It’s your worst nightmare: a cyberattack on your business. Businesses are increasingly becoming the victims of this crime and the majority cite reputational damage as the most destructive consequence of a cyber breach. According to the FBI’s 2021 Internet Crime Report, Business Email Compromise (BEC) resulted in nearly $2.4 billion in losses, while Corporate Data Breach caused more than $142 million in losses.

Ideally, creating an incidence response plan will help guide you through this nightmare. However, if you’re not prepared to create one, follow these tips to help mitigate financial risk:

  • Use a Restricted Computer Workstation
    Identify a restricted computer workstation for your online banking functions, specifically treasury management (ACH and wire) transactions. This computer workstation should not be used for email or web browsing.

  • Ensure Anti-Virus Protection
    Ensure all anti-virus and security software and other mechanisms installed in your computer workstations that are used for online banking and payments, are effective and up-to-date.

  • Promote Fraud Awareness
    Fraudsters use official-looking emails and websites to lure individuals and businesses into revealing confidential financial information. Train your employees to not respond, open attachments or click on links in unsolicited emails or respond to any unsolicited requests.

  • Secure Your Computer Network
    Install security systems, including routers and firewalls, to prevent unauthorized access to your computer or network. Do not use public internet access points for online banking. Apply security patches for operating systems and third-party applications, like Adobe and Java, as soon as possible after they are released.

  • Review Your Bank Accounts Frequently
    Review your bank accounts frequently to ensure fast detection of any unauthorized activity. Any suspicious activity should be reported immediately.

  • Establish Strong Administrative Controls
    A unique administrator password (changed frequently) and token PIN should be used and not written down or shared. We recommend utilizing multifactor authentication, dual controls, alerts, daily and weekly limits and transaction verification.

  • Establish Strong Internal Controls
    Establish a method of verifying requests received via email for wire and ACH transactions. We recommend a call back to the original requester when funds are being sent to a new recipient.

It’s imperative to take a proactive stance when it comes to cybersecurity and privacy. Cybercrime should be discussed and reviewed with all employees. In a world where data breaches are becoming all too common, it’s important to consult with your IT team and experts to develop an action plan so you are armed when an incident occurs. Ultimately, it will protect your business from significant financial loss, legal fees and reputational damage.

By Dave Ackley, Senior Vice President, Director of Information Technology & Risk Management