Of all the data your business stands to lose in a cyberattack, financial data may present the worst potential for serious harm. Banking information, credit cards, tax forms… In the wrong hands, these types of financial data can be misused in ways that will, at the very least, inconvenience employees and customers – and, at worst, put you out of business. Fortunately, there are steps you can take to protect against attacks targeting your financial data.
Start by using the same measures to protect financial data that you use to protect all the data in your organization: up-to-date virus protection, secure networks and firewalls, and strong password policies. (The two most common passwords in the world are “123456” and “password” – avoid these and other easy-to-guess choices to make it tougher for cybercriminals to access your systems.) You should also take password protection a step further by extending it beyond networks and systems to include files. When someone sends a financial document via email, for example, the attachment should require a password to open. If you regularly send and receive information from tax providers, or you file your taxes electronically, consider the web browser you’re using, too. For example, Firefox offers security add-ons such as NoScript and HTTPS Anywhere that can help prevent malware attacks.
The best defense against cyberattacks on financial data is a well-informed workforce. Raising employees’ awareness of the online risks to financial data and teaching them best risk-avoidance practices are critical steps to take. For example, make it company policy to avoid public Wi-Fi when looking at banking or tax information, or to turn off Wi-Fi and Bluetooth settings when they’re not in use. What’s more, ensure employees know why you’re asking them to do these things and what can happen if they don’t; if they understand the potential impact, they’ll be more likely to make an effort to remember policies and procedures. You can also help by making sure any employee devices used to access financial data are strongly password-protected, and by using the latest mobile security software and operating systems. Consider security software that will check outbound email for potentially sensitive information like credit card numbers or tax data, and quarantine such messages for further approval before transmission.
Be on alert
Sometimes, financial data breaches happen even when you’ve taken every measure you can think of to prevent them. That’s why it’s important to make sure you know when something’s at risk or is actually being attacked. The sooner you become aware of a problem, the sooner you can act to limit the damage caused. The security software mentioned above is a good example of having technology in place that spots potential issues and alerts you. Regular monitoring of security logs and other reports is also important; be sure your IT team or IT provider puts processes in place to identify anomalies like unknown IP addresses or unfamiliar file transfers that may signal trouble. Once spotted, those anomalies can be blocked to prevent data access.
It’s impossible for anyone to completely eliminate the risk of being hacked, even though you can do much to reduce it. That’s why you need to act quickly to minimize any damage in the event of an attack. If the financial data loss is in a form that poses monetary risk, such as an unauthorized funds transfer, contact the bank that’s involved immediately. The sooner you do, the better your chances of not losing your money. Also, as soon as you become aware you’ve been attacked, let your IT team or IT provider know so that they can stop the damage from spreading. They’ll work with you to make sure passwords get changed across systems and may take steps to limit access to the network until everything’s under control. That said, the most important measure should start long before an attack ever takes place. Regularly perform backups of your critical financial data, using a reliable, secure solution that makes it quick and easy to restore data if needed. With backups in place, you can continue doing business following a data breach.
No one likes to think about the prospect of financial data being compromised, but if you don’t give it some thought now, you run the risk of paying a high price later. As always, contact MyITpros if you have questions about the security of your financial data or other important business files.
The purpose of this blog is to answer the questions you ask! We take cyber security very seriously- check out related posts on how you can secure your business here. If you're interested in disaster recovery, IT basics and more for small businesses, head to our resource center!