While mobile and cloud-based technologies have made everyday business tasks, such as banking, easier and faster to perform, protecting valuable data and systems in the digital space has become critically important.
Securing IT systems today requires both external defenses and internal education, and involves coordination among all business functions, including human resources, supply chain and research. Fortunately, banking institutions are equipping themselves to be an ally in the fight against cyberattacks.
Smart Business spoke with Jim Altman, middle market Pennsylvania Regional Executive at Huntington Bank, to learn more about how banks are helping companies identify and protect against digital threats.
What are the most pressing digital threats businesses face today?
Unauthorized access and malicious code are currently among the most prevalent threats to a company’s cybersecurity. These methods are most often employed to steal funds from businesses that regularly perform wire transfers.
Business e-mail compromise includes phishing campaigns in which an outsider uses what looks like a company e-mail address combined with social engineering — gathering personal information from social media sites to impersonate someone — to mimic the identity of the CEO, a company attorney, or trusted vendor.
Many organizations have dedicated professionals focused on preventing these types of attacks from the outside. However, research shows that internal weaknesses, such as mistakes by employees, rank higher than phishing attacks, third-party access and lost devices as the source of a breach.
How are companies defending themselves from such attacks?
Cybersecurity professionals are encouraging companies to consider their digital protection plan in the context of an overall business continuity strategy. That involves responding to threats through education, preparation and risk transfer.
Properly vetting employees and contractors, and establishing carefully managed access to the information specific to roles within the organization is just as important as a strong perimeter defense.
Additionally, they stress the importance of a culture in which employees feel free to challenge the need for information should they receive an email requesting a funds transfer. Company leadership, from the top down, should encourage a critical eye and vigilance in the verification process before an irreversible transaction is made.
Experts agree that it’s critical for companies to vet their cyberdefenses periodically by testing them with employees and vendors who have systems access. Data security — like all security — is only as good as the weakest link.
It’s also important to hold insurance providers, payroll processors, benefits administrators and others to the same standards as internal users. Third-party providers that have access to any sensitive data regarding customers or employees should be held to the same auditing processes and go through the same rigorous vetting process used to ensure the security of internal data.
Who can help companies devise a strategy to mitigate or prevent cyberthreats?
Companies should involve their financial institutions to help their business operate and perform successfully.
For example, some banks offer insurance coverage that protects against loss. Companies can minimize the potential for breaches by taking steps such as requiring dual approval on certain monetary transactions and advising on administrative changes. Those steps can go a long way toward protecting the company’s interests.
Some banks have in-house financial and insurance professionals who are available to engage the company and its employees in regular conversations on how to avoid all types of risks that can disrupt a business.
Regardless of the methods companies use to protect themselves, one commonality persists through all of them: Every person in the organization must understand the role they play in mitigating the risk of a cyberattack.
Insights Banking & Finance is brought to you by Huntington Bank