific targets, increasing the likelihood of success.
Deepfake technology, which involves creating realistic but fake audio and video content, poses a unique threat. Cybercriminals can use deepfakes to impersonate business executives or other trusted individuals, tricking employees into divulging sensitive information or authorizing fraudulent transactions. To combat these sophisticated threats, businesses must stay vigilant and adopt advanced cybersecurity measures that can detect and mitigate AI-driven attacks and deepfake content.
The bottom line
Overall, the rise of cybercrime presents a significant threat to businesses of all sizes. However, by implementing robust cybersecurity measures and fostering a culture of vigilance, you can significantly reduce the risk of falling victim to cyberattacks. Prioritize the protection of your business accounts and assets by staying informed about the latest threats and continuously improving your security practices. Remember, cybersecurity is not a one-time effort but an ongoing commitment to safeguarding your business in an ever-evolving digital landscape.
References
World Economic Forum, "2023 was a big year for cybercrime - here's how we can make our systems safer." (January 2024)
Connect with a Wealth Advisor
Our Wealth Advisors begin by getting to know you personally. To get started, tell us about your needs and we’ll reach out to you.
IMPORTANT INFORMATION
This material is for informational purposes only, and may inform you of certain products and services offered by J.P. Morgan’s wealth management businesses, part of JPMorgan Chase & Co. (“JPM”). Products and services described, as well as associated fees, charges and interest rates, are subject to change in accordance with the applicable account agreements and may differ among geographic locations. Not all products and services are offered at all locations. If you are a person with a disability and need additional support accessing this material, please contact your J.P. Morgan team or email us at accessibility.support@jpmorgan.com for assistance. Please read all Important Information.
GENERAL RISKS & CONSIDERATIONS. Any views, strategies or products discussed in this material may not be appropriate for all individuals and are subject to risks. Investors may get back less than they invested, and past performance is not a reliable indicator of future results. Asset allocation/diversification does not guarantee a profit or protect against loss. Nothing in this material should be relied upon in isolation for the purpose of making an investment decision. You are urged to consider carefully whether the services, products, asset classes (e.g. equities, fixed income, alternative investments, commodities, etc.) or strategies discussed are suitable to your needs. You must also consider the objectives, risks, charges, and expenses associated with an investment service, product or strategy prior to making an investment decision. For this and more complete information, including discussion of your goals/situation, contact your J.P. Morgan representative.
NON-RELIANCE. Certain information contained in this material is believed to be reliable; however, JPM does not represent or warrant its accuracy, reliability or completeness, or accept any liability for any loss or damage (whether direct or indirect) arising out of the use of all or any part of this material. No representation or warranty should be made with regard to any computations, graphs, tables, diagrams or commentary in this material, which are provided for illustration/reference purposes only. The views, opinions, estimates and strategies expressed in this material constitute our judgment based on current market conditions and are subject to change without notice. JPM assumes no duty to update any information in this material in the event that such information changes. Views, opinions, estimates and strategies expressed herein may differ from those expressed by other areas of JPM, views expressed for other purposes or in other contexts, and this material should not be regarded as a research report. Any projected results and risks are based solely on hypothetical examples cited, and actual results and risks will vary depending on specific circumstances. Forward-looking statements should not be considered as guarantees or predictions of future events.
Nothing in this document shall be construed as giving rise to any duty of care owed to, or advisory relationship with, you or any third party. Nothing in this document shall be regarded as an offer, solicitation, recommendation or advice (whether financial, accounting, legal, tax or other) given by J.P. Morgan and/or its officers or employees, irrespective of whether or not such communication was given at your request. J.P. Morgan and its affiliates and employees do not provide tax, legal or accounting advice. You should consult your own tax, legal and accounting advisors before engaging in any financial transactions.
Legal Entity and Regulatory Information.
J.P. Morgan Wealth Management is a business of JPMorgan Chase & Co., which offers investment products and services through J.P. Morgan Securities LLC (JPMS), a registered broker-dealer and investment adviser, member FINRA and SIPC. Insurance products are made available through Chase Insurance Agency, Inc. (CIA), a licensed insurance agency, doing business as Chase Insurance Agency Services, Inc. in Florida. Certain custody and other services are provided by JPMorgan Chase Bank, N.A. (JPMCB). JPMS, CIA and JPMCB are affiliated companies under the common control of JPMorgan Chase & Co. Products not available in all states.
Bank deposit accounts and related services, such as checking, savings and bank lending, are offered by JPMorgan Chase Bank, N.A. Member FDIC.
This document may provide information about the brokerage and investment advisory services provided by J.P. Morgan Securities LLC (“JPMS”). The agreements entered into with JPMS, and corresponding disclosures provided with respect to the different products and services provided by JPMS (including our Form ADV disclosure brochure, if and when applicable), contain important information about the capacity in which we will be acting. You should read them all carefully. We encourage clients to speak to their JPMS representative regarding the nature of the products and services and to ask any questions they may have about the difference between brokerage and investment advisory services, including the obligation to disclose conflicts of interests and to act in the best interests of our clients.
J.P. Morgan may hold a position for itself or our other clients which may not be consistent with the information, opinions, estimates, investment strategies or views expressed in this document. JPMorgan Chase & Co. or its affiliates may hold a position or act as market maker in the financial instruments of any issuer discussed herein or act as an underwriter, placement agent, advisor or lender to such issuer.
Check the background of our firm and investment professionals on FINRA's BrokerCheck
To learn more about J. P. Morgan’s investment business, including our accounts, products and services, as well as our relationship with you, please review our J.P. Morgan Securities LLC Form CRS and Guide to Investment Services and Brokerage Products.
This website is for informational purposes only, and not an offer, recommendation or solicitation of any product, strategy service or transaction. Any views, strategies or products discussed on this site may not be appropriate or suitable for all individuals and are subject to risks. Prior to making any investment or financial decisions, an investor should seek individualized advice from a personal financial, legal, tax and other professional advisors that take into account all of the particular facts and circumstances of an investor's own situation.
This website provides information about the brokerage and investment advisory services provided by J.P. Morgan Securities LLC ("JPMS"). When JPMS acts as a broker-dealer, a client's relationship with us and our duties to the client will be different in some important ways than a client's relationship with us and our duties to the client when we are acting as an investment advisor. A client should carefully read the agreements and disclosures received (including our Form ADV disclosure brochure, if and when applicable) in connection with our provision of services for important information about the capacity in which we will be acting.
INVESTMENT AND INSURANCE PRODUCTS ARE: • NOT FDIC INSURED • NOT INSURED BY ANY FEDERAL GOVERNMENT AGENCY • NOT A DEPOSIT OR OTHER OBLIGATION OF, OR GUARANTEED BY, JPMORGAN CHASE BANK, N.A. OR ANY OF ITS AFFILIATES • SUBJECT TO INVESTMENT RISKS, INCLUDING POSSIBLE LOSS OF THE PRINCIPAL AMOUNT INVESTED
J.P. Morgan Wealth Management is a business of JPMorgan Chase & Co., which offers investment products and services through J.P. Morgan Securities LLC (JPMS), a registered broker-dealer and investment adviser, member FINRA and SIPC Insurance products are made available through Chase Insurance Agency, Inc. (CIA), a licensed insurance agency, doing business as Chase Insurance Agency Services, Inc. in Florida. Certain custody and other services are provided by JPMorgan Chase Bank, N.A. (JPMCB). JPMS, CIA and JPMCB are affiliated companies under the common control of JPMorgan Chase & Co. Products not available in all states.
Please read additional Important Information in conjunction with these pages.