Protecting your business from cyber threats
In this technological age, the need to protect your business from cyber threats is a given. But how do you do that? Amy Foulks, Chief Information Officer for First Utah Bank, offers some concrete steps you can take to protect your money and your data. One of the first questions to ask is this: Who has access to your money and sensitive information about your business?
Consider the level of access for each employee. Adopt the principle of least privilege, meaning that you give an employee only as much access as he or she needs to do that particular job.
- What does the employee need access to in each software program?
- What files does the employee need access to on your network?
- What hours should they have access to it?
- What physical access should they have to your building(s)?
- Will the employee be allowed to work remotely, and what data will be accessible from outside your building?
- To prevent internal fraud, implement a separation of duties, frequently reconcile bank accounts and have that reconciliation reviewed by management, provide oversight on employee expense reimbursement, and safeguard and reconcile petty cash.
How are your vendors — payroll companies, medical benefits administrators, CPA firms, consultants, marketing agencies, legal counsel and more — managing, storing and ensuring the safety of your information? Ask the question and make sure the answers satisfy the standards you’ve set for security. Investigate before granting any vendor request to change an account number, routing number or address.
Consider a layered information security approach
Creating a security-aware culture involves more than installing a firewall. It requires a plan. A solid plan should address each of these:
- Regular management discussions
Threat Intelligence & Collaboration
- Vendor communication
- Trade associations
External Dependency Management
- Vendors with access to your systems
- Employees working outside of your network
- Incident Response
- Table Top Exercises
Controls to protect assets
- Strong firewall management
- Virus protection
- Network monitoring
- Email spam filtering
- Email phishing detection (There’s great info in this article).
- Patch management (not just your OS)
- Limited and secure external access to network
- Business continuity planning & testing
- Multi-factor authentication
- Ongoing employee training & testing (hold them accountable)
- Media destruction (don’t forget printers)
- Plan for BYOD (bring-your-own-device)
- Back up data regularly
- Cybersecurity insurance
- Strong passphrases (not passwords) that differ between applications and differ from those used at home.
At First Security Bank, we take banking security seriously, with such measures as these:
- Email Encryption
- Passwords/Tokens – Please do not share!
- Review Inactive Users/Terminated Employees
- Limited Access (no nights, no weekends)
- Dual Control for Wires and ACH Origination
- Treasury Management Mobile
- Out of Band Authentication
- Outgoing Wire Transfer Requests
- ACH Origination Files
- IP Restriction
Our website offers even more suggested security practices here. Please feel free to share any questions you have about cyber security, and know that we share your concerns for your business assets’ safety.