Be cyber secure: Ways to protect your business and your customers

Cyber criminals uncover and target hundreds of new vulnerabilities every minute. Are you prepared?

 

A CYBER INCIDENT CAN BE DEVASTATING to any business. And the threat is growing. In 2022, losses from business email compromise (BEC) threats alone totaled more than $2.7 billion.1 And that figure doesn’t even begin to calculate the cost of losing your customers’ trust if their personal data is compromised. Clearly, it’s critical for every business owner to implement a security program that protects against the evolving risks from cyber crime. These six recommendations can help you protect your business and your customers.

Recommendation 1

Put a cyber defense plan in place.

Be sure that you have rigorous policies, processes and systems in place to detect and block cyber incidents. Cyber criminals use a variety of highly effective schemes, including bogus email invoices and impersonating a trusted individual in correspondence, to convince employees to unwittingly help them commit cyber fraud. In addition, emails that contain links or attachments, if clicked or opened, can allow cyber criminals to gain access to your systems.

Have a backup data strategy in place to help in the event that you lose access to any critical business processes or functions.

You can help to defend against these efforts by educating your employees about the risks of cyber crime, investing in antivirus software and keeping all your software programs up to date. It’s also a good idea to review the security systems of the partners and vendors you work with. And have a backup data strategy in place to help in the event that you lose access to any critical business processes or functions.

Recommendation 2

Keep employees up to date.

In 2022 alone, malware accounted for $9,326,482 in losses reported to the FBI.2 Your employees are your first line of defense, so it is important to hold regular training sessions to keep employees briefed on the latest scams and how to identify and respond to them, following your documented and socialized cyber response processes.

Recommendation 3

Review — and bolster — all processes related to financial transactions.

Establish procedures for managing unusual account or payment change requests, if you don’t already have them. For instance, you could instruct employees to confirm all unusual money requests in person or on the phone using a phone number on file — not one listed in an email. Another best practice is to require multiple-person approvals for financial transactions or changes to customer or business accounts. The exact means for handling this will depend on your company’s business model and capabilities — there’s no one-size-fits-all process.

Recommendation 4

Limit system access.

Minimize your company’s vulnerability by restricting who can access your system — and what they’re able to see. If it’s not essential to their job, don’t grant access. Use unique email addresses, logins, servers and domain names for each user or user base.

Recommendation 5

Strengthen your passwords.

When you use easily guessed passwords like “123456” or “password,” your data and information are more at risk. Protect your accounts and devices with a strong password and use multifactor authentication or biometric ID (such as a fingerprint). Ensure that these requirements are supported by a strong password policy that all employees adhere to.

Recommendation 6

Stay safe on the road.

Before traveling, back up your devices and update your operating systems, and ensure your employees do the same. This ensures that if any work device becomes compromised, you can wipe it clean and restore from a recent backup. While traveling, disable your device’s remote connectivity as well as automatic Wi-Fi and Bluetooth connections, and only connect to networks you know are trustworthy. It’s a good idea to use a virtual private network (VPN) at all times, but it’s even more critical on the road. Be aware, though, that you may have difficulty accessing some financial firms' websites through a VPN because of the anti-fraud protections they've put in place. In that case, you might prefer to wait until you can access the site through a secure, trusted connection. Also consider outfitting your laptop with a privacy screen, which obstructs the view for people who might peek over your shoulder as you work at the coffee shop or on the train. Public USB charging stations can also pose a potential risk when you’re traveling. They can be manipulated to infect your devices with malware. Protect your devices by using charging-only cables, and never plug an unknown storage device or cable into your laptop or phone.

Stay connected, stay protected

To help keep your Merrill account information safe and secure, make sure your contact information is up to date and set up security and account alerts so we can stay in touch. Remember, if we need to reach out to you, we’ll NEVER ask for personal or financial information or an access code through email, text or unsolicited calls. Visit our security center for tips on how to recognize potential scams and learn more about how to keep your accounts safe.

 

A private wealth advisor can help you get started.

Our advisors can help you follow your passions, build a legacy and have a positive impact on others.

FBI Internet Crime Complaint Center (IC3), Internet Crime Report, 2022

FBI Internet Crime Complaint Center (IC3), Internet Crime Report, 2022

Neither Bank of America nor its affiliates provide information security or information technology (IT) consulting services. This material is provided “as is,” with no guarantee of completeness, accuracy, or timeliness or of the results obtained from the use of this material, and without warranty of any kind, express or implied, including, but not limited to warranties of performance, quality and fitness for a particular purpose. This material should be regarded as general information on information security and IT considerations and is not intended to provide specific information security or IT advice nor is it any substitute for your own independent investigations. If you have questions regarding your particular IT system or information security concerns, please contact your IT or information security advisor.