5 ways to combat online threats

Small business owners are a more attractive target for cybercriminals than they may realize. The reality is these bad actors increasingly prey on small businesses. In 2020, the FBI received 791,790 complaints of internet related crime with reported losses exceeding $4.1 billion, according to the FBI's 2020 Internet Crime Report. The most complaints came from phishing scams, with over 240,000, followed by business email compromise (BEC), with over 19,000 complaints, and almost 2,500 complaints of ransomware incidents. Keep in mind that these stats reflect only reported complaints — many go unreported.

You can protect your business by remaining vigilant and well-informed. Review the following tips to help your business stay safe from online threats.

1. Evaluate your risks

The first step in planning a good defense is to identify potential threats and vulnerable assets. You may not be able to tackle everything, especially if you have limited budget or IT capabilities, but assessing your risks can help you prioritize.

After you've identified your own critical assets and processes, plan to protect them with a combination of tools and policies. A consulting firm that stores confidential client information should consider developing a plan to protect that data. It could adopt technology for encrypting sensitive files and establish rules barring downloads to personal devices. An online retailer's top concern is ensuring that customer account and transaction information is secure. It might limit access to its customer database to a few key employees and ensure that the company's e-commerce site is continuously monitored for malware.

2. Improve your security hygiene

Your business must tailor its own security plan to fit its needs, but you can start by following some good baseline habits. Choose anti-malware software from a reputable provider that automatically updates to block new threats and have a firewall in place to filter traffic entering and leaving your network. Set your operating systems and web browsers to automatically update to the latest versions. Pick a reliable data backup system and set it to run automatically and frequently. This may help you recover quickly if you lose access to data or need to reformat an infected system.

If employees conduct online banking or other financial transactions, consider using a dedicated device with no email or web browsing capability. Limiting the functionality of the device lowers the risk that it will be compromised. An IT consultant can help you set up a dedicated device.

3. Leverage your bank's fraud prevention tools

Look for banking tools and services that can help protect your online banking activity. Positive Pay and ACH Positive Pay services, which allow businesses to review and verify check and electronic transactions on their accounts. Use a dual-approval process for making electronic payments so that one person initiates the payment and another releases it using a different device. Since cybercriminals would need both employees' login credentials, this reduces the risk of fraud.

4. Educate yourself on common fraud schemes

Knowing the tricks and techniques that cybercriminals use can help keep you and your team from falling victim to them. In one scheme known as business email compromise, attackers impersonate a CEO or other executive with an urgent request to wire funds to an overseas account. These attacks — which sometimes involve a fictitious third party, such as a law firm or government agency — typically target companies that work with foreign suppliers and use wire payments. The attackers study their victims' business practices and routines before they strike and may even know when the spoofed executive will be traveling.

The fraudsters' requests may not be out of the realm of how the business normally operates. A CEO who's traveling may have an opportunity come up with a client, and they may need payment immediately. Employees want to help, so they'll comply.

Ransomware attacks, in which criminals lock files or programs until a sum of money is paid, are also on the rise. These attacks are usually spread through infected websites, pop-up ads, or email attachments. Victims will see a pop-up message saying their data has been encrypted and they are instructed to pay a ransom to regain access to their files.

5. Set rules for mobile device use

As employees increasingly use their personal smartphones and tablets for work, it's important to set mobile device policies that protect company information. These might include forbidding employees from storing sensitive files on their phones or using unsecured public Wi-Fi connections where hackers can easily intercept information. Consider requiring employees to protect their devices with long, hard-to-guess passwords, and to use only devices that have the manufacturers' controls intact.

There's been a lot of talk about jailbroken or rooted devices, which essentially means they've been wiped clean. That takes away the security features that have been built into a device, and it can come with a huge risk. You might consider explaining to employees that these altered devices may jeopardize business data, and they should not be used for work purposes.

More information

We are committed to helping your business reach its potential. Our dedicated business banking professionals can help you find the right product to match your business' needs. To learn more about security, please call 1-800-428-7463, visit us online, or visit your nearest Citizens branch.