It’s your worst nightmare: a cyberattack on your business. Businesses are increasingly becoming the victims of this crime and the majority cite reputational damage as the most destructive consequence of a cyber breach. According to Symantec’s report, about 1 in 40 small businesses are at risk of being the victim of a cybercrime – this number escalates to 1 in 2 for large businesses.
Ideally, creating an incidence response plan will help guide you through this nightmare. However, if you’re not prepared to create one, follow these tips to help mitigate financial risk:
-
Use a Restricted Computer Workstation
Identify a restricted computer workstation for your online banking functions, specifically treasury management (ACH and wire) transactions. This computer workstation should not be used for email or web browsing.
-
Ensure Anti-Virus Protection
Ensure all anti-virus and security software and other mechanisms installed in your computer workstations that are used for online banking and payments, are effective and up-to-date.
-
Promote Fraud Awareness
Fraudsters use official-looking emails and websites to lure individuals and businesses into revealing confidential financial information. Train your employees to not respond, open attachments or click on links in unsolicited emails or respond to any unsolicited requests.
-
Secure Your Computer Network
Install security systems, including routers and firewalls, to prevent unauthorized access to your computer or network. Do not use public internet access points for online banking. Apply security patches for operating systems and third-party applications, like Adobe and Java, as soon as possible after they are released.
-
Review Your Bank Accounts Frequently
Review your bank accounts frequently to ensure fast detection of any unauthorized activity. Any suspicious activity should be reported immediately.
-
Establish Strong Administrative Controls
A unique administrator password (changed frequently) and token PIN should be used and not written down or shared. We recommend utilizing multifactor authentication, dual controls, alerts, daily and weekly limits and transaction verification.
-
Establish Strong Internal Controls
Establish a method of verifying requests received via email for wire and ACH transactions. We recommend a call back to the original requester when funds are being sent to a new recipient.
It’s imperative to take a proactive stance when it comes to cybersecurity and privacy. Cybercrime should be discussed and reviewed with all employees. In a world where data breaches are becoming all too common, it’s important to consult with your IT team and experts to develop an action plan so you are armed when an incident occurs. Ultimately, it will protect your business from significant financial loss, legal fees and reputational damage.