Tackling Cyber Fraud: Five Tips to Protect Your Company
Before you tell yourself it won’t happen to your business, let this sink in: Ransomware will attack a business every 11 seconds by the end of 2021, according to estimates from the research firm Cybersecurity Ventures. These ransomware attacks will cause an estimated $11.5 billion in damage. And that is not even counting attacks on individuals, which occurs with even greater frequency. Thirty percent of companies surveyed in the 2021 AFP Payments Fraud and Control Survey Report said payment fraud in particular is on the rise and the majority blamed adjustments brought on by the pandemic. So, what can you do to safeguard your organization? Let’s consider some practical tips.
Security By Design
Make sure you invest in the basics. This includes installing and regularly updating antivirus and anti-malware software on all devices, requiring employees to use strong passwords, using two-factor or multi-factor authentication, installing a firewall and monitoring it, and limiting employee access to business-critical data. When analyzing what went wrong in the wake of an attack, experts often discover the victim invested in the wrong tools or processes. When seeking a partner in business-critical processes like accounts payable, look for someone who knows how to protect an organization — someone who understands the mindset of cybercriminals and the vulnerabilities they seek to exploit.
Used to deter hackers from accessing sensitive information, data encryption is an important line of defense in your online security architecture. Every day, we create and share data at an astounding rate. With every email, text message, and transaction, more data becomes available for hackers to exploit.
Your data should always be encrypted, both in transit and at rest. Data in transit refers to the transfer of data between endpoints, for instance, a B2B payment from client to supplier. Data at rest refers to data that is stored in a database, like supplier bank account and sensitive identification information. If this data is compromised, encryption can mean the difference between a devastating security breach and the release of unintelligible ciphertext. Encryption can save your business from non-compliance penalties and help preserve trust with your customers and business partners.
Basic user authentication techniques (an identity and a password) are useless against sophisticated attacks. For this reason, it’s necessary to implement advanced user practices — like context-based, two-factor authentication and third-party authentication. These techniques, while not infallible, will provide a valuable layer of defense.
Advanced authentication adds another layer of protection to help ensure that when a user is accessing your network, they are who they say they are. User accounts are at significant risk from hackers and cyber criminals — a problem that’s increasingly prevalent as remote workers rely on the internet to access sensitive business information from home.
Delete Old Data + Backup Current Data
Cybercriminals do not limit their efforts to active data. Data at rest, in transit and “in storage” are all at risk. Old, unused data stored on networks and in the cloud should be destroyed to keep it out of the hands of criminals. For example, most organizations collect and store sensitive information on its employees and customers. Yet once those employees or customers move on, businesses should remove it from their systems to prevent liability due to any breaches in security.
Backing up your data will mitigate damage in case of a cyberattack. Establish a backup system and routinely assess it to ensure it is working. Remember, it is not just cybercriminals that could compromise your business. A national disaster, fire, equipment malfunction, or an employee error could also jeopardize business-critical data.
Train Your Employees
Business leaders often assume employees understand cybersecurity best practices, but only rarely is that an accurate assumption. Create a culture of cybersecurity awareness by:
Implementing proper password management: Best practices include using long passwords that are not easy to guess, using unique passwords for different systems and utilizing a password manager tool that randomly generates passwords, such as LastPass or Dashlane.
Being on the lookout for “spear phishing” attempts, in which criminals target a person in your organization with the purpose of tricking them into sharing confidential information by posing as a trustworthy source. Train your employees to uncover these schemes: hovering the mouse over a link to confirm the URL before clicking it, and not downloading attachments from unknown sources are two simple ways to thwart phishing attempts.
These are just a few out of the many ways you can defend your organization from cyberattacks. For more tips, visit staysafeonline.org.