Cybersecurity assessment is key to threat prevention

About six in 10 small business owners are very or somewhat confident that they could quickly resolve a cyberattack on their business, according to a small business survey done by CNBC. Are you prepared to do the same for your small business?

“A common misconception about cybersecurity is that it’s only the responsibility of the IT or cybersecurity professionals,” says Jon Densmore, VP, Chief Information Security Officer at First Mutual Holding Co., First Federal Lakewood’s holding company. “The truth is that cybersecurity is every employee’s responsibility. Everyone who works at your business must be diligent, aware and always on top of protecting their data.”

Smart Business spoke with Densmore about the most common cyberattacks and how businesses can protect themselves.

How can a business assess its cybersecurity risk?

Whether you just started your business or you are a seasoned business owner, assessing your cybersecurity risk is key to cyberattack prevention. There is an option for every budget. Full-service external auditing firms are available for hire to do assessments, phishing tests and more. There are also a variety of low-cost and free resources that every business owner can take advantage of, including CISA.gov for free assessment tools and FFIEC.gov for keeping score on how your business is doing with cybersecurity controls.

Whether you choose to contract someone to do a security assessment or you do it yourself, assessing your cybersecurity risk can save a lot of grief and can save your business in the long run.

What are common cyberattacks and what can businesses do if they are affected?

Cyberattacks come in many different forms. One of the most common are phishing emails, where attackers trick recipients into opening attachments or links. These attackers have an end goal of stealing sensitive data, credentials, and implementing malware or ransomware onto computers.

Business email compromise (BEC) is a form of phishing and targets businesses. BEC results in more losses to companies per year than any other form of attacks. BEC can look different each time. Every employee of a business should be aware of email scams that come in claiming to be from the business owner. These scams tend to ask that the employee urgently wires money or buys gift cards for a company event. Attackers imitate vendors as well through phone calls or emails that claim they changed banks and tell the employee to send money to a new bank account.

How can small businesses protect against cyberattacks?

Prevention is key and it is much easier to keep an attacker out than clean up after they are in. Buying cyber insurance is a great way to help offset the cost of data loss. Insurance agencies usually have resources and tools to do audits to make sure your business is set up properly.

It is crucial to have backups of your data, too. A good rule of thumb is to have three copies of your data in two separate locations online, plus a copy that is offline on a hard drive. Also, making sure that your data is encrypted is a great way to protect you and your business. Encryption assures that your data is unreadable if stolen, and this free service is available through common software like Office 365 and Google Workplace. If you are working with other software, always check that encryption is available. Lastly, set up email headers in your system that warn your employees when an external email comes in. These email headers indicate that the email is from an outside source and helps employees be aware of potential scams.

Fraud prevention products like positive pay and ACH origination should be at the top of your list when choosing a bank for your business. Positive pay deters check fraud by intercepting suspicious checks that are submitted and ACH uses an encrypted system that keeps your business’s information protected.

Cybersecurity does not have to be daunting. Start with the basics, utilize free resources, implement strong policies and procedures, and train your employees to look for phishing attempts. Cybersecurity protects your business’s data, customers’ data and ultimately, everyone’s jobs. ●

INSIGHTS Banking & Finance is brought to you by First Federal Lakewood

Jon Densmore

VP, Chief Information Security Officer
Contact
Discover First Federal Lakewood’s business banking services that can help with fraud prevention.