With cybercrime and data breaches constantly in the news, many of our small business partners wonder: how do I protect my business from rampant fraud? And small businesses are right to be concerned; Unfortunately, they are three times more likely to be the targets of cyber criminals than their larger counterparts.
Learning about these threats and taking them seriously is the first important step to protecting your small business from cyber attacks. But taking active steps to plan and protect your business from cyber attacks—including working with your financial institution to minimize your risks—is just as essential. In this post, we’ll offer some basic cybersecurity tips and advice for fraud protection for your business, as well as services we offer to help keep your business finances secure. Keep reading to find out more!
What Are Different Types of Fraud and Cyber Crime Threats?
Before we delve into strategies to shield your business from online threats, it’s important to understand the many kinds of fraud and scams that you need to protect your business against. This will not only help you and your employees understand the gravity of cybercrime, but also grant awareness about what to look out for in your daily practices. Here are some common examples:
- Phishing: Fake emails, texts, and even calls, that are designed to trick users into giving away valuable information from account logins to personal details. Many are designed to look like they come from reputable institutions or organizations. Never give out your credentials or personal information unprompted and be sure to scrutinize all communications.
- Malware: Standing for “malicious software,” malware is software that harms your computer or network or gives hackers access to sensitive data.
- Ransomware: A form of malware that steals your private data and requires a payment (often substantial) in order to restore access to it or give it back. More on this below.
- Tech Support Scams: A scam in which users receive a form of communication (call, email, or browser popup), which directs them to grant remote access to their computer, or funnels them to a website that asks for login credentials.
- Credit Card Fraud: Hackers can steal both your customers’ card information, as well as your business credit card credentials through a variety of methods, from phishing to malware. If you or an employer willingly gives up credit card information to a cyber criminal, even if tricked to do so, your business might be liable.
- Data Breaches: When cyber criminals gain access to credit card data and other personal information, it’s called a data breach. Data breaches come in all sizes, so don’t assume your small business is immune.
- Accounts Payable Fraud: Applies to several different fraudulent business payment activities. The most common cyber security accounts payable fraud is ACH fraud, when hackers gain access to a business’s checking account information, they are able to initiate fraudulent transactions.
Ways to Protect Your Business from Fraud & Cyber Attacks
The above list is just a sampling of all the ways fraudsters and hackers can take advantage of the vulnerabilities of your business to access your customers’ data or gain access to your financial accounts. Because small businesses often have fewer resources and narrower margins, cyber attacks can be particularly devastating. However, savvy business owners can take a number of steps to protect both themselves and their customers from cyber crime and fraud. Here are a few important things you can do:
1. Have a Designated a Security Program Manager
Even if you don’t have the resources for a full-time IT support person on your staff, it’s still important to have an experienced, designated individual tasked with managing your cyber security systems. As Zippia explains, “a Security Program Manager is responsible for directing a team in executing security program plans to support business functions and operations.” Sometimes a smaller company’s CEO will perform these tasks, but it’s best to do so with the guidance of a hired expert. As you can see from the FCC’s Cyber Security Planning Guide, there are many, complex security tasks that responsible businesses need to undertake to keep their business safe from cyber attacks.
While we’ll outline additional things you can do to protect your business in the following sections, consider hiring a cyber security professional or training an existing staff member (or yourself!) in the most up-to-date security techniques to serve as the point person for implementing these measures. If you decide to seek outside assistance, PenTest Magazine offers some basic tips for hiring a cyber security company. And if you want to explore training options, check out these recommendations by the Cybersecurity & Infrastructure Security Training Agency (CISA).
2. Store and Share Files Safely
Your files, from day-to-day operation details to financial records, trade secrets, and personal information about you, your employees, and your customers, can be a treasure trove to hackers. With access to account numbers, social security numbers, and other pieces of identification information, hackers can access bank accounts, make major purchases on credit cards, or utilize an individual’s information to open new accounts. But hackers using ransomware can also hold your files hostage in exchange for a costly ransom, which, even if paid, doesn’t guarantee their return. In fact, 92% of organizations won’t get their data back.
In their article, “6 Smart Ways to Share Files Securely”, Business News Daily recommends cloud-based storage and sharing systems for most businesses, as they are not only secure, but also convenient for employees, since they can be accessed anywhere, anytime. The article recommends a few top options, but it’s important to do your own research to see which system would work best with your specific business and its needs.
3. Keep Networks Secure and Use a VPN
Whenever your data and devices are connected to a network, from the internet to an internal network, it leaves your business open to hacking. Gaining access to your business’s network can allow a hacker to not only also gain access to your data, but also to the systems that keep your business up and running. Especially as many businesses move from inhouse networks to cloud networks (and combinations of the two), network security becomes an increasingly important cybersecurity issue, as your business is further susceptible to global threats.
To keep your internal Wi-Fi networks secure, make sure they are private and password protected. To ensure that employees can access your company’s networks safely from any location, use a VPN (virtual private network) as well to further secure your device. As Geeks for Geeks explains, “A virtual private network is a technology that creates a safe and encrypted connection over a less secure network, such as the internet.”
4. Utilize Firewalls and Antivirus Software
In addition to keeping your networks secure, it’s also important that all computers and laptops used in your organization have firewall and antivirus technology software in place to safeguard your systems. What is a ‘firewall’? As Microsoft explains, “Data flows into and out of devices through what we call ports. A firewall is what controls what is—and more importantly isn't—allowed to pass through those ports.” Most computers have built-in firewalls, but while this might be sufficient for home use (you just need to make sure your firewall is enabled), your business computers and network might need something more robust, to keep both your data, and your customers’, extra secure.
Keep in mind that most viruses are downloaded by users, by clicking on phishing links or downloading email attachments. This is one way hackers can get around firewalls. That’s why it’s just as important to be sure that you also have high-quality, current antivirus software installed on all your computers. Your computer may come with software pre-installed. Because viruses are constantly changing to take advantage of security flaws, be sure to update it regularly, and if that software is no longer supported, replace it with something more up-to-date.
5. Require Strong Passwords and Use Password Managers
It’s important to have a policy that requires all employees to have exceptionally strong passwords, and possibly change them at set intervals if you aren’t using multi-factor authentication or two-factor authentication (MFA/2FA). Defending Digital recommends that passwords are changed quarterly, or every three months. If your employees are required to have very strong passwords that use MFA/2FA (an additional authentication step), this requirement may not be as necessary. As a cyber security expert Dave Hatter explains, "Unless you become aware of a password breach, there is no need to change your passwords regularly if each is a strong, unique password. This is even more true if you are using two-factor authentication."
So, what is a strong password? A strong password is one that is long, contains upper and lowercase letters, numbers, and symbols. It can be difficult to remember these passwords—or even come up with them in the first place! That’s why using a password manager can make all the difference. These apps can not only create unguessable passwords, but will store and automatically populate them for you, using multi-factor or two-step authentication to ensure that unauthorized individuals are not able to access secure accounts.
6. Create a Fraud and Cyber Crisis Action Plan
As CISA explains in their Cyber Guidance for Small Businesses, “Cyber incidents have surged among small businesses that often do not have the resources to defend against devastating attacks like ransomware.” They recommend creating an Incident Response Plan (IRP). Created by your Security Program Manager, your IRP will serve as an action plan for steps to take to avoid cyber security issues and respond to an issue as it happens (and its aftermath). CISA recommends to “invoke the IRP even when you suspect a false alarm,” since these “near misses” can help keep your IRP up-to-date and your employees on their toes.
A solid IRP will clearly outline what needs to be done (and by whom) when there is detected fraud, a data breach, or another type of cyber threat risking the security of your businesses systems, data, or financials. All employees should be aware of this plan and understand what their responsibilities would be in every case.
7. Use Treasury Management Services
As we explain in our post, “What is Treasury Management and Why Does My Business Need It?”, financial institutions can provide a number of treasury management services to help you manage your cash flow, investments, and other assets, streamlining your business’s finances. The upshot of this is that utilizing these secure services also minimizes your reliance on your own, often less-secure, internal financial management systems. Services can be as simple as business checking and savings with secure mobile banking and bill pay. However, you can build your own set of treasury management services from our array of offerings, to best suit your growing businesses’ needs, while taking advantage of our integrated cyber security features, from fraud protection to secure credit card processing.
8. Keep Employees Up-to-Date on Best Practices
All your efforts could be for nothing if your employees are not current on important basic security protocols and best practices, as well as ways to avoid traps set up by hackers designed to trip up less-savvy individuals. Regular cyber security training is essential for all business employees, though the kind of training (and amount of training) may need to be tailored based on your small business, as well as your individual employees job functions, access to company networks and files, and interactions with the public.
There are many ways to train your employees, from free and low-cost online content to high-end security training portals that require routine engagement and provide regular feedback on individual employee’s risks.
Safe Business Banking with Moody Bank
While cybercrime is an unavoidable part of modern life, following the tips above can help safeguard your business from the worst outcomes, allowing it to prosper for years to come. At Moody Bank we strive to support our small business partners with the safest, most secure banking experience. Whether it’s helping your small business navigate market volatility, save money on your day-to-day practices, or stay safe from cybercrime, we’re here for you.
Our selection of Business Banking offerings, from Business Checking accounts with Fraud Protection to secure treasury management services, can not only keep your finances safe, but also simplify your finances. Looking for a safe business bank account in Texas? Stop by one of our locations today to open a business checking account, learn more about our treasury management services, and see how we can help keep your business finances safe and secure, without sacrificing convenience.
