Discussing Cyber Threats and Fraud:
Cyber threats are not typically discussed until a company is impacted.
Consider discussing cyber threats and fraud with your employees weekly. This is one of the most cost effective methods to reduce your cyber risk and prevent fraud. There are also a number of events discussing cybersecurity and fraud; contact your Banker, Chamber of Commerce or Rotary Leader.
Below are great sources to learn more about cyber security, cyber threats and fraud.
Training Your Employees:
Data breaches can be caused by employees and cyber criminals.
Consider establishing basic security practices and policies for employees, such as requiring strong passphrases, and establish appropriate internet use guidelines detailing penalties for violating company policies. Establish rules of behavior describing how to handle and protect customer information and other vital data.
Avoiding Shared User Accounts and Weak Passwords:
You wouldn’t share your toothbrush; avoid sharing user accounts and passwords.
Consider creating unique user accounts for each employee. In addition, remember not to assign more access to business applications than needed.
Consider migrating from passwords to passphrases ([email protected]). This can be facilitated via a password vault such as LastPass. In addition, apply multi-factor authentication to your email accounts, social media, business applications and network devices (e.g., firewalls).
Which employees have access to my network and applications?
Consider restricting employee access to your network and applications. Employees should only be given access to specific data and application functions (e.g., wire processing) based on their jobs, and should not be able to install any software without permission.
Watching Out For Suspicious Emails:
I won the lottery! I inherited $2 million dollars! There’s a pending bank transfer! My account is frozen!
Cyber criminals often send malicious emails to phish for information, install malware or both. Be vigilant – watch for warning signs.
Business Email Compromise (BEC):
BEC targets individuals and businesses of all sizes. An email is typically received from a business associate providing a change in normal wire transfer instructions. The changes may include a new beneficiary, financial institution, routing number and account number. There are several variations of this scheme including:
- A home buyer or attorney receives an email from the title company requesting a change in wire transfer instructions. The title company’s email is fraudulent, and the funds are wired to an account controlled by the scammers.
- A scammer sends a fraudulent email appearing to come from a known business associate, vendor or supplier. The email contains a change in wire transfer instructions diverting legitimate payments to accounts controlled by the scammers.
- You receive an email from your company’s Chief Executive Officer (CEO) instructing you to process an immediate wire transfer to a new beneficiary. The CEO is unavailable to discuss this transaction and requires your urgent response. In this case, the scammer created an email account resembling the one your CEO uses.
The BEC scam can be prevented by calling back the sender using a known, valid number, to verify legitimacy.
Installing Anti-Malware and Applying Software Updates:
Companies often forget to install or renew their anti-malware service. This is discovered once computers are infected with malware, information is stolen or both.
Consider installing anti-malware on your computers and phones. This protects your employees from compromised websites as well as malicious email attachments and weblinks. If possible, purchase software developed by U.S. based companies (e.g., Sophos and Malwarebytes). The software chosen should also automatically apply updates to your computers’ operating systems to fix vulnerabilities.
Installing Firewalls and Virtual Private Networks:
I have anti-malware software installed on my computers and phones; that’s good enough.
Consider installing a network firewall as another layer of protection. These firewalls can prevent outsiders from accessing data on your private network. Firewalls can also prevent employees from accessing questionable or inappropriate websites, block malware, fend off cyber-attacks as well as provide virtual private networks for remote users.
Backing Up Your Data:
Companies often forget how valuable their information is until it’s lost. Once lost, panic and sadness quickly follows.
Consider backing up your information to 3 different sources. For example, saving data to the cloud, an external hard drive well as another location (e.g., safe deposit box, safe or vault). Also, don’t forget to test if you can restore your backups!
Did someone reset my password? Why is my account locked? Who made that transfer?
Staying alert to critical events allows business owners to detect suspicious activity. Consider applying SecureAlerts to your online and mobile banking accounts.
Reviewing Mobile Apps:
Do you know how many Apps are on your devices? When was the last time you checked the App permissions? Do those Apps really need to read text messages?
Consider downloading mobile apps from only authorized play stores. Before downloading Apps check the permissions and reviews. Also, if you don’t need the Apps consider deleting them.
Freezing Your Credit:
I didn’t purchase a new car. When did I take out a loan? When did I apply for those credit cards?
A credit freeze suspends anyone from accessing your credit report, which means neither you nor identity thieves can open new lines or credit or loans in your name. Request Experian, Transunion and Equifax freeze your credit.
Securing Your Wireless Network:
Set it and forget it?
The importance of your wireless router is often overlooked. This device is the central hub connecting your wireless devices to the internet. Consider, at minimum, all using the strongest encryption available, changing the router’s default administrator password, disabling remote management, and creating guest networks for visitors and employees.
Purchasing Cyber Liability Insurance:
My business won’t get attacked. We don’t need cyber insurance.
Many business owners assume hackers won’t target their small business, but a recent report by Verizon found that 61% of all cyberattacks hit small businesses. These attacks are often successful since small businesses are less likely to have a strong defense.
Cyber liability insurance can pay for expenses if a business suffers a data breach or malicious software attack, including customer notification, credit monitoring, legal fees, and fines.
Outsourcing Security and Technology Services:
I’m trying to grow my business; I don’t have the time or the knowledge to secure my computers and network.
Consider outsourcing the management and security of your computers and network to a managed security service provider (MSSP). These companies protect businesses of all sizes and enable business owners to grow the business. Services include, but are not limited to, network vulnerability scans and configuring devices for optimal security including the restriction of email forwarding rules.