How to improve your business network security

April 05, 2018

Your business may be as vulnerable as any large corporation to data breaches, information theft and all of the liability they represent. But with a little preparation, you can keep your business information secure.

 

In this digital age, data breaches, and all of the liability and headache they represent, have become a fact of life for large corporations. The bad guys, however, don’t just target large companies, and small businesses have a legal and ethical obligation to protect their customers, too. The risks of data breaches continue to increase and businesses need to pay close attention to their network security measures to protect their customers.

Here are some best practices you can use to help keep your business information secure.

 

Don’t ignore the issue

Among information security professionals, there’s a common saying: “If you’ve been ignoring information security, you’ve already been hacked.” U.S. Bank deflects approximately 500 attacks per month. If a customer has trusted you with his or her data, you have a legal and ethical obligation to protect it.

Oftentimes businesses think they’re secure when they are not. There’s good reason for that: Over the last decade, cybercrime has become increasingly sophisticated.

On the small end, plenty of hackers are working alone and may not be motivated by money at all. (In one recent case, a group of teenagers hacked a British service provider just to impress their friends.) At the other end of the spectrum, however, there has been rapid growth in organized cybercrime. Estimates vary, but McAfee claims that as much as $550 billion may be lost to cybercrime every year. Juniper Research expects that amount to rise to $2 trillion by 2019. Groups operating on the large end command resources greater than the GDPs of many countries, with software teams writing viruses and other malware.

Risks may be even higher depending on your industry. The U.S. Department of Homeland Security defines 16 critical infrastructure sectors — industries such as water and agriculture, electricity and financial services — that might be attractive targets not only to criminals but also to foreign governments or other groups seeking to cause damage and panic.

Organizations that rely on data for others’ safety are also prime targets for ransom attacks, where a hacker may take vital data or systems offline unless they are paid off. Several hospitals hit by such attacks in the last several years have been forced offline until they paid the hackers, most dramatically in May 2017 when malware hit the entire British National Health Service. 

 

Implement business solutions to big threats

As a business, your exposure to threats from hackers is less than that of a major corporation, but it may also be harder for you to have the right security expertise. Legal requirements for data and information security vary across countries and states, so it’s important to know your obligations. 

 

Invest in IT security for businesses

If you’re using computers, you need to invest in IT security by putting someone in charge of data security. If you’re not large enough to have a dedicated information security person on your IT staff, you should at least have an IT person with the relevant knowledge and certifications. IT security for businesses can include outsourced data security. However, it’s important to understand that you can’t outsource risk. Make sure any outside firms are accountable to you.

Although there are no one-size-fits-all solutions or rules, there are still guidelines. Depending on your industry, about 3 to 5 percent of your IT budget should be dedicated to information security in some form. This is certainly one function you cannot afford to shortchange; it takes only one data breach or hacking incident to harm your reputation, your customers and your bottom line. 

 

Use a security framework

Investing in good anti-virus software is necessary but not sufficient, and there is no off-the-shelf solution to these problems. Being in an information security role is like trying to predict the weather on a planet where the climate changes every quarter. However, no matter what your specific requirements are, there are general information security frameworks that give you a comprehensive set of controls that will still allow you to sustainably serve your customers.

One useful framework, from the National Institute of Standards and Technology (NIST), is particularly good. While implementing all components of the framework is important, focusing on a small handful of precautions they outline can help you eliminate most of the risk.

  1. Stay rigorously up to date on software patches.
  2. Be careful with who has administrative access to your devices.
  3. Use two-step authentication when accessing your network or email remotely.
  4. Test your employees with fake phishing emails so they know not to click the wrong link when a real one arrives.

 

Guard payments 

In addition to the threats the NIST framework tries to prevent, one other threat is worth mentioning: payment security.

In recent years, hackers have gotten increasingly sophisticated at targeting employees by impersonating executives or others in the company, convincing them to approve fraudulent wire transfers. While these funds can be reclaimed if the fraud is quickly identified, the bad guys have netted over $3 billion from tens of thousands of businesses since 2013.

Businesses of all sizes, from major multinationals to a local dry cleaner, take payments, which means they’re also responsible for protecting customer payment information. If you’re accepting payments, be aware that there was a liability shift in 2013 that puts fraud risk on the business if there is a compromise and you are not up on the latest security, such as chip readers for credit cards. 

 

Final thoughts

Over the last 10 years, threats to data security have grown in sophistication from lone hackers to international crime rings, and that trend is only accelerating. As quickly as we try to adapt to new data and information security threats, especially as more and more everyday devices in the internet of things become connected, we will see a shift from internet security to internet safety. By taking data security seriously, you aren’t just protecting your customers’ information — you’re protecting your customers themselves.

 

Continue reading at usbank.com/small-business.

Learn about U.S. Bank

Related content

Here’s how to create a budget for yourself

Understanding guardianship and power of attorney in banking

How to prepare for healthcare costs in retirement

How much life insurance do I need?

3 types of insurance you shouldn’t ignore

8 steps to choosing a health insurance plan

The connection between your health and financial well-being

Is a Health Savings Account missing from your retirement plan?

7 things to know about long-term care insurance

Is your employer long term disability insurance enough?

Retirement planning in the gig economy

Complying with changes in fund regulations

Small business growth: 6 strategies for scaling your business

Manufacturing: 6 supply chain optimization strategies

Healthcare marketing: How to promote your medical practice

Unexpected retirement expenses

Year-end financial checklist

Risk management strategies for foreign exchange hedging

Liquidity management: A renewed focus for European funds

5 questions you should ask your custodian about outsourcing

Evaluating interest rate risk creating risk management strategy

Key milestone ages as you near and start retirement

5 financial goals for the new year

Reviewing your beneficiaries: A 5-step guide

10 ways a global custodian can support your growth

How to discuss money with your family

4 strategies for coping with market volatility

How to avoid being the victim of a digital payments scam

How to choose the right custodian for your managed assets

Authenticating cardholder data reduce e-commerce fraud

Increase working capital with Commercial Card Optimization

Fraud prevention checklist

7 steps: How couples and single parents can prepare for child care costs

Adulting 101: How to make a budget plan

Common unexpected expenses and three ways to pay for them

Money Moments: 3 smart financial strategies when caring for aging parents

Money Moments: 3 tips for planning an extended leave of absence

What’s in your emergency fund?

5 tips for seniors to stay a step ahead of schemers

Recognize. React. Report. Caregivers can help protect against financial exploitation

Identity stolen? 5 steps to take immediately

How you can prevent identity theft

Webinar: U.S. Bank asks: Are you safe from fraud?

How to apply for federal student aid through the FAFSA

Your financial aid guide: What are your options?

Alternative investments: How to track returns and meet your goals

Hospitals face cybersecurity risks in surprising new ways

Comparing term vs. permanent life insurance

Webinar: Mindset Matters: How to practice mindful spending

Webinar: Cash management strategies for higher education

3 tips to maintain flexibility in supply chain management

5 steps you should take after a major data breach

Cybersecurity – Protecting client data through industry best practices

Why KYC — for organizations

The cyber insurance question: Additional protection beyond prevention

What is CSDR, and how will you be affected?

Post-pandemic fraud prevention lessons for local governments

CancelSave & Close Planning self-care moments that matter (and how to finance them)

How to test new business ideas

5 steps to take before transitioning your business

How to expand your business: Does a new location make sense?

BEC: Recognize a scam

Fight the battle against payments fraud

The latest on cybersecurity: Vulnerability testing and third-party software

The password: Enhancing security and usability

Tactical Treasury: Fraud prevention is a never-ending task

3 timeless tips to reduce corporate payments fraud

Protecting cash balances with sweep vehicles

Avoiding the pitfalls of warehouse lending

4 tips for protecting your business against Coronavirus-related scams

5 Ways to protect your government agency from payment fraud

Proactive ways to fight vendor fraud

The latest on cybersecurity: Mobile fraud and privacy concerns

How to improve your business network security

Government agency credit card programs and PCI compliance

Cybercrisis management: Are you ready to respond?

Business risk management for owners of small companies

Protecting your business from fraud

The benefits of a full-service warehouse custodian

Webinar: Fraud prevention and mitigation for government agencies

Webinar: CRE Digital Transformation – Balancing Digitization with cybersecurity risk

Webinar: Recording of the Central Securities Depository Regulation and Pivot

Webinar: CRE technology trends

Webinar: AP automation—solve payment challenges with an invoice-to-pay solution

Webinar: Robotic process automation

Webinar: Economic, political and policy insights

Webinar: CRE treasury leader roundtable

Webinar: Building digital bridges for treasury optimization

Start of disclosure content

Loan approval is subject to credit approval and program guidelines. Not all loan programs are available in all states for all loan amounts. Interest rate and program terms are subject to change without notice. Mortgage, home equity and credit products are offered by U.S. Bank National Association. Deposit products are offered by U.S. Bank National Association. Member FDIC.

U.S. Bank is not responsible for and does not guarantee the products, services or performance of U.S. Bancorp Investments, Inc.