Cybersecurity: It’s a Mutual Responsibility in the Business Community

Cybersecurity: It’s a Mutual Responsibility in the Business Community

The new cybersecurity rules will take effect for banks in 2022. Starting in May, banks must report any major cybersecurity incident to their top government regulator within 36 hours of discovery. Banks must also notify customers if an incident, with impact, lasts more than four hours. Cybersecurity is a mutual responsibility in the business community. These are the strategies recommended by our bank’s CIO to help business owners keep data and information secure.

In 2020, the number of data breaches in the United States it totaled 1,001 cases. More than 155.8 million people were affected by the accidental disclosure of sensitive information due to insufficient information security. Nearly 44% of attacks in 2019 were business-related, followed by medical (nearly 36%), banking (7.3%), government (6%) and educational (8%).

The costs of cybercrime are projected to exceed $6 trillion by the end of 2021. These staggering statistics should give business owners pause and consider what they can do to prevent cyberattacks. Regardless of the size of the company, there are strategies to defend against cyber attacks: protect, plan and practice.

To protect

I recently hosted a cybersecurity webinar for our clients with Nick Ritter, Chief Information Security Officer at First Financial Bank. He explained the strategic construction of a protection plan for IT systems this way: I have a piece of Swiss cheese with all these holes. I put another piece of Swiss cheese with similar holes on top, and the holes don’t overlap. Now we add a third piece of Swiss cheese, and now it’s a solid piece of cheese. In the same way, defense layers are best when combined with other layers to protect the inner circle of your most important assets.

There are several tools available to business owners to defend against cyber attacks. Nick recommends the Microsoft Windows operating system with Defender built-in. Other options are subscription services like crowdstrike and Carbon black. He says these software options tend to be more effective against newer ransomware.

Plan

Develop a plan detailing how to handle cyber attacks and partner with cyber security experts. Take a worst-case scenario and ask yourself, how would you react if your business succumbed to ransomware or a business email compromise? Having a plan before the attack occurs will mitigate the loss. To help small businesses create a plan, the Federal Communications Commission created this Cyber ​​Security Planning Guide.

Also, find a trusted cybersecurity partner to develop a response plan that incorporates best practices applicable to your organization. Nick says when looking for a partner, look for a company with a trusted security professional who understands your business and can provide practical planning tools and advice.

Practice

Practice good hygiene when it comes to cyber security, especially when it comes to banking and accounts that contain credit card information. Share these best practices with staff.

Double checks: Cybercriminals target businesses through email compromise. For example, the hacker, posing as a trusted person, sends an email to an employee saying, “I’m not at my desk right now. Transfer $10,000 to this account immediately.” What is the process for approval? It must involve more than one company representative. If the company doesn’t have dual checks, the employee could transfer the money without a moment’s hesitation. However, with dual checks requiring two people to sign a transfer, there is a greater chance that the company will not succumb to fraudulent hacking.

Password protection: Another practical approach to cyber security is the proper storage of passwords. In our webinar, Nick emphasized that passwords should not be shared. He says that he makes sure they are really complicated, so that people don’t memorize them. And it is important to store them in a password vault. apps like 1 Password are available for a small monthly subscription fee. Change your passwords frequently so that if someone tries to log in as you, the password is wrong.

Multi-Factor Authentication – Multi-factor authentication is crucial to prevent cyber attacks in case your passwords are compromised. According to the Verizon 2021 Data Breach Investigations Report, 61% of breaches involved credential theft. Adding layers of identification helps ensure that only authorized users access your company’s most important data.

Awareness: The final aspect of the practice is awareness. If something doesn’t feel right, it probably isn’t. Be very careful when providing personal information, such as social security numbers, tax IDs, or contact information. Make calls directly to the company to verify the validity of the person or organization requesting your information.

Rick Dennen is the founder, president and CEO of Indianapolis-based Oak Street Funding. a First Financial Bank company with personalization lending products and services for specialized lines of business, including certified public accountants, registered investment advisers, and insurance agents nationwide.

Leave a Comment