Eighty-five percent of executives surveyed said their organizations require complex passwords for applications with sensitive data or critical operations, and 41 percent use multifactor authentication. What are some other tactics businesses can use to help protect confidential information?
There are generally three distinct areas within data security that companies should make sure they're thinking about when developing security protocols:
A number of organizations outsource their tech support to third-party vendors (44 percent) or freelance specialists (18 percent). What are some precautions businesses should take when outsourcing something as vital as data security?
There's not a right or wrong answer in terms of what you should outsource—in many cases, it depends on a business's size and industry. That said, one rule that applies to businesses of all sizes and across all industries is that any controls you have or standards you set internally should be applied to your vendors, too—the expectations have to be the same. You aren't absolved from managing your data security when you outsource it to a vendor—it's still your responsibility.
In terms of risk, concentration is always something to watch. If you give one vendor the keys to your kingdom—for example, if they have the ability to manage all your wire account data, as well as the ability to change it—you're putting your business at risk. Of course, sometimes it can be hard to break apart your tech support functions, in which case, you just have to be transparent with your board and have the proper audit rights in place. But in a perfect world, you'd be able to segment your data security so that you're not completely dependent on one vendor.
Thirteen percent of survey respondents said their businesses had experienced cyberfraud that led to stolen money. Of that 13 percent, 19 percent said the fraud was a result of malware, and 19 percent cited social engineering (which occurs when criminals create fake situations that trick businesses into quickly sending funds). What are some steps that companies can take to guard against social engineering attacks? And are there other fraud trends businesses need to know about?
Social engineering, which some call phishing, is huge. This is where I see the majority of data compromises arise. It's important to educate your employees to be vigilant about properly screening emails, phone calls and even website popups for fraud.
Generally, there are a number of steps you can implement that can help prevent social engineering attempts to gain access to your funds:
There's also always the threat of the malicious insider—someone within the company who has bad intentions and perpetrates fraud on your business—but if you're properly monitoring employee activity, you have a good chance of reducing this risk.
Survey respondents cited a number of actions their businesses are taking to prevent cybersecurity breaches, including conducting external penetration tests, implementing ongoing training and education for employees, and continuing to invest in software and systems to block attacks. What are some other ways you would advise organizations to protect themselves?
The best advice I have is to promote awareness of cyberthreats—particularly via ongoing training and education, which tends to be undervalued—and to create a culture where escalation is encouraged. If employees know they won't be penalized or made to look foolish for following the steps above, you can drastically reduce your risk for things like wire transfer fraud, which is on the rise.
Read the full results of the JPMorgan Chase Executive Advisory Board Cybersecurity Report to get more insight into the concerns and plans executives have around cybersecurity.
The 2016 AFP Payments Fraud and Control Survey found that the number of organizations impacted by fraud is increasing—and criminals are using more high-tech strategies.View infographic about Payments Fraud Hits Record Highs
What you need to know about encryption to determine if it’s something you should use as part of your data security arsenal.Read article about Should Your Business Encrypt Its Data?
Why your biggest cyberthreat may be coming from inside your business.Read article about The Cyberthreat Inside Your Company
Weekly insights on the economic issues that matter most to your business.