Cybersecurity is a constant concern for small businesses and with the latest Russian cyber threats it is becoming even more important for small business to be more vigilant with their cybersecurity plans.
The financial services industry is highly focused on cybersecurity for all customers, including small businesses.
- Banks and other financial services companies have made cybersecurity a top priority.
- Banks have the highest level of security among critical U.S. industries—including energy and telecommunications—and the most stringent regulatory requirements.
- The banking industry works hand-in-hand with the Department of Homeland Security, the Treasury Department and the Financial Services Information Sharing and Analysis Center to ensure the security and resiliency of the banking system.
The Virginia Bankers Association and Virginia bankers recommend these tips to keep your small business safe.
- Educate your employees. Establish basic security practices and policies for employees, such as requiring strong passwords and establish appropriate Internet use guidelines, that detail penalties for violating company cybersecurity policies. Establish rules of behavior describing how to handle and protect customer information and other vital data.
- Protect your online environment. It is important to protect your cyber environment just as you would your cash and physical location. Do not use unprotected internet connections. Encrypt sensitive data and keep updated virus protections on your computer. Use complex passwords and change them periodically. Set antivirus software to run a scan after each update and install other key software updates as soon as they are available.
- Partner with your bank to prevent unauthorized transactions. Talk to your banker about programs that safeguard you from unauthorized transactions. Positive Pay and other services offer call backs, device authentication, multi-person approval processes and batch limits help protect you from fraud. Sign up for text or email alerts offered by Virginia banks to warn of suspicious activity on your accounts.
- Employ best practices on payment cards. Work with banks or processors to ensure the most trusted and validated tools and anti-fraud services are being used. You may also have additional security obligations pursuant to agreements with your bank or processor. Isolate payment systems from other, less secure programs and don’t use the same computer to process payments and surf the Internet.
- Create a mobile device action plan. Mobile devices can create significant security and management challenges, especially if they hold confidential information or can access the corporate network. Require users to password protect their devices, encrypt their data, and install security apps to prevent criminals from stealing information while the phone is on public networks. Be sure to set reporting procedures for lost or stolen equipment.
- Secure your Wi-Fi networks. If you have a Wi-Fi network for your workplace, make sure it is secure, encrypted, and hidden. To hide your Wi-Fi network, set up your wireless access point or router so it does not broadcast the network name, known as the Service Set Identifier (SSID). Password protect access to the router.
- Understand your responsibilities and liabilities. The account agreement with your bank will detail what commercially reasonable security measures are required in your business. It is critical that you understand and implement the security safeguards in the agreement. If you don’t, you could be liable for losses resulting from a takeover. Talk to your banker if you have any questions about your responsibilities.
The Federal Communications Commission offers this Small Biz Cyberplanner, an online resource to help small businesses create customized cybersecurity plans.