Many businesses scrambled to adapt to a virtual world when COVID-19 hit. But did you remember to lock your doors against cybercriminals?
If you run an office or a store, there are always nightly closing rituals. You put the money in the safe, clean up, lock the doors and turn out the lights.
1. Plan for worst-case scenarios
What will you do if someone hacks into your business or engineers a fraudulent money transfer? It’s important to be able to respond quickly.
Kelly suggests writing up a plan and running drills to test it. “Most organizations have a fire drill or a life-safety drill,” he says. “Cyber drills are no different. Look at a scenario, and think about how you design for it.”
And if a hack or a mistake shuts down a vital system, have a plan B. Find a workaround that allows you to keep as much of your business running as possible.
2. Assess your vulnerabilities
If you’re not a techie (and even if you are), you might not know the risks you and your employees are taking. Bringing in an independent contractor to audit your technology systems and processes is one way to get ahead of those risks. A contractor can uncover hidden dangers such as unpatched software, insecure processes or compromised systems.
“Even if you’re simply establishing a baseline, there are a lot of benefits to an independent audit,” says Kelly. “It gives you an idea of where the big things are that you’ll want to address.”
3. Pay attention to email
Verizon’s “2019 Data Breach Investigations Report” found that more than 90% of detected malware arrived via email. One big reason is the number of ways email can be manipulated.
An employee might receive a seemingly innocent attachment only to discover it carries malicious software, known as malware, that could take down a single computer or your entire network. Emails can also contain links leading users to websites that automatically download malicious code onto their computers. This type of code sometimes can’t be prevented using traditional antivirus software alone. And if a colleague’s email account gets broken into, a hacker can pose as a trusted sender and trick you or someone at your company into sharing valuable information.
4. Train your employees to detect threats
Another reason email is such an effective way into many companies is that employees don’t always know what to look for and are not fully aware of the risks they are taking when they check their messages.
“Dollar for dollar, training has the most positive effect on reducing the risk of cybercrime,” Kelly says.
Phishing emails, which are messages sent by someone posing as a reputable sender, often have small details changed or contain odd phrasing. With good training, employees will know to ask questions, double-check procedures and verify requests via other sources. One effective technique is to send test emails that can track whether employees click links or follow a direction contained in a message. If they do, then the system can display educational materials or you can follow up to make sure they understand their mistake.
5. Require strong procedures for payments
In the early days of COVID-19, many of the usual processes and procedures had to be reimagined. That opened up new opportunities for invoice fraud.
“You always want to be looking at your payment processes,” Kelly says. “Where are there possible weak points?”
For example, after COVID-19 started, Kelly saw an increase in invoices sent via spoofed, disguised or hacked email addresses. Thieves who spent weeks and even months observing workers were then able to imitate language and processes perfectly. That’s why Kelly recommends being skeptical of all invoices and having client, vendor and bank phone numbers handy so that you can easily verify any payment or bank charge.
6. Lock down your passwords
Passwords should be complex, but they don’t need to be hard to remember. Do you have a favorite singer? Then you might have a few strong passwords already humming in your head.
“I would take part of a good song verse and use that as your password,” says Kelly. “A song verse has multiple words. You’re going to be able to remember it.”
Kelly also recommends keeping passwords in a secure place. Rather than pasting your passwords into a spreadsheet, consider using a password manager with strong encryption. These high-tech tools can keep hundreds of passwords safe and are easy to use.
7. Not sure what to do? Breathe
Hackers prey on stress and confusion. If you’re unsure how to proceed, pause and investigate your suspicions. If you experience any unusual requests or think you might be a victim of fraud, you can contact your Chase client service representative immediately or call the Chase Connect® Service Center toll-free at 1-877-226-0071. Government and not-for-profit organizations should call 1-855-893-2223.
Click here to learn more about Chase Business Checking.
Get your CompTIA A+, Network+ White Hat-Hacker, Certified Web Intelligence Analyst and more starting at $35 a month. Click here for more details.