umb skin1 WCV RTF Content for Tertiary

umb skin2 Actions

How to Protect Your Business

Technology can be a great way to engage current and future customers, gain competitive advantage and stay efficient. As a small or medium sized business, sometimes the security resources needed to keep your customers and your business safe online can be limited.

There are several basic security measures and a number of resources readily available that can help you safeguard your customers’ information and keep your business secure. Below are some common security practices and resources for mitigating your security risk and reducing the likelihood of fraud.

  1. Start with security
    1. Don’t collect personal information you don’t need
    2. Hold on to information only as long as you have a legitimate business need
    3. Don’t use personal information when it’s not necessary
  2. Control access to data sensibly
    1. Restrict access to sensitive data
    2. Limit administrative access
  3. Require secure passwords and two-factor authentication
    1. Insist on complex and unique passwords that use special characters and are not common words
    2. Do not store passwords written down, but instead securely in a password safe
    3. Guard against brute force attacks
    4. Protect against authentication bypass
  4. Store sensitive personal information securely and protect it during transmission
    1. Keep sensitive information secure throughout its lifecycle
    2. Use industry-tested and acceptable methods
    3. Ensure proper configuration
  5. Segment and monitor your network
    1. Segment traffic to your network
    2. Monitor who's trying to get in and out
  6. Secure remote access to your network
    1. Ensure endpoint security by securing end-user devices like laptops, desktop PCs, servers and mobile devices
    2. Put sensible access limits in place
  7. Apply sound security practices when developing new products
    1. Train your engineers in secure coding
    2. Follow platform guidelines for security
    3. Verify that privacy and security features work
    4. Test for common vulnerabilities
  8. Make sure your service providers implement reasonable security measures
    1. Put it in writing
    2. Verify compliance
  9. Put procedures in place to keep your security current and address vulnerabilities that may arise
    1. Update and patch third-party software on a regular basis
    2. Heed credible security warnings and move quickly to fix them
  10. Secure paper, physical media, and devices
    1. Securely store sensitive files
    2. Protect devices that process personal information
    3. Keep safety standards in place when data is en route
    4. Dispose of sensitive data securely

Don’t Fall Victim to Business Email Compromise (BEC) Attempts

What is Business Email Compromise?

Business email compromise (BEC) is a fraud trend affecting businesses globally that has nearly doubled wire fraud in recent years.BEC is a type of payment fraud that involves the compromise or spoofing of legitimate business email accounts for the purpose of conducting an unauthorized wire transfer. After a business email account is compromised, cybercriminals use the compromised or spoofed account to send wire transfer instructions.

How does it happen?

The scam usually begins with cybercriminals phishing an executive and gaining access to their email or emailing employees from a look-alike account that’s one or two letters off. A request for a wire transfer is then sent to another employee within the company, tricking them into initiating the transaction.

Unlike traditional phishing scams, these are targeted communications, not mass emails. These social engineers take the time to understand the company and the victim(s) using publicly available materials or information gleaned from other social engineering scams.

As a reminder, when you receive an email requesting a significant transaction:

  • Look at the email address – It may appear correct at first glance, but closer inspection may uncover an extra letter or positioning your mouse over the name could reveal an unknown address.
  • Don’t take any action without verbally confirming the request with the sender – Email addresses are easily spoofed. Verify funds transfer requests via other communication channels, such as a telephone call.

Suggestions for Protection

  • Be mindful of posting certain information to social media and company websites such as job duties/descriptions, hierarchal information, and out of office details.
  • Be suspicious of requests for secrecy or pressure to take action quickly.
  • Know the sender – if it doesn’t sound like your colleague or client, it may not be; is this request out of the ordinary or does the grammar seem unusual?
  • Beware of sudden changes in business practices. For example, if a contact suddenly asks you to use his or her personal e-mail address when previous official correspondence has been on a company e-mail, the request could be fraudulent. Always verify via other channels that you are still communicating with your legitimate business partner.
  • Do NOT open the email, click on links, or open attachments. These often contain malware that may give subjects access to your computer.
  • Verify all significant transactions verbally.

Information Security Sources & Resources


and monitor who’s trying to get in and out

activity on your network

n emerging