As the volume of online business activity goes up, so do the instances of online fraud—creating new challenges for merchants across all sectors. A recent survey on cybersecurity breaches indicated that large businesses saw a 78% increase in fraud in 2020, while medium-sized companies saw a 68% increase. In the ecommerce space, fraud cost the industry around $35 billion.
Now more than ever, businesses should prioritize fraud prevention practices to reduce costs, protect their reputation and keep consumers’ information safe.
Cybersecurity Tips for Small Business Owners
As fraudsters' methods evolve, so does the technology and proactive measures needed to stop them. Business owners should have a solid cybersecurity strategy in place to protect themselves, their customers and their data from growing cybersecurity threats, including:
- Train employees. Establish basic security practices and policies for employees and describe how to protect customer information and other data.
- Passwords and authentication. Require employees to use unique passwords and change passwords on a regular basis and consider implementing multi-factor authentication. Check with your vendors that handle sensitive data, especially financial institutions, to see if they offer multi-factor authentication for your account.
- Create a mobile device action plan. Require users to password-protect their devices, encrypt their data and install security apps to prevent criminals from stealing information while the phone is on public networks. Be sure to set reporting procedures for lost or stolen equipment.
- Control physical access to your computers and create user accounts for each employee. Laptops can be particularly easy targets for theft or can be lost, so lock them up when unattended. Make sure a separate user account is created for each employee and require strong passwords. Administrative privileges should only be given to trusted IT staff and key personnel. Employees should only be given access to the specific data systems that they need for their jobs and should not be able to install any software without permission.
- Employ best practices on payment cards. Work with banks or processors to ensure the most trusted and validated tools and anti-fraud services are being used. You may also have additional security obligations pursuant to agreements with your bank or processor. Isolate payment systems from other, less secure programs and don't use the same computer to process payments and surf the Internet.
Ransomware is malware that employs encryption to hold a victim’s information at ransom. A user or organization’s critical data is encrypted so that they cannot access files, databases or applications—and a ransom is then demanded to provide access. Ransomware is often designed to spread across a network and target database and file servers and can thus quickly paralyze an entire organization. It is a growing threat, generating billions of dollars in payments to cybercriminals and inflicting significant damage and expenses for businesses and governmental organizations.
To avoid ransomware and mitigate damage if you are attacked, follow these tips:
- Back up your data. The best way to avoid the threat of being locked out of your critical files is to ensure that you always have backup copies of them, preferably in the cloud and on an external hard drive. This way, if you do get a ransomware infection, you can wipe your computer or device free and reinstall your files from backup. This protects your data and you won’t be tempted to reward the malware authors by paying a ransom. Backups won’t prevent ransomware, but it can mitigate the risks.
- Secure your backups. Make sure your backup data is not accessible for modification or deletion from the systems where the data resides. Make sure the operating system's firewall is enabled or install free firewall software available online. Ransomware will look for data backups and encrypt or delete them so they cannot be recovered, so use backup systems that do not allow direct access to backup files.
- Use security software and keep it up to date. Make sure all your computers and devices are protected with comprehensive security software and keep all your software up to date. Make sure you update your devices’ software early and often, as patches for flaws are typically included in each update.
- Practice safe surfing. Be careful where you click. Don’t respond to emails and text messages from people you don’t know, and only download applications from trusted sources. This is important since malware authors often use social engineering to try to get you to install dangerous files.
- Only use secure networks. Avoid using public Wi-Fi networks, since many of them are not secure, and cybercriminals can snoop on your internet usage. Instead, consider installing a VPN, which provides you with a secure connection to the internet no matter where you go.
Preventing online fraud before it happens is the best strategy for keeping a business safe. Busey offers fraud mitigation solutions—including Check Positive Pay and ACH Positive Pay—to business owners. For more information on how to protect your business, visit the FCC’s Cybersecurity Hub or check Busey's Money Matters blog and our Fraud Prevention FAQs.