Small and medium-sized businesses should never presume that they’re safe from cyberthreats. The fact is, 99% of all businesses in the U.S. are small businesses, according to the Houston Chronicle. While hackers traditionally target the top 1%, many have realized that they can vastly expand their attack plain by going for the greater 99. Consequently, SMBs are a prime target and therefore the most highly victimized entities, according to Verizon’s Data Breach Investigations Report.
We don’t say this to scare you but rather to encourage pragmatism and vigilance among SMB decision-makers. For starters, that means living by these practices:
1. Education is your best defense against cybercrime
It’s possible that your employees are their own worst enemy when it comes to security hygiene. Simple mistakes like using “password1234” as a credential (and using it for multiple accounts), leaving logged-in devices unattended, and sharing sensitive information over email or on a non-secure public Wi-Fi network can lead to costly data leaks or security breaches. Phishing scams are another grave concern. Nefarious emails that contain malicious file attachments, fraudulent password-reset requests and links to compromised webpages are easy to miss when you’re not looking for them.
By making employees aware of these and other cyberrisks, you can drastically reduce your exposure to threats borne of carelessness or simple user error. Equally important, SMBs that let employees work from their own devices should create rules about what data can be stored on which applications. This will help prevent shadow IT, which is the use of unsanctioned apps for work purposes. Make sure you occasionally reiterate these policies, and remind users of cybersecurity best practices, preferably incorporating new tips based on the latest scams.
2. Have an incident response plan
Antivirus and anti-spam software, keeping applications up-to-date, using two-factor authentication when accessing sensitive data and training employees are all examples of preventative cybersecurity. But when the best laid plans go awry, do you have a plan B? If ransomware locks down your IT environment, will your only recourse be to pay the ransom in exchange for your files?
No one wakes up expecting to be hacked, but if you’re smart, you’ll preempt what that might look like by creating incident-response protocols. These will vary based on the type and extent of the incident, but they may include quarantining infected devices, contacting your security vendor, notifying personnel of what steps they should take, telling customers who have been affected, restoring your data backup (which you hopefully have) and enacting contingency plans to try to minimize disruptions to your business.
3. Make banking security a top priority
Hackers go where the money is, and that’s your bank account. Finance is one of the most heavily targeted industries. Hackers often orchestrate attacks by manipulating users. For instance, they may pose as your bank, and claim that you need to verify your account information or reset your online banking password. When this happens without apparent cause, contact your banking institution immediately.
For its part, your bank should offer additional security measures such as:
- Real-time fraud monitoring.
- Session timeout to limit the amount of time your online banking page stays open unattended.
- Account lockout for password guessing.
- Strong encryption.
At Bank Midwest, we provide all of the above for all of our business banking customers. Cash management customers get additional safeguards in the form of a login token (can be a physical dongle or an application download) to be used as a second layer of authentication. They also get free access to Trusteer Rapport™ from IBM, which provides an added layer of security over your anti-virus tools that blocks any attempts at remote data interceptions.
For more information about cybersecurity best practices and how Bank Midwest keeps its customers safe, explore our Security Help Center.