Small business owners are a more attractive target for cybercriminals than they may realize. The reality is that these bad actors increasingly prey on small businesses: In 2015, companies with fewer than 250 employees were targeted by nearly half of the online attacks known as spear phishing, according to security software provider Symantec.
You can protect your business by remaining vigilant and well-informed. Citizens Bank’s Gregg Stephens, Senior Vice President and Head of Fraud Prevention and Payment Security, and Chauncey Holden, Executive Vice President and Chief Security Officer, offer advice for staying safe.
The first step to planning a good defense is to identify potential threats and vulnerable assets. “You may not be able to tackle everything, especially if you have limited budget or IT capabilities,” Stephens says. “But assessing your risks can help you prioritize.”
After you’ve identified your own critical assets and processes, plan to protect them with a combination of tools and policies. A consulting firm that stores confidential client information should consider developing a plan to protect that data. It could adopt technology for encrypting sensitive files and establish rules barring downloads to personal devices. An online retailer’s top concern is ensuring that customer account and transaction information is secure. It might limit access to its customer database to only a few key employees and ensure that the company’s e-commerce site is continuously monitored for malware.
Your business must tailor its own security plan to fit its needs, but you can start by following some good baseline habits. Choose anti-malware software from a reputable provider that automatically updates to block new threats, and have a firewall in place to filter traffic entering and leaving your network. Set your operating systems and web browsers to automatically update to the latest versions. Pick a reliable data backup system and set it to run automatically and frequently. This may help you to recover quickly if you lose access to data or need to reformat an infected system.
If employees conduct online banking or other financial transactions, consider using a dedicated device with no email or web browsing capability. “Limiting the functionality of the device lowers the risk that it will be compromised,” Holden says. An IT consultant can help you set up a dedicated device.
Look for banking tools and services that can help protect your online banking activity. Citizens Bank offers IBM® Security Trusteer Rapport® software, which helps block malware and other types of attacks that can lead to financial fraud, as well as Positive Pay and ACH Positive Pay services, which allow businesses to review and verify check and electronic transactions on their accounts. Use a dual-approval process for making electronic payments so that one person initiates the payment and another releases it using a different device. Since cybercriminals would need both employees’ login credentials, this reduces the risk of fraud.
Knowing the tricks and techniques that cybercriminals use can help keep you and your team from falling victim to them. In one scheme known as business email compromise, attackers impersonate a CEO or other executive with an urgent request to wire funds to an overseas account. These attacks — which sometimes involve a fictitious third party, such as a law firm — typically target companies that work with foreign suppliers and use wire payments. The attackers study their victims’ business practices and routines before they strike, and may even know when the spoofed executive will be traveling.
“The fraudsters’ requests may not be out of the realm of how the business normally operates,” Stephens says. “A CEO who’s traveling may have an opportunity come up with a client, and they may need payment immediately. Employees want to help, so they’ll comply.”
Ransomware attacks, in which criminals lock files or programs until a sum of money is paid, are also on the rise. These attacks are usually spread through infected websites, pop-up ads, or email attachments. Victims will see a pop-up message saying their data has been encrypted and they are instructed to pay a ransom in order to regain access to their files.
As employees increasingly use their personal smartphones and tablets for work, it’s important to set mobile device policies that protect company information. These might include forbidding employees from storing sensitive files on their phones or using unsecured public Wi-Fi connections where hackers can easily intercept information. Consider requiring employees to protect their devices with long, hard-to-guess passwords, and to use only devices that have the manufacturers’ controls intact.
“There’s been a lot of talk about jailbroken or rooted devices, which essentially means they’ve been wiped clean,” Stephens says. “That takes away the security features that have been built into a device, and it can come with a huge risk.” You might consider explaining to employees that these altered devices may jeopardize business data, and they should not be used for work purposes.
We are committed to helping your business succeed. Our dedicated business banking professionals can help you find the right product to match your business’ needs. To learn more about security, please call 1-800-428-7463, visit us online, or visit your nearest Citizens Bank Branch.
IBM and Trusteer Rapport are registered trademarks of the International Business Machines Corporation.