Billions of people were affected by data breaches and cyberattacks in 2018 with losses surpassing tens of millions of dollars, according to global digital security firm Positive Technologies. The sheer volume of major companies – Marriott, Dunkin’, Under Armour, among others – hit by data breaches indicate incidents are on the rise.
In today’s business climate, cybercriminals aggressively target not only large companies but also small businesses with ever-increasingly sophisticated attacks. Spoofed emails, malicious software and online social networks to obtain login credentials to businesses’ accounts, transfer funds from the accounts and steal private information are on the rise.
So, what can and should businesses do to protect themselves? Because cyber-crime can devastate any small business, the best defense is a strong offense. Businesses need to start with a secure IT environment that includes up-to-date anti-virus programs, anti-spyware programs, firewalls and strong passwords that are changed frequently. However, strong IT infrastructure and internal controls are not enough; employee education is key. Hackers seek weaknesses, such as unwitting employees that may fall for one of the countless social-engineering scams that are prevalent today.
Employees need to understand that cyber-crime is a real threat and that cyber security must be taken seriously. Today’s environment requires that all businesses take the necessary steps to continually educate staff members on safe Internet and email practices. By instilling a ‘think before you click’ attitude throughout the organization, a business can significantly decrease its vulnerability to cyber-crime.
With that thought in mind, it is important to remember that despite best efforts, mistakes can happen. What is crucial is what happens next. Every member of the team needs to clearly understand that if they suspect that they, (or someone else) may have mistakenly opened a suspicious email attachment or possibly revealed sensitive information – they need to report it to the appropriate people as quickly as possible. If your workforce understands that by alerting management and network administrators – the issue can be addressed, they may be more likely to alert you to a possible problem. Begin monitoring for any suspicious or unusual activity, immediately change passwords that might have been revealed, etc. (If the same password is used for multiple resources, change it for each account and do not use that password in the future).
When it comes to your banking, combating account takeover is also a team effort between you and your bank. Your Banker will be happy to discuss the safeguards small businesses need and the programs available that can ensure fund transfers, payroll requests and withdrawals are legitimate and accurate. In addition to constant internal education, Mission Valley Bank works with clients to establish and explain safeguards small businesses need to protect themselves with online activity.