Combat rising business fraud with these strategies for cybercrime prevention.
According to a 2019 report by Cybersecurity Ventures, cybercrime will cost the world in excess of $6 trillion annually by 2021, up from $3 trillion in 2015. Unfortunately, data breaches and other types of cybercrime aren’t exclusive to large companies. In fact, small and midsize businesses are particularly vulnerable. Cybercriminals consider these businesses easy, lucrative targets, as most lack the resources larger companies can devote to cybercrime prevention.
Regardless, the good news is that protecting your company's data doesn't require a fortune 500-level budget. Instead, what's needed is a layered approach.
Build a Culture of Awareness
All the technology in the world can’t protect your data from breach if employees, customers, and other users don’t understand the threats they face. The first step is to create a culture of awareness across your team through training and ongoing reminders. Training should include best practices for handling sensitive data and how to recognize business email compromise. You may wish to commission an independent vulnerability assessment, which can be a relatively inexpensive way to uncover vulnerabilities and learn how to prevent them.
Take a Risk Base Approach
Make sure company policies align expectations for access to and protection of your companies most important assets. These policies should address safe handling of data, who has access to certain data, and how employees may or may not use personal devices for company business.
From there, reinforce these policies with technology, such as requiring appropriately complex passwords and setting up multifactor authentication (MFA). In fact, according to Microsoft, users who enable MFA for their accounts can block up to 99.9% of automated attacks. Further, research by Google showed that adding a recovery phone number to a Google account can block up to 99% of bulk phishing attacks and 66% of targeted attacks.
Users should also consider requiring dual controls on their accounts. For example, requiring secondary approval for all transactions over a certain dollar threshold, or all transactions in general, can help tighten security on your accounts. If possible, ensure the originating employee cannot approve their own transaction. What’s more, performing daily account reconciliations can help your company identify issues earlier and potentially recover the funds quicker.
Use Layers of Technical Controls
It’s a given that companies should install and maintain antivirus and anti-malware software, but it’s equally important to understand the limitations of these applications. Encryption is an additional level of data protection — and if you do store your data in the cloud, don’t assume every vendor offers the same level of protection. Review your service provider’s Service Organization Control (SOC) reports, paying special attention to the Complimentary User Entity Controls (CUECs). These CUECs are the controls that subscribing businesses like yours must implement to ensure effective control of their outsourced environments and services.
Create a Response Plan
When it comes to solid cybersecurity, cybercrime prevention alone isn’t enough — companies must also be proactive. Developing a comprehensive cybersecurity response plan can ultimately help minimize the potential damage caused by a data breach or other event. Your cybersecurity plan should include a data breach response plan that’s tactical in nature. Within this plan, identify a team capable of reacting swiftly when issues arise, whether a potential threat or an actual breach. In addition to technical experts, your team should also include individuals designated to handle external communication, legal issues, and risk management. Each individual should also have the authority to make quick, informed decisions. Part of planning may include a cybersecurity insurance policy, which can limit the financial impact of certain incidents.
In the end, there is no magic bullet to preventing cybercrime, but developing a security culture mindset is an important step toward safeguarding your business.
For more tips on how to protect your business against cybercrime and other fraud resources, visit www.regions.com/fraudprevention.
Regions reminds its customers that they should be vigilant about fraud and security and that they are responsible for taking action to protect their computer systems. Fraud prevention requires a continuous review of your policies and practices, as the threat evolves daily. There is no guarantee that all fraudulent transactions will be prevented or that related financial losses will not occur. Visit regions.com/stopfraud or speak with your banker for further information on how you can help prevent fraud