Be cyber-secure: Ways to protect your business and your customers

Cyber criminals uncover and target hundreds of new vulnerabilities every minute. Are you prepared?


A CYBER INCIDENT CAN BE DEVASTATING to any business. And the threat is growing. In 2020, losses from business email compromise (BEC) threats alone totaled $1.8 billion.1 And that figure doesn’t even begin to calculate the cost of losing your customers’ trust if their personal data is compromised. Clearly, it’s critical for every business owner to implement a security program that protects against the evolving risks from cyber crime. These six recommendations can help you protect your business and your customers.

Recommendation 1

Put a cyber defense plan in place.

Be sure that you have rigorous policies, processes and systems in place to detect and block cyber incidents. Cyber criminals use a variety of highly effective schemes, including bogus email invoices and impersonating a trusted individual in correspondence, to convince employees to unwittingly help them commit cyber fraud. In addition, emails that contain links or attachments, if clicked or opened, can allow cyber criminals to gain access to your systems.

Have a backup data strategy in place to help in the event that you lose access to any critical business processes or functions.

You can help to defend against these efforts by educating your employees about the risks of cyber crime, investing in antivirus software and keeping all your software programs up to date. It’s also a good idea to review the security systems of the partners and vendors you work with. And have a backup data strategy in place to help in the event that you lose access to any critical business processes or functions.

Recommendation 2

Keep employees up to date.

In 2020 alone, malware accounted for $6,904,054 in losses reported to the FBI.2 Hold regular training sessions to keep employees briefed on the latest scams and how to identify and respond to them.

Recommendation 3

Review — and bolster — all processes related to financial transactions.

Establish procedures for managing unusual account or payment change requests, if you don’t already have them. For instance, you could instruct employees to confirm all unusual money requests in person or on the phone, using a phone number on file — not one listed in an email. Another best practice is to require multiple-person approvals for financial transactions or changes to customer or business accounts. The exact means for handling this will depend on your company’s business model and capabilities — there’s no one-size-fits-all process.

Recommendation 4

Limit system access.

Minimize your company’s vulnerability by restricting who can access your system — and what they’re able to see. If it’s not essential to their job, don’t grant access. Use unique email addresses, logins, servers and domain names for each user or user base.

Recommendation 5

Strengthen your passwords.

When you use easily guessed passwords like “123456” or “password,” your data and information are more at risk. Protect your accounts and devices with a strong password and use multifactor authentication or biometric ID (such as a fingerprint). And give serious consideration to using a password manager, which can help ensure that you have a complex, different password for every account without having to memorize them all.

Recommendation 6

Stay safe on the road.

Before traveling, back up your devices and update your operating systems. That way, if your laptop or phone does become compromised, you can wipe it clean and restore from a recent backup. While traveling, disable your device’s remote connectivity as well as automatic Wi-Fi and Bluetooth connections, and only connect to networks you know are trustworthy. It’s a good idea to use a virtual private network (VPN) at all times, but it’s even more critical on the road. Be aware, though, that you may have difficulty accessing some financial firms' websites through a VPN because of the anti-fraud protections they've put in place. In that case, you might prefer to wait until you can access the site through a secure, trusted connection. Also consider outfitting your laptop with a privacy screen, which obstructs the view for people who might physically peek over your shoulder as you work at the coffee shop or on the train.


A private wealth advisor can help you get started.

Our advisors can help you follow your passions, build a legacy and have a positive impact on others.

FBI Internet Crime Complaint Center (IC3), Internet Crime Report, 2020

FBI Internet Crime Complaint Center (IC3), Internet Crime Report, 2020

Neither Bank of America nor its affiliates provide information security or information technology (IT) consulting services. This material is provided “as is,” with no guarantee of completeness, accuracy, or timeliness or of the results obtained from the use of this material, and without warranty of any kind, express or implied, including, but not limited to warranties of performance, quality and fitness for a particular purpose. This material should be regarded as general information on information security and IT considerations and is not intended to provide specific information security or IT advice nor is it any substitute for your own independent investigations. If you have questions regarding your particular IT system or information security concerns, please contact your IT or information security advisor.