This article was previously published in Providence Business News
“Who’d go after a business like mine?”
That’s a common misperception: that cyber thieves only go after big targets, like Equifax, the Pentagon or, yes, Target. Those massive data breaches might convince you that your company can escape notice.
Not true: Cybercriminals go after the firms that haven’t boosted their data defenses — and more than 70 percent of cyber attacks target small businesses, according to the National Cyber Security Alliance.
Your data is more valuable than your money.
While cyber thieves still covet your bank account, banks utilize advanced fraud-protection systems to thwart them. So criminals keep developing sophisticated ways to go after your data directly. They use social engineering—playing off an honest person’s trust—to trick you into sending them your hard-earned money or precious data. For example:
Imagine you’re on the road. A member of your HR team gets an email, ostensibly from you: “I’m traveling and need the employee payroll files. Please forward.” HR knows you’re away, so dutifully sends along the files — complete with social security numbers and other private data that will quickly be for sale on the dark web.
Welcome to the brave new world of cyber theft. Today’s hackers are not only IT savvy, they’re also savvy business people. Cybercrime is their full-time job, and their business model is finding new ways to attack yours. Sometimes they penetrate your systems and wait for six months before they strike.
No wonder why 60 percent of small- and mid-sized business fail six months after a data breach, according to the National Cyber Security Alliance. The economic and reputational fallout can even be worse than the breach itself.
Cybersecurity isn’t an IT issue. It’s a business issue. And the cost of prevention is minimal compared to the cost of a recovering from a cyber fraud event.
Every business needs a Cyber Awareness Plan.
How can you plan head? Like any security issue, you need levels of mitigation.
At home, your doors may have a bolt lock, a chain and an electronic alarm system — three layers of protection. A burglar will skip your house and go where the back door is unlocked.
The same principle holds true for your business: the more levels of mitigation you prepare, the more likely a cybercriminal will look elsewhere.
Start by forming your own Cyber Awareness advisory council of key players:
- Your IT manager, to make sure you have:
- an off-site, segregated network for your intellectual property and financial information;
- a systematic process to back up files to that site; and
- a protocol for changing passwords regularly (keeping them somewhere safer than a desk drawer);
- Your accountant, who can help review your internal controls and safeguards, especially determining who has—and needs—access to your banking and other important records;
- Your insurance agent, to provide liability coverage for a breach — not to mention business interruption costs and recovery fees;
- Your lawyer, to make sure you report the attack according to disclosure laws;
- Your public relations advisor, who must be ready with an action plan to manage the blow to your business’ reputation; and
- Your banker, who should know your plan and how it can dovetail with the bank’s own protections.
You’ll also want to ensure your bank offers a positive pay service. It enables them to compare the checks you write against the data in their system. Most banks offer a form of positive pay. If yours doesn’t, that’s a red flag.
The time to bring your team together is now — before an attack.
A successful Cyber Awareness Plan requires training, refresher courses, and regular drills to keep employees up-to-speed on the emerging threats. In a data breach, you’ll all have a carefully thought-out and well-practiced plan — getting your business back to normal faster.
The fact is, cyber security isn’t something you delegate. You’re the one in charge — and the one who’ll deal with the backlash from a data breach. The good news is, you don’t have to face the problem alone: With the advisors and resources at hand, you can take steps now to make your business more secure from now on.
Laurance A. (Larry) Selnick, CTP, Director, Treasury and Payment Solutions Sales, at Webster Bank has nearly 40 years of experience in cash management systems and bank operations.
The opinions and views in this blog post are those of the authors, and are not intended to provide specific advice or recommendations for any individual.
All credit facilities are subject to the normal credit approval process. The Webster symbol is a registered trademark in the U.S. Webster Bank, N.A. Member FDIC .
© 2018 Webster Financial Corporation. All rights reserved.