Five Ways to Improve Your Business's Data Security

Mark Van Divner, Chief Information Security Officer, First Republic Bank
May 13, 2014

Small businesses have become increasingly vulnerable to data-security breaches. The 2014 Data Breach Investigations Report by Verizon found that 81% of crimeware incidents today start via online activity, such as unknowingly downloading a program off a web site that contains hidden malware or viruses that can then be used to break into the user’s computer.  Although antivirus solutions play an important role in protecting businesses’ computer systems from commonly known viruses, they are not as effective in stopping sophisticated financial malware such as Zeus and Citadel. 

Unlike most large corporations, small businesses often lack robust information systems and IT security staff that can help protect against hacking and other types of data breaches. And unfortunately, today’s fraudsters are getting far more sophisticated in their ways. Some now use social media to research business owners’ personal and professional networks and con those contacts into providing sensitive business information such as account numbers or performing financial transactions. New computer viruses and malware are making it easier for cyber thieves to steal passwords and commit fraud. 

In light of these growing security risks, business owners  should evaluate their data-security procedures to ensure that they are strong enough to thwart today’s sophisticated fraudsters. Here are five key steps to shielding business and personal data:

  1. Build a secure infrastructure. It’s important to use layered security technologies to thwart cyber attackers and hackers. This includes confirming that all business computers have updated operating systems and applications with the latest security patches—which are released by software developers to address vulnerabilities to computer viruses or hacking. Antivirus, spam detection and filtering software should be installed on every computer and the network should be protected by a properly configured firewall. Depending on the company’s security concerns, it may even want to invest in intrusion detection and monitoring systems that provide an extra level of protection.

  2. Consider data encryption software. Encryption uses a mathematical algorithm to scramble readable text so that it can’t be read except by someone who has the key to “unlock” it. It can be especially useful at preventing hackers from getting sensitive business information, whether email correspondence or documents stored on a computer system or portable media.

  3. Use hard-to-crack passwords. Fraudsters who uncover even one password can log onto accounts and steal sensitive information or money. Business owners and employees should be required to use unique and different hard-to-crack passwords for every account, including their work and personal email. The password should be more than eight characters in length and complex in construction so it is not easily guessed.

  4. Protect mobile devices. As employees conduct more business remotely, it’s important to be sure the mobile devices they’re using are secure. This includes requiring a power-on password and local data encryption. Employees’ mobile devices should be configured to use only protected/encrypted wireless connections at work and while using public networks (“hotspots”) at, say, a coffee shop or airport.

  5. Educate employees on the risks. Employee awareness is paramount. With more people working remotely and using email and personal devices to communicate, they must be instructed on how to avoid exposing themselves to fraudsters. This includes instructing them not to click on links in emails or texts from unfamiliar sources and verifying the identity of anyone who requests sensitive business or account information. Businesses should also use dual authorization—meaning two separate individuals must authorize a transaction—when making financial transactions such as electronic funds transfers.

First Republic Bank provides a courtesy Internet Security Health Check to its small business customers. An information security specialist comes to the company to review security-related controls such as Internet browser settings, operating system updates, wireless security, firewalls, antivirus software and spam filters to ensure proper configurations for optimal protection against malicious activity. Businesses can also receive Trusteer Rapport, a highly regarded software program that protects against financial malware, at no cost. Commercial clients who install Trusteer Rapport on each system used for corporate online banking will receive a $100 credit to their First Republic account. Clients must verify that they have installed the software to receive the credit. Through June 30, 2014, consumer online banking customers can receive a $25 credit for installing Trusteer Rapport. Trusteer Rapport offer also applies to Private Wealth Management clients. Contact your banker for more information.

Deposit and loan products are offered by First Republic Bank, Member FDIC and Equal Housing Lender.

First Republic Private Wealth Management encompasses First Republic Investment Management (“FRIM”), First Republic Trust Company (“FRTC”), First Republic Trust Company of Delaware LLC, and First Republic Securities Company, LLC (“FRSC”), Member FINRA/SIPC. FRIM is a SEC Registered Investment Advisor. This document is for information purposes only and is not intended as an offer or solicitation, or as the basis for any contract to purchase or sell any security, or other instrument, or to enter into or arrange any type of transaction as a consequence of any information contained herein. Investors should seek financial advice regarding the appropriateness of investing in any securities, other investment or investment strategies discussed or recommended in this report and should understand that statements regarding future prospects may not be realized. Although information in this document has been obtained from sources believed to be reliable, we do not guarantee its accuracy, completeness or fairness, and it should not be relied upon as such. This document may not be reproduced or circulated without our written authority. Products and/or services offered by First Republic Securities Company, LLC, and First Republic Investment Management are not deposits or obligations of, or insured, guaranteed or endorsed by any bank, Federal Deposit Insurance Corporation, the Federal Reserve Board, or any other agency, entity or person. The purchase of securities involves investment risks including the possible loss of principal.