10 Best Practices to Mitigate Business Financial Cyber Security Risk
Cyber crime is a huge reality today. On one hand there are path breaking innovations in computer and digital technologies, on the other there is a corresponding rise in the sophistication of methods used by hackers and cyber criminals. It is not that Big businesses area their targets only, defense systems that are perceived to be ultra safe are routinely broken into. Statistics on this subject are indeed frightening. Cybercrime attacks have increased by 300% over 2015 and over 43% are targeted at small businesses or startups.
How then is it possible to get around this problem? Here are 10 best practices to mitigate business financial security risk if you incorporate them in your system and daily functioning.
#1Update backup systems – Do not neglect your backup systems as they are an insurance against cyber attacks. Many businesses have back up processes in place but neglect to have them updated periodically. Effective backups apart for cyber attacks will help even in theft and natural disasters. The ideal scenario is to have cloud based backups but off-site storage in one or two locations is also a good idea.
#2Inform your customers – If you find that personal and confidential data of your customers have been compromised, do you have a system in place to inform them straightway? This is very important as it gives them an opportunity to change their info and password before any further damage is done. As it is on an average, it takes about 40 days before any cyber attack on company systems is noticed.
#3Secure your financial processes – For financial processes like invoice processing and accounts receivable have a double tier authorization procedure in place. This is especially crucial for large transactions. It is not enough to have an informal setup in place only; keep a record of the authorization policies in writing and documented. If there is any breach and your systems are hacked into, you will find it easy to fix accountability.
#4Be wary of phishing attacks – Phishing is an attempt by hackers to get sensitive and personal data like passwords, credit card details and usernames in the guise of someone known to you like your colleagues or your superiors. For instance you might receive an email apparently from a colleague asking for information through a seemingly innocent attachment. Once you click on it, you give access to cyber attackers. Hence, you should always double check requests through a phone call and validate email addresses and suspicious URLs.
#5Monitor your liquidity position closely – You should closely monitor and supervise your accounts as it reflects your overall liquidity and cash flow position and is most susceptible to frauds and hackers. If you are vigilant and closely track your payment flows and credit reports, any cyber attacks and a security breach can be detected early and corrective action initiated.
#6Software protection – Every computer system has its own software protection. This is usually in the form of regular and standardized anti-virus software. But that in the present scenario is not enough. You should have added layers of protection like firewall protection, cloud based threat protection and endpoint antivirus software for all your systems, servers and devices.
#7Secure portable devices – Employees today often use their personal devices like laptops and smart phones at work but these can be a security risk if not fully secured. The first risk is theft of the device with all company data. Secondly, if they used in public or open Wi-Fi networks they can be vulnerable to cyber attacks. Always have passwords or PIN protection and enable remote operating software so that classified data can be deleted if the device is stolen.
#8Don’t plug in random USB keys – Be careful about inserting USB keys that have been plugged into other devices. Even connecting smart phones or external hard disc drives to your work computer can lead to transfer of virus or Malware to your main business system network.
#9Set secured passwords – Passwords that have your date of birth or anniversary date or your car number is a strict no-no. Have passwords that have numerical and mixed characters in lower and upper case. Make it as long as you can hope to remember. Never share your password with anybody or have one password for multiple sites. Change passwords frequently. To be absolutely sure, use an automatic password generator and select one that you are sure you can keep in your mind.
#10Train your team – You might have the best and most powerful security systems in place but it will all come to naught if your employees do not understand and learn to recognize security threats. Cyber criminals always target organizations through their employees and not the machines as human beings are prone to make mistakes. It is not necessary to be an IT expert but every employee should be trained to have a basic understanding of common cyber threats and how to counter them.