According to the National Small Business Association, forty-four percent of small businesses reported being the victim of a cyber attack. Now, more than ever, it is crucial to take preventative measures to help protect you and your business from cyber fraud. The following are practices and procedures that can be put in place to aid prevention:
Employee Practices and Policies
- Employee actions or inactions create the greatest risk. Train employees on cyber security on an on-going basis.
- Create strong policies around password requirements (length, complexity, and expiration), use of e-mail, and internet usage. Prohibit shared ID’s and passwords.
- Require employees to review and sign an acceptable use statement that outlines your security policies and hold them accountable to these policies.
- Limit administrative rights for your employees so they are unable to download malware or viruses embedded in seemingly harmless applications.
- Assign access to data based on each employee’s need.
- Deploy strong network security including a dedicated and actively managed firewall, anti-virus solutions, anti-malware solutions, and intrusion detection / prevention systems.
- Install operating system and ancillary application patches on a regular basis.
- Seal off sensitive data on the network from third party systems.
- Use encryption solutions as appropriate (e-mail, laptops, thumb drives, cell phones).
- Test and validate the effectiveness of controls.
Online Banking Practices
- Use online banking to frequently review account activity.
- Require the use of dual-control for ACH and wire transfer origination.
- Utilize an out of band authentication method to confirm transfer requests (i.e. if a vendor sends you an e-mail including wire instructions, call the vendor back on the phone to confirm the instructions).
- Verify that all online banking sessions are secure.
- Avoid using Automatic Log-In features.
- Do not access online banking from a public computer.
- Utilize other cash management services that add additional protection, such as Positive pay and ACH filter.
- Promptly report suspicious performance (workstation or the web site).