At Intrust IT, we enjoy sharing what we know to help make our clients and Cincinnati companies more secure.
Even with the best and most effective security in place, there is no way to predict the damage that can be caused by a careless user clicking on a rogue link. Awareness and repetition of best practices for cyber security are a great place to start in the war against cyber crime. This month, we decided to ask several of our front-line team members for their best tips. Here are their thoughts:
Cyber Security Tip 1: Set up ACH block/filter services with your bank.
Many small businesses allow vendors to pull money out of their account via ACH. Unfortunately, this also allows criminals to pull money out of your account without your authorization. Or it may even allow authorized vendors to purposely or accidentally pull out more than they should. Your bank should offer what is called an “ACH block or filter” as an optional service on your account. This will allow you to limit who can pull out of your account, and how much they are authorized to pull.
Sometimes there is a nominal fee for this service, but you might be able to have the fee waived. Having this service is especially important if you have a line of credit and your account is configured to pull from that LOC if you overdraft your primary account. Once you have the service enabled there is some setup because you have to list who is authorized to use ACH, but after that setup there isn’t much work required.
--Tim Rettig, President
Cyber Security Tip 2: Be aware of your vulnerabilities from vendors, suppliers or anyone you do business with.
Your company can be affected even if you aren’t directly breached. Any company that you do business with could leave you vulnerable to loss of funds if they are the ones that suffer a breach. For example, if someone you do business with encounters an email compromise, the guilty party may locate invoices in their email from someone at your company. Then, it is not difficult for the cyber criminal to spoof the email and resend it with new payment routing information. You will lose funds without you ever being directly involved in a breach.
Make sure to routinely communicate with anyone you do business with how you will relay payment or invoicing changes. It is recommended to draft a policy that includes a combination of email, standard mail and phone notification to all applicable points of contact. Then, communicate that policy to any clients, vendors or partners on a recurring schedule. Stress to them that if they receive any communication regarding changes to payment or invoicing that they contact their point of contact at your company via phone directly prior to initiating any changes on their end. Let them know to do this even if they have received the change notice via your specified means.
--Josh Rees, Account Manager
Cyber Security Tip 3: Set up multi-factor authentication wherever you can.
Both Microsoft and Google have recently stated that multi-factor authentication (MFA, 2FA or two-step verification) can stop 100 percent of automated bot attacks and 96 percent of bulk phishing attacks, even if your username and password have been breached. You should enable MFA wherever possible: It makes it much, much harder for an attacker to breach your accounts.
--Dave Hatter, Cybersecurity
Cyber Security Tip 4: Follow update procedures for your systems… and your knowledge, too.
Keep yourself up to date on the latest cyber threats, and make sure you update your operating system and applications to the latest versions.
The world of cyber security is a never ending battle, and cyber criminals are constantly evolving and changing their tactics to launch attacks. With the financial impacts of cybercrimes multiplying each year, it is critical to stay up-to-date on how companies are being attacked and what you can do to protect yourself.
Attackers also often rely on known vulnerabilities which people don’t have patched to launch their attack. Keeping your operating system and its applications up-to-date reduces the risk of getting your machine infected.
--Chaim Black, Systems Engineer I
Cyber Security Tip 5: Remember you are not invisible and small businesses are a top target.
There is a common misconception among small business owners that they are flying below the radar. Sadly, the opposite may be true. Small- to medium-size businesses are a prime target. Be aware that every odd email or strange website may be a risk that could bring your business to a halt. Awareness is a great place to start.
--Chad Adams, VP of Operations