Demystifying Cybersecurity in an Uncertain World
As people live more of their lives online, security has become a greater concern. For the past several years, remote work, e-commerce and digital banking have all been on a rapid rise, with no signs of abating. At the same time, cybercrime has also escalated in frequency and sophistication. During a turbulent 2020 that saw typical work and home behaviors upended, the Federal Bureau of Investigation (FBI) noted a 400% increase in cybersecurity complaints.1
In this time of digital acceleration, KeyBank has partnered with cybersecurity solutions provider Binary Defense to bring operational advice to business owners about protecting their systems from security breaches. No business is too small to be at risk – in fact, more than half of all small businesses suffered a breach within the past three years.2
Cybersecurity experts from Key and Binary Defense recommend starting with the basics – knowing where your systems are vulnerable and adopting standard safeguards that are regularly tested.
In real life, it can be common to have greater fear of rare threats than everyday ones; similarly in cybersecurity, companies can become focused on complicated schemes and ignore the most common breaches and the fundamental ways to fix them.
- Know the common types of intrusions or breaches.
- Understand your weaknesses – the easiest way into your system.
- Identify how authentication fails – bad passwords are usually the culprit.
- Develop better policies and oversight to check compliance.
- Improve controls and monitoring using data and surveillance on an ongoing basis.
To Avoid a Break-In, Don’t Forget to Lock Your Doors
Just as the simplest way to prevent property break-ins is locking the door, the simplest way to prevent breaches is to secure the easiest access points. As the use of ransomware became rampant, security experts were finding that in most cases, criminals were gaining access because a remote desktop access had a guessable password or a virtual private network (VPN) server was not patched. Together with phishing, these paths in can account for almost all the major ransomware incidents.
Attackers use programs that can test hundreds of thousands of common passwords, and they also buy and sell lists of breached passwords online. When companies use remote desktops that only require a username and password, hackers have an easy route into networks. The solution: Companies should use a secure corporate VPN with two-factor authentication.
However, corporate VPNs can go from the most secure option to the most vulnerable when they’re not updated with the latest security patches. For example, older versions of VPN software could be susceptible to a security flaw that made it so attackers could log in with no password and do anything an administrator could do. The solution here is simple: Make sure VPN software is updated with the latest security patches available from the vendor.
Don’t Let Legacy Systems Be Your Downfall
Payment card theft is a growing problem for credit and debit transactions, and the most common targets are magnetic stripe readers in older point-of-sale (POS) systems. Here the solution can be replacing old systems with EMV software, a payment method for smart or “chip” payment cards for payment terminals and automated teller machines. EMV smart chips enable a more vigorous cardholder verification to protect against counterfeiting or lost/stolen cards.
Another vulnerability is POS systems that are running on Windows 7 or XP, obsolete systems that are not supported by new security updates and are prone to malfunction and breaches. The cost of updating operating systems can far offset the potential for a breach or outage that results in lost revenues or even business closure.
Not a “One and Done” – Use Data and Surveillance to Continually Respond
Cybersecurity is also an ongoing practice— to be successful, companies must set goals and measure progress. Passively monitoring systems will not result in greater safety. System alerts should be reviewed, patterns or unusual outliers tracked, and behaviors and protocols adjusted. Companies should also conduct tests of their systems and people, including practices such as phishing challenges for their employees.
Smaller companies may not have the resources to have devoted security operations around the clock, yet 75% of major attacks start after business hours – typically late Friday or early Saturday. One solution is to use an external managed security provider that can provide 24/7 monitoring plus respond to any alerts.
Key is Your Partner in Digital Security
As all businesses exist in a more digitized environment, security is paramount – but it doesn’t have to be overwhelming. By identifying weaknesses, updating security protocols and instituting regular checks, companies can avoid a major breach that puts their business at risk of devastating losses.
KeyBank is committed to helping you protect your business and your treasury management system from fraud interference. For more insights into cybersecurity and fraud, visit Key.com/cybersecurity.