Major data breaches by large corporations make frequent headlines, causing concerned consumers to wonder about the security of their online interactions. The ensuing concerns are painful for all involved–customers face identity theft concerns and companies face the fallout for breaking their customers’ trust.
Since most stories that make the news involve multinational companies, small businesses can be lulled into a false sense of comfort. Unfortunately, the reality for small to medium-sized businesses (SMB) is sobering. According to the U.S. Congress Small Business Committee, 71% of cyber-attacks occurred at organizations with less than 100 employees.
Small businesses are frequently under-resourced with little to no dedicated IT support, making them particularly ill-equipped to handle internet security concerns. While larger enterprises possess vast amounts of data, smaller companies have less secure networks, making them ideal targets. While two-thirds of U.S. businesses identified cyber threats as a top concern, only 52% had an actionable plan in place, according to Hiscox’s 2018 Cyber-Readiness Report. According to the same report, the cost incurred by SMEs after a security incident is $35,000.
While budget constraints are a frequently cited reason for not enacting security precautions, risking a cyber-attack is a cost your organization can’t afford.
Pennsylvania firms have faced the crippling effects of cyber-attacks. A virus called Emotet crippled Allentown’s municipal systems in February of 2018 and spread widely to other industries. The cost of remediation is estimated at a costly $1.2 million, with the cost to local business and government still being calculated.
The good news is that armed with education, training, and a commitment to implementing a series of practical strategies, small businesses in Bucks County can protect themselves and their customers against cyber-attacks. The First can help you along the way.
What is cybersecurity?
Cybersecurity refers to protecting internet-connected systems from criminal or unauthorized access to data. Computer hardware, software, and mobile devices are all vulnerable. Upgrading your business’s practices, protocol and systems will protect against data breaches, fraud, and costly clean-up after the fact when measures to protect your company’s internet security are not heeded.
Almost all cases of cyber-attacks have the goal of accessing personal data to use them in credit card or identity theft. Your customers are ensuring you with their most sensitive information. It is your business’s responsibility to protect that information and their trust.
You can be sure that The First is at the forefront of cybersecurity efforts, meeting and exceeding best practices for the banking industry.
There is a wealth of resources available to small businesses to help protect your business, data, and customers.
The First offers a series of resources outlining how to protect yourself online, including how to secure your computer against cyber threats, strategies to protect your personal information, and security alerts regarding major cyber-attacks. For more information about securing your personal data, be sure to read our article Security in the Mobile Era from our October 2018 newsletter.
Additionally, The Federal Communications Commission offers a Cyberplanner that allows business to customize the information they receive based on their biggest security concerns. The agency also offers a series of other resources for small businesses, including a concise one-page Cybersecurity Tip Sheet that outlines the top concerns for SMBs as well as relevant information from other federal agencies.
Identifying potential scams
A healthy dose of skepticism goes a long way in Internet interactions. Scams can arise and morph frequently, but you can protect yourself following some basic online safety principles.
Emails are an integral part of our daily lives, and as such are a frequent target of cyber-attacks. Train employees to never open suspicious emails or click links or attachments within such messages. Be mindful of messages masked to look like they are from legitimate organizations but request sensitive information, a practice called phishing. Upon close inspection, the email addresses in these scams often reveal that they are not authentic.
When a link from a phishing email is clicked, malware is installed on the user’s computer, which aims to damage or entirely disable individual computers or entire systems.
Unfortunately, scammers often prey on our best intentions, quickly galvanizing to misdirect needed resources following natural disasters. To avoid their efforts, never reply to a campaign directly from an email. Always go to an organization’s site directly. It’s not a bad idea to remind well-meaning employees of this fact when large-scale disasters are widely featured in the news.
While software ensures that scams can quickly spread far and wide, corrupted hardware can also play significant damage. Skimming involves placing an external device over an ATM or credit card scanner that unlawfully reads and records card information. Devices that have been tampered with may also feature a keyboard overlay to record customer PIN numbers. While the criminal has to return to the terminal to receive the stolen data, once in hand, cards can be cloned, and bank accounts can be broken into. Skimmers can be anywhere but are frequently added to more isolated, stand-alone ATMs, and are used most heavily on weekends when the machines will get the most use.
How can you tell if there is a skimming device on an ATM? If you are at a bank that has two terminals next to each other, look at both machines to make sure that they are identical. You can also pull at the parts of the terminal to make sure that no part easily comes off. If the keyboard seems too thick or otherwise seems off, don’t use the machine. If something seems suspicious, report it to the bank immediately.
Secure your computing
Create a firewall
A firewall provides a barrier between your company’s data and those who seek to commit fraud. If one is included as part of your operating system be sure that it is enabled or install free firewall software. Be sure that any remote employees also have home systems that are protected by a firewall.
Ensure that your business runs updates on software to protect against the latest security threats. Install anti-malware on the company network and devices to protect against phishing scams. It’s also a good idea to restrict employee access for software installation on company systems.
If downloading software from online, heed the advice from earlier in this article regarding phishing emails. Be sure that the website is a reputable source. If in doubt, Google the site and read reviews closely. If your browser gives you a warning when you hit “return” on the URL, you need to find a safer, more trustworthy source.
Back up data frequently
You can never be too cautious with your company’s data. Ensure that you automatically backup data including spreadsheets, word processing documents, databases, employee information and financial data in the cloud or at an offsite location. Part of your process should also include frequent checks that backup systems work as projected.
Hide your Wi-fi
To make gaining access to your network more difficult, be sure your wireless network is encrypted, secured, and hidden. Hide the network name setting your router to not reveal the network name.
Don’t overlook mobile devices
In taking steps to secure your business from cyber-attacks, be sure not to overlook mobile devices. One misplaced, non-secured laptop, tablet or cell phone is all it takes to attack your business. Ensure that all devices are password protected. In addition, set protocols for password length and complexity, requiring a mixture of upper- and lowercase letters and numbers. To add an additional level of complexity, set passwords to update frequently, ideally every 60 to 90 days.
Enable two-factor authentication
Despite best efforts, it is possible for employees to fall prey to phishing scams. This is why enacting two-factor authentication is essential, as it limits the damage that can be done if passwords are breached.
Document your policies
After you have completed the hard work of creating your company’s cybersecurity plan, be sure to document it. SMBs frequently relay protocols via institutional memory or word-of-mouth, but it is critical that this not be the case with your cyber security plan. Steps must be outlined in detail, and relevant employees must receive frequent updates on them.
For assistance, the Federal Communications Commission’s Cyberplanner provides guidance on how to begin your document.
If your company has been the victim of a cyber-attack, you must act quickly to limit the scope of potential damage and warn others. For business located in Pennsylvania, you should contact the Attorney General’s office.
USA.gov features a comprehensive list of information regarding the appropriate places to report varying types of fraud.
The First is a secure financial partner for your Bucks County Business
In a fast-paced world where information moves at the speed of light, protecting that data is critical. By arming themselves with information, education, and actionable advice, your Bucks County small business can take significant strides towards preventing cyber-attacks. For more than 150 years, The First has proudly remained independent and committed to our community. Year after year, The First is honored with ratings that put us among the very safest banks for your money. We’ve offered a wealth of experience since 1864 and we’re ready to serve your business today. Contact us or visit your local branch in Newtown, Langhorne, Richboro, Wrightstown, Washington Crossing, Fairless Hills, Jamison, Warminster, Solebury, or Doylestown.