Fraudsters regularly employ social engineering tactics on business employees to trick them into providing sensitive business information such as account numbers or perform financial transactions. Fraudsters are also now getting more sophisticated in their tactics – often using social media to research business owners’ personal and professional networks to target their next victims. In addition, new computer viruses and malware are making it easier for cyber thieves to steal passwords, hold your data for ransom, and commit fraud.
In light of these growing online security risks, business owners should evaluate their cybersecurity procedures to ensure that they are strong enough to thwart today’s sophisticated fraudsters. Here are five key steps to shielding business and personal data:
- Build a secure infrastructure. It’s important to use a layered security approach by having multiple technologies in place to thwart cyberattacks. This includes confirming that all business computers have updated operating systems and applications with the latest security patches—which are released by software developers to address vulnerabilities to computer viruses or hacking. Antivirus, spam detection and filtering software should be installed on every computer and the network should be protected by a properly configured firewall. Depending on the company’s security concerns, it may even want to invest in intrusion detection and monitoring systems that provide an extra level of protection.
- Educate employees on the risks. Employee awareness is paramount. With more people working remotely and using email and personal devices to communicate, they must be instructed on how to avoid exposing themselves to fraudsters. This includes instructing them not to click on links in emails or texts from unfamiliar sources and verbally verifying payment instructions or sensitive account information. Businesses should also use dual control—meaning two separate individuals must authorize a transaction—when making financial transactions such as electronic funds transfers.
- Consider data encryption software. Encryption uses a mathematical algorithm to scramble text so that it can’t be read except by someone who has the key to “unlock” it. It can be especially useful at preventing hackers from getting sensitive business information, whether it is email correspondence or documents stored on a computer system or portable media.
- Use strong and unique usernames and passwords. Business owners and employees should be required to use unique and complex usernames and passwords for every account, particularly for their online banking account and their work and personal email. The password should be more than eight characters in length consisting of upper and lowercase letters, numbers and special characters. When available, enable two-factor authentication on platforms and systems.
- Protect mobile devices. As employees conduct more business remotely, it’s important to be sure the mobile devices they’re using are secure. This includes requiring a power-on password, biometrics and local data encryption. Such safety measures should be administered through mobile device management to ensure devices follow company policy. Employees’ mobile devices should be configured to use only protected/encrypted wireless connections at work and use personal “hotspots” when in public areas such as coffeeshops or airports.
First Republic offers a range of cybersecurity services to proactively safeguard your accounts and improve your security posture. To schedule and learn more about these services, please contact your Preferred Banker, Relationship Manager, or Wealth Manager.