The make-up of cyber criminals is diverse — representatives of foreign governments, international organized crime rings, individuals working alone, and hacking collectives are all trawling the Web for a window of opportunity. It is estimated that 97 percent of U.S. companies have been hacked or will be hacked. Oftentimes businesses aren’t even aware that they’ve been compromised. “The cybercrime environment is multi-layered, it’s incredibly active, it’s 24-7,” Bodden said. “If you believe that the bad guys are always one step ahead, in this case they really are.” Consumers can protect their information by creating secure passwords and using two-step authentication whenever available. They also should be wary of email-based phishing attacks, which can be protected against with a careful eye. Some signs that an email may be fraudulent include poor grammar and punctuation or bizarre phrasing.

“What happens is I’ll click on a link and that link will actually take me to what appears to be a legitimate site and I’ll enter information,” Bodden said. “Once I’ve entered that information, the bad guy’s site will then forward me on to the legitimate site and you’ll never know that there was that intermediate step in between. A lot of this happens and people don’t even know it. The only time they find out is when somebody has bought their credit card number on the black market and all of a sudden they’re seeing purchases at electronic stores or gift cards, which are two of the most favorite ways that cyber criminals monetize stolen identities.”

Mobile device management is an up-and-coming area of cybersecurity. For example, some systems allow for remote data wipes when a mobile device is lost or permit the company to download updates. GreyHeller’s ERP Firewall protects users by implementing two-factor authentication at the field level. Data masking, logging and analysis, and location-based security also are rising trends in the industry. GreyHeller will kick off the new year with a series of cybersecurity webinars. The first will debut on Jan. 7 and focus on Oracle PeopleSoft security for higher education. These systems often host the same information banks do, making them an attractive target for cyber criminals.

“Higher education is especially challenged by cyber criminals because they have by definition very open networks,” Bodden said. “They’re not behind a firewall, so higher education institutions have to have all of their web applications out and accessible in the wild and on the internet. The bad guys know this and so higher education is one of the top industries that is actually targeted by cyber criminals.”

The Jan. 14 webinar centers on PeopleSoft human resources systems, which also typically contain sensitive information vulnerable and valuable to hackers.

“Before the human resources systems were mobilized, they could pretty well contain them behind the corporate firewall,” Bodden said. “But now that a lot of these systems have been mobilized so you can access your paycheck, you can change your benefits, you can do a lot of employee self-service and manager self-service from your mobile device, that exposes those systems to the internet and the bad guys know that so they’re going after them.”

The third and final webinar on Jan. 21 will be presented alongside Duo and discuss two-factor authentication.