Morgan Stanley lays out 3 cybersecurity best practices for equipment dealers

With fraudulent activity increasing and posing a risk to equipment dealers, lenders and services providers, maintaining cybersecurity best practices is still the best way for an organization to protect itself. 

Ransomware attacks affected 72.7% of worldwide business organizations in 2023, according to research firm Statista. As organizations look to manage these threats, following three simple best practices can help provide a 90% effective cybersecurity solution, Prashanth Challa, managing director and head of wealth management cybersecurity at Morgan Stanley, said last week during the 2024 AED Summit in Las Vegas. 

Challa, a former hacker for the National Security Agency, listed the following best practices as the most effective for cybersecurity: 

Patch everything 

Whenever a security breach occurs, organizations need to patch any breaches with a software update, Challa said. Breaches create vulnerable targets for hackers and fraudsters, but the existence and public knowledge of a patch also create a target; organizations that do not update their software will be vulnerable to the hack that initially required the patch. 

“There could not be anything more important: Patch everywhere,” he said. “Most hackers never write a new attack in their entire career because it is too difficult. Most of the time, we let NSA and the other governmental equivalents do that.”

Enable a password manager and multifactor authentication 

Using password managers and multifactor authentication improves cybersecurity because it makes it more difficult for hackers and fraudsters to access accounts and information as the traditional approach to passwords becomes increasingly outdated, Challa said.  

“The password by itself is no longer considered the gold standard of authentication,” he said. “Your password falls into a category called ‘something you know.’ It is a secret thing only you are supposed to know. Your phone falls into a different category: something you have; it is a physical object.” 

The need for these measures continues to grow in importance, as 79% of account takeover attacks initiated in 2024 began with phishing attempts that could have been prevented, according to cybersecurity software provider Egress’ 2024 Email Risk Report. 

Be very careful with links and attachments in email 

Being mindful of links and attachments in emails helps reduce cybersecurity risks, with email being a primary means for security breaches. For hackers, email attacks are simple and effective and give them the ability to attack a high volume of people, Challa said.  

 “The final one is the most difficult because it requires judgment but be very careful looking at links or opening attachments, particularly in email,” he said. “Modern phishing is what we call spear phishing, specifically crafted to entice that particular person.” 

In fact, 94% of organizations experienced email security incidents in 2023, according to the Egress report. 

While it is impossible to reduce risk to zero, following these three best practices offers a cybersecurity solution for almost every threat, Challa said. 

“There is always some risk because hackers are clever, and nothing is set,” he said. “If anyone ever tells you they have a foolproof solution in cyber or really anything else, they’re either lying or they don’t know any better.” 

Registration is now available for Equipment Finance Connect. The dealer-centric equipment lending and leasing event of the year offers opportunities for dealers to learn new strategies, foster valuable partnerships and emerge with ideas to immediately apply to their businesses. Learn about free dealer registration at EquipmentFinanceConnect.com.