While mobile and cloud-based technologies have made it easier to perform everyday business tasks, such as accessing financial systems and monitoring transactions, ensuring the protection of your valuable data and systems requires the right balance of risk and resilience.
Unauthorized access and exploited vulnerabilities are currently among the most prevalent forms of cybersecurity concerns in the workplace. This includes phishing campaigns in which a bad actor mimics a company email address or uses social engineering to impersonate the identity of the CEO, a company attorney or key resource at the company, or trusted vendor. Another ongoing threat is business email compromise, in which bad actors target businesses that regularly perform wire transfers with foreign suppliers and/or businesses with the intent to steal funds.
Managing risk and bolstering security against this type of fraud is increasingly complicated as cyberattacks grow in sophistication and frequency. Securing IT systems involving vital business functions including human resources, supply chain, and research is more important than ever.
And while many organizations have dedicated professionals focused on preventing attacks from the outside, internal weaknesses such as mistakes by employees can be just as important to prevent as phishing attacks, third-party access, and lost devices.
It helps to create a culture where your employees feel free to challenge the need for information, should they receive an email requesting a funds transfer or account information changes, especially with a need for urgency outside of normal business practices. You want to encourage an ever-critical eye and vigilance in taking that extra step to verify before an irreversible transaction is made.
A strong perimeter defense matters as much as properly vetting employees, contractors, third party partners and vendors, while also establishing carefully managed access to the information specific to roles within the organization.
The best defense involves responding to threats holistically through education, preparation, risk transfer, and establishing a strong security culture.
And just as companies are mounting strong cyber defenses, it’s worth noting that experts are seeing an uptick in non-cybercrimes as more bad actors resort to the old-fashioned route, such as check fraud to gain access to company accounts.
Moreover, cybersecurity in the workplace should be viewed in conjunction with an overall business continuity strategy and your financial institution should be integrally involved in helping your business operate and perform successfully. Incorporating a “security first-of-mind” working model enables the business to work collaboratively with their security organization at the start of business endeavors and projects.
At Huntington, we can provide cybersecurity insurance coverage that protects against loss and help you minimize breaches by taking steps such as requiring dual approval on certain monetary transactions and advising on administrative changes that can go a long way to protecting your interests.
Our financial and insurance professionals are available to engage you and your colleagues in conversations regularly about how to avoid all types of risk that can interrupt your business.
And while it's imperative to put a plan in place to prevent data breaches, it is also critical for companies to vet their cyber defenses periodically by testing them with employees and vendors who have systems access. Data security, like all security, is only as good as the weakest link.
It's also important to hold insurance providers, payroll processors, benefits administrators, and others to the same standards as internal users. Third-party providers who have access to any sensitive data regarding customers and/or employees should be held to the same auditing processes and go through the same rigorous vetting process used to ensure the security of internal data.
Every person in the organization has a role to play in mitigating the risk of a cyberattack. At Huntington. we can help you explore how to keep your financial data and transactions safe.