Protecting your business online
Published on September 26, 2023 | Webster Bank
Fraud and cybersecurity continue to be important topics for businesses. There are a range of risks – from cybercrime and data breaches to fraud related financial losses. Here are a few ways to help safeguard your business.
Watch out for warning signs
First, it’s worth paying attention to anything that seems out of the ordinary such as:
- Large, unusual transactions from unknown buyers.
- Payment with many different credit cards.
- Rush orders or any type of unusual urgency from a customer.
- A high volume of transactions in a short period of time.
- A customer orders small amounts and pays on time (building trust), then places a very large order (which they don’t intend to pay for).
If you’re not sure whether a transaction is legitimate, implement a few extra steps to double check:
- Call the customer to confirm his/her order.
- Protect against credit card fraud by using security programs like Verified by Visa, MasterCard’s Securecode or American Express Safekey.
- Reject any order you’re still suspicious of and always trust your gut! If it doesn’t feel right, it probably isn’t.
Educate your team
Provide training and regular updates to help your team identify and prevent fraud and spot suspicious transactions. Make sure your team is aware of the consequences of fraud. Develop procedures for your employees so they know how and where to report fraudulent or questionable activity.
Take care of your data
Your business data is possibly your most valuable asset. Imagine if all the information on your computers, laptops, software and devices was wiped clean (either by mistake or by a malicious attack). Reduce the chance of this by:
- Only holding the customer data you need. The more information you hold, the higher your security risk.
- Regularly backing up and storing data securely in a location not connected to your system. You can then restore your data if it’s lost, leaked or stolen.
- Tracking all activity on your website or server. Set up alerts to notify you if an unusual event occurs. Make sure someone checks the logs when an alert comes in.
- Creating an incident response plan to help your business recover quickly and seamlessly as possible in the event of a cyberattack. Perform mock incident response exercises to ensure your team is ready to respond.
- Selecting a cloud services provider who will provide the right services for your business. Review their data and security policies, ask if they support multi-factor authentication, and ensure their data backup strategies will support the needs of your business.
Check that your internal systems are well managed
Part of protecting your business online is putting in place policies that are compulsory for all employees to review and acknowledge (these policies and procedures can state that non-compliance is serious misconduct). Consider asking staff to:
- Provide additional authentication on top of their username and password, when they log into your system, to verify that they are who they say they are. (e.g., two factor authentication).
- Change default passwords and check for default passwords on any new hardware or software. If any default credentials are found, prompt employees to change their passwords.
- Choose novel answers to security questions. Answers like a pet’s name or former street address can be easy for an attacker to obtain.
- Create unique passwords for each account so if an attacker gets hold of one of the passwords, they can’t get access to other accounts.
- Refuse to provide non-public information about your business, especially when requested via email. Non-legitimate emails are very deceptive and try to trick recipients into sharing information that fraudsters can use later. Always verify the sender before replying to an email.
- Be smart with social media. What you and employees post on social media can give cyber criminals information that they can use against you.
Protect your business’s financial information
Cyberattacks are disruptive and can negatively impact your business’s bottom line. After a breach occurs, businesses will generally encounter costs associated with restoring impacted systems, data, networks and devices.
Consider the following to help reduce the chance of financial loss:
- If you need to pay a new supplier, or to change bank details, double check it using trusted independent sources before you approve any payments. Do this for any unusual or unexpected requests.
- Check bank statements regularly as that could be the first sign that someone has accessed your accounts. Notify your bank immediately if you see something suspicious.
- Regularly check your credit report to alert you if someone else is using your identity to get loans or credit.
- Keep an eye on your IT networks and keep your software current with updates to make it harder for attackers to access your systems.
- Enable security software, like antivirus, to prevent malicious software being downloaded to any device that accesses your business data or systems. Free online antivirus software can be fake. Purchase antivirus software from a reputable company and run it regularly.
- Configure network devices like firewalls and web proxies to secure and control connections in and out of your business network. Use a VPN that uses two-factor authentication if you need to remotely access systems on your network.
- Be careful using free Wi-Fi and hot spots without also using a VPN – they are untrusted networks so others could see what you are doing.
Like most things in business, prevention is better than a cure; a little planning now could save you a significant financial cost in the future.
The opinions and views in this blog post are for informational purposes only and are not intended to provide specific advice or recommendations. Please consult professional advisors with regard to your individual situation.