Fraud and cybercrime are on the rise. Is your small business ready?
According to a recent Federal Trade Commission Report, consumers reported losing more than $5.8 billion to fraud in 2021, an increase of more than 70 percent over the previous year.
Small business owners already have a lot on their plate, between labor shortages, supply chain failures, rising costs and by the way, a global pandemic, and the distraction that these shared challenges pose can easily become yet another headache, in the form of cyberattacks.
Banks are noticing there's even more fraud now than ever before -- and hackers are not just targeting large corporations. Cyber criminals know that the smaller a business is, the less likely they are to have a locked-down cyber security strategy, so they are targeting "mom and pop" shops in rising numbers.
The good news is that this frenzy of online fraud strongly prefers an unprepared target -- and there are easy ways to make a small business hard to hack. If you follow these steps, many cyber criminals will just move on. Analysis indicates a strong way to reduce cybercrime is by investing in enhanced controls over administrative access and functions related to business accounts and layered security using multiple and independent controls.
Here are six nontechnical steps business owners in Illinois can take to protect themselves:
1. Knowledge is power; be aware. Staying close to what's going on in your financial records so you can catch cybercrime as soon as it happens -- or tries to happen. Periodically perform a self-identified risk assessment to evaluate the effectiveness of the controls your bank has in place to minimize the risks of online transaction processing. Pay close attention to credit card and bank statements for any unauthorized charges. Check your credit score regularly to further ensure you know what's going on with your personal information.
2. Lead with clarity. Establish clear password, website, computer and network security protocols for your business. It's important that not only you -- but every member of your team -- follow the same protocols. Some of these protocols should include:
• Protect your account. Don't share your User ID or password with anyone. Make sure you safeguard your User ID and password information, and never leave it written down in an unsecured location.
• Change it up. Create a unique User ID and password for each site that you visit. Don't use the same identifying information on multiple websites. In the case that a website was to be breached, it will make it harder for hackers to access your data. This also prevents you from having to update all of your credentials if one site is compromised.
• Strength in numbers (and characters). Create strong passwords that contain a mix of uppercase letters, lowercase letters, numbers, and special characters (!@#$%^&*). The longer the password the more secure your account and data will be.
• Change is good. Many websites force password changes every 30 or 60 days. If a website doesn't do so, take the initiative and change your password on a regular basis.
3. Gather your arsenal. You likely have more options for fighting hackers than you realize. Take some time to understand the security features of the software and websites your business uses on a daily basis and take advantage of these features. More specifically this may include the following:
• Get the software. Use your computer's security monitoring software that includes anti-virus, anti-malware and firewall functions, and take advantage of security features like individual login accounts, when possible.
• Stay current. Keep your computer's system security up-to-date by applying patches and updates, whenever they become available.
• Enable passwords. Always enable passwords on your computer, wireless router, or any other physical or wireless system.
4. Embrace checks and balances. Segregating duties so no one person can perform all steps of a transaction is a very important security feature. When two people are involved, it's also an extra layer of protection against phishing and social engineering.
5. Layers are in fashion. Use the layered security options available to while doing online transactions; these options may include transaction thresholds, out-of-band verification (such as telephone or email verifications), fraud detection and monitoring systems, and IP reputation.
6. Be careful out there. When you use online services, be sure to be aware that cyber criminals may be using the same platforms. Protect your information by not divulging anything confidential unless you are sure you are interacting in a protected environment. In general, act under the old saying: better to be safe than sorry.
As good neighbors, and as a bank that serves many small businesses, Byline Bank cares about protecting your privacy and data and hopes the information provided is helpful and helps keep your business safe.
• Stephen Ball is Senior Vice President, Head of Business Banking for Byline Bank.