How to improve your business network security

April 05, 2018

Your business may be as vulnerable as any large corporation to data breaches, information theft and all of the liability they represent. But with a little preparation, you can keep your business information secure.

 

In this digital age, data breaches, and all of the liability and headache they represent, have become a fact of life for large corporations. The bad guys, however, don’t just target large companies, and small businesses have a legal and ethical obligation to protect their customers, too. The risks of data breaches continue to increase and businesses need to pay close attention to their network security measures to protect their customers.

Here are some best practices you can use to help keep your business information secure.

 

Don’t ignore the issue

Among information security professionals, there’s a common saying: “If you’ve been ignoring information security, you’ve already been hacked.” U.S. Bank deflects approximately 500 attacks per month. If a customer has trusted you with his or her data, you have a legal and ethical obligation to protect it.

Oftentimes businesses think they’re secure when they are not. There’s good reason for that: Over the last decade, cybercrime has become increasingly sophisticated.

On the small end, plenty of hackers are working alone and may not be motivated by money at all. (In one recent case, a group of teenagers hacked a British service provider just to impress their friends.) At the other end of the spectrum, however, there has been rapid growth in organized cybercrime. Estimates vary, but McAfee claims that as much as $550 billion may be lost to cybercrime every year. Juniper Research expects that amount to rise to $2 trillion by 2019. Groups operating on the large end command resources greater than the GDPs of many countries, with software teams writing viruses and other malware.

Risks may be even higher depending on your industry. The U.S. Department of Homeland Security defines 16 critical infrastructure sectors — industries such as water and agriculture, electricity and financial services — that might be attractive targets not only to criminals but also to foreign governments or other groups seeking to cause damage and panic.

Organizations that rely on data for others’ safety are also prime targets for ransom attacks, where a hacker may take vital data or systems offline unless they are paid off. Several hospitals hit by such attacks in the last several years have been forced offline until they paid the hackers, most dramatically in May 2017 when malware hit the entire British National Health Service. 

 

Implement business solutions to big threats

As a business, your exposure to threats from hackers is less than that of a major corporation, but it may also be harder for you to have the right security expertise. Legal requirements for data and information security vary across countries and states, so it’s important to know your obligations. 

 

Invest in IT security for businesses

If you’re using computers, you need to invest in IT security by putting someone in charge of data security. If you’re not large enough to have a dedicated information security person on your IT staff, you should at least have an IT person with the relevant knowledge and certifications. IT security for businesses can include outsourced data security. However, it’s important to understand that you can’t outsource risk. Make sure any outside firms are accountable to you.

Although there are no one-size-fits-all solutions or rules, there are still guidelines. Depending on your industry, about 3 to 5 percent of your IT budget should be dedicated to information security in some form. This is certainly one function you cannot afford to shortchange; it takes only one data breach or hacking incident to harm your reputation, your customers and your bottom line. 

 

Use a security framework

Investing in good anti-virus software is necessary but not sufficient, and there is no off-the-shelf solution to these problems. Being in an information security role is like trying to predict the weather on a planet where the climate changes every quarter. However, no matter what your specific requirements are, there are general information security frameworks that give you a comprehensive set of controls that will still allow you to sustainably serve your customers.

One useful framework, from the National Institute of Standards and Technology (NIST), is particularly good. While implementing all components of the framework is important, focusing on a small handful of precautions they outline can help you eliminate most of the risk.

  1. Stay rigorously up to date on software patches.
  2. Be careful with who has administrative access to your devices.
  3. Use two-step authentication when accessing your network or email remotely.
  4. Test your employees with fake phishing emails so they know not to click the wrong link when a real one arrives.

 

Guard payments 

In addition to the threats the NIST framework tries to prevent, one other threat is worth mentioning: payment security.

In recent years, hackers have gotten increasingly sophisticated at targeting employees by impersonating executives or others in the company, convincing them to approve fraudulent wire transfers. While these funds can be reclaimed if the fraud is quickly identified, the bad guys have netted over $3 billion from tens of thousands of businesses since 2013.

Businesses of all sizes, from major multinationals to a local dry cleaner, take payments, which means they’re also responsible for protecting customer payment information. If you’re accepting payments, be aware that there was a liability shift in 2013 that puts fraud risk on the business if there is a compromise and you are not up on the latest security, such as chip readers for credit cards. 

 

Final thoughts

Over the last 10 years, threats to data security have grown in sophistication from lone hackers to international crime rings, and that trend is only accelerating. As quickly as we try to adapt to new data and information security threats, especially as more and more everyday devices in the internet of things become connected, we will see a shift from internet security to internet safety. By taking data security seriously, you aren’t just protecting your customers’ information — you’re protecting your customers themselves.

 

Continue reading at usbank.com/small-business.

Learn about U.S. Bank

Related content

What is CSDR, and how will you be affected?

Evaluating interest rate risk creating risk management strategy

6 things to know about long-term care insurance cost and benefits

Is your employer long term disability insurance enough?

How much life insurance do I need?

Risk management strategies for foreign exchange hedging

Webinar: CRE technology trends

Avoiding the pitfalls of warehouse lending

Here’s how to create a budget for yourself

Understanding guardianship and power of attorney in banking

What’s in your emergency fund?

What is Medicare? Understanding your coverage options

5 financial goals for the new year

Retirement plan options for the self-employed

Common unexpected expenses and three ways to pay for them

8 steps to choosing a health insurance plan

Key milestone ages as you near and start retirement

The latest on cybersecurity: Mobile fraud and privacy concerns

Year-end financial checklist

Liquidity management: A renewed focus for European funds

5 questions you should ask your custodian about outsourcing

10 ways a global custodian can support your growth

The benefits of a full-service warehouse custodian

Best practices on securing cardholder data

Turn risk into opportunity with supply chain finance

Hospitals face cybersecurity risks in surprising new ways

Authenticating cardholder data reduce e-commerce fraud

Post-pandemic fraud prevention lessons for local governments

Webinar: Robotic process automation

Proactive ways to fight vendor fraud

5 Ways to protect your government agency from payment fraud

Fight the battle against payments fraud

Fraud prevention checklist

Complying with changes in fund regulations

Why Know Your Customer (KYC) — for organizations

The password: Enhancing security and usability

How to improve your business network security

Government agency credit card programs and PCI compliance

Cybersecurity – Protecting client data through industry best practices

Business risk management for owners of small companies

BEC: Recognize a scam

Evaluating interest rate risk creating risk management strategy

Increase working capital with Commercial Card Optimization

Protecting cash balances with sweep vehicles

Alternative investments: How to track returns and meet your goals

Manufacturing: 6 supply chain optimization strategies

Webinar: CRE Digital Transformation – Balancing Digitization with cybersecurity risk

5 steps to take before transitioning your business

How to test new business ideas

Small business growth: 6 strategies for scaling your business

How to expand your business: Does a new location make sense?

Reviewing your beneficiaries: A 5-step guide

How to talk about money with your family

Comparing term vs. permanent life insurance

Webinar: U.S. Bank asks: Are you safe from fraud?

How you can prevent identity theft

Planning self-care moments that matter (and how to finance them)

Adulting 101: How to make a budget plan

Money Moments: 3 smart financial strategies when caring for aging parents

Start of disclosure content

Loan approval is subject to credit approval and program guidelines. Not all loan programs are available in all states for all loan amounts. Interest rate and program terms are subject to change without notice. Mortgage, Home Equity and Credit products are offered through U.S. Bank National Association. Deposit products are offered through U.S. Bank National Association. Member FDIC.