For information about the forgiveness process, please click here.

When it Comes to Cyber Risk, Size Doesn’t Matter

A Three Step Cybersecurity Framework to Help SMBs Survive and Thrive in a Remote World

You’ve likely heard that the social media giant Twitter experienced a high profile hacking incident this past summer. What you might not know is that this attack exploited the most democratic of all vulnerabilities — human nature.

In short, cyber criminals used a phishing attack to trick employees of one of the world largest tech companies into divulging confidential information, allowing them to access the company’s internal support tools and gain access to user accounts, inflicting serious reputational damage from which Twitter is still trying to recover.[1]

This news should be a wakeup call to any Fintech or Payments business that has employees who access proprietary information and customers who entrust them with their personal and financial data.

Think your business is too small to be an attractive target for hackers? Think again. Fintech and Payments businesses have what hackers desire most, data and access to financial transactions.

The statistics underscore the threat is real. In 2019, 63% of Small to Medium Sized Businesses (SMBs) reported experiencing a data breach in the past 12 months.[2]  And while outsider attacks still account for the majority of those targeting SMBs, insider incidents — whether malicious or unintentional — are exceedingly costly for small businesses, with an average price tag of $7.68 million, according to IBM and the Ponemon Institute.[3]

At Atlantic Capital, we take cybersecurity seriously, and we want to ensure that you thrive through this challenging time by providing you with tips on how to protect your assets, as well as those of your customers. The risks of doing nothing aren’t just monetary. With just one incident, you risk shattering the customer trust you worked so hard to build.

The “ASET” Protection Framework and 7 Tips to Help Protect Your Business

Whether you have a cybersecurity plan in place or are thinking about it for the first time, we recommend a three step approach: Audit, Secure, Educate and Train (ASET).

Here are some practical tips to get you started.

Step 1: Audit

Tip: Know where you stand

Do you understand your vulnerabilities? Security is only as good as your weakest link, so go find it. Completing regular security audits of both internal and external risks will allow you to identify ongoing or new areas of concern and revise your plans, policies and procedures before an incident occurs. Be sure to stress test your defenses and conduct scenario-based exercises to see where you stand so that you can make investments in areas that will have the biggest impact.

Tip: Evaluate account security

A business owner recently faced a $30,000 financial loss due to fraud. An email from a client, stating, “We’ve changed bank account information. Please update your records and remit payment to our new account,” turned out to be from an imposter. The business was a victim of a successful phishing attack, the most common type of fraud targeting SMBs.

Instances of account takeover are increasing in number and speed, up a staggering 72 percent in one year, according to Javelin.[4] And motivated criminals work quickly — 40 percent of all fraudulent activity associated with an account takeover occurs within a day, the organization found. Given the sophistication of these intrusions, it’s critical for businesses to not only implement real-time cyber intelligence solutions to quickly identify and mitigate the risk of account takeover, but to also work jointly with customers to authenticate account-related communications and implement two-way security protections.

 Tip: Identify third party risks

It’s possible that your weakest link isn’t inside your business at all. In our multi-channel, multi-platform world, we’re all interconnected. Your biggest vulnerability may in fact be something your third party vendor may or may not be doing. Regularly review your critical vendors’ privacy and security policies and compliance with data security regulations to ensure their vulnerabilities don’t become yours. Understand where the allocation of risk resides if there were a data breach. This is also a great time to review your insurance policies. What types of insurable cyber risks are covered across your existing policies and does this coverage need to be amended as your business grows?

Step 2: Secure

Tip: Update your defenses

This is one case where it’s good to have your head in the cloud. Security experts note that SMBs’ move to the cloud and Software as a Service (SaaS) solutions has enhanced their security, but many SMBs are still underinvesting in modern, enterprise-level cyber defenses. In fact, one study found that 32% of SMBs who use endpoint security protections say that they rely solely on free consumer-grade cybersecurity solutions.[5]

For many SMBs consumer cybersecurity products may not provide enough protection. They need a full suite of security solutions, including SSL, firewalls, email security protections, auto generated passwords, secure content delivery networks (CDNs), multi-factor authentication and endpoint security. And just as important as having the right protections in place is making sure all software and hardware is regularly updated with the latest releases and patches.

Tip: The more layers the better

Just as you may secure your home with locks, alarms, motion lights and a big dog, a multi-layered protection plan gives you the best chance to keep cybercriminals at bay.
Cybersecurity isn’t just a technology problem, so it shouldn’t be treated as just an IT issue. Everyone plays a role.

Effective cybersecurity must include not only the technology but also the planning, training and testing required to support a security-minded culture. This includes implementing incident response and network penetration testing.

Step 3: Educate and Train

Tip: Assume insider risk

It’s not something most businesses want to think about, but employee negligence is the top root cause of data breaches of SMBs in the US.[6]  And according to Javelin, “The shift to remote work has significantly raised the threat profile of insiders.”[7] The organization’s recent report on insider cybersecurity threats concluded remote work makes it easier to make mistakes, be caught off guard by a social engineering scam, or for a stressed employee to participate in data exfiltration for financial gain.

During 2020, 22% of SMBs switched to remote work without a cybersecurity threat prevention plan.[8] Given the increased security risks of remote work, it’s paramount for SMBs to educate employees on the nature of the threats and provide them the information and resources they need to recognize and avoid the most common pitfalls, including phishing, social engineering, malware, policy violations and network and hardware vulnerabilities.

Tip: Start with awareness

Consider this: 70% of SMBs reported that their employees’ passwords had been lost or stolen in the past year and more than half reported compromised credentials.[9] The collective risk to SMBs of all this compromised data is hard to overstate, but it’s likely that most employees are never shown the big picture. In addition to educating and rigorously training employees on security policies, procedures and best practices, SMBs can help employees understand their role in creating or reducing the risk of cyber attacks and their implications for the business and its customers.

Conclusion

Despite decades of progress on identifying and mitigating cyber threats, fraud losses continue to grow as cyber criminals capitalize on technological advances and exploit vulnerable businesses and consumers. Cybersecurity is not a one time investment, but rather a continuous cycle of auditing, securing, educating and training to ensure you have the best chance possible of staying one step ahead of the criminals and the damage they can inflict on your business.

To learn more about how to protect your business from the risks of cyber fraud, contact us at www.atlanticcapitalbank.com or speak to your banker.

 

______________________________________

[1] https://blog.twitter.com/en_us/topics/company/2020/an-update-on-our-security-incident.html

[2] https://start.keeper.io/2019-ponemon-report

[3] https://www.thesslstore.com/blog/15-small-business-cyber-security-statistics-that-you-need-to-know/

[4] https://www.javelinstrategy.com/press-release/identity-fraud-losses-increase-15-percent-consumer-out-pocket-costs-more-double

[5]https://www.prweb.com/releases/new_study_reveals_one_in_three_smbs_use_free_consumer_cybersecurity_and_one_in_five_use_no_endpoint_security_at_all/prweb16921507.htm

[6] https://www.keeper.io/hubfs/PDF/2019%20Keeper%20Report%20V7.pdf

[7] https://www.javelinstrategy.com/coverage-area/cyber-security-insider-threats-social-engineering-malicious-intent?utm_medium=email&_hsmi=94280644&_hsenc=p2ANqtz-9IrQjZutfi06opLyCsisv65H0Um8QO88draVlRHSmzuYPIrUOUbFFLnzCtzTbRvl8_UFSAlSewijBLN7_5bXxo2_liKQ&utm_content=94280644&utm_source=hs_email

[8] https://www.thesslstore.com/blog/15-small-business-cyber-security-statistics-that-you-need-to-know/

[9] https://www.keeper.io/hubfs/PDF/2019%20Keeper%20Report%20V7.pdf

Address Book Address Card adjust Alarm Clock align-center align-justify align-left align-right Allergies ambulance American Sign Language Interpreting Anchor Angle Double Down Angle Double Left Angle Double Right Angle Double Up angle-down angle-left angle-right angle-up Archive Alternate Arrow Circle Down Alternate Arrow Circle Left Alternate Arrow Circle Right Alternate Arrow Circle Up Alternate Arrow Down Alternate Arrow from Bottom Alternate Arrow from Left Alternate Arrow from Right Alternate Arrow from Top Alternate Arrow Left Alternate Arrow Right Alternate Arrow Square Down Alternate Arrow Square Left Alternate Arrow Square Right Alternate Arrow Square Up Alternate Arrow to Bottom Alternate Arrow to Left Alternate Arrow to Right Alternate Arrow to Top Alternate Arrow Up Arrow Circle Down Arrow Circle Left Arrow Circle Right Arrow Circle Up arrow-down Arrow from Bottom Arrow from Left Arrow from Right Arrow from Top arrow-left arrow-right Arrow Square Down Arrow Square Left Arrow Square Right Arrow Square Up Arrow to Bottom Arrow to Left Arrow to Right Arrow to Top arrow-up Arrows Alternate Arrows Alternate Arrows Horizontal Alternate Arrows Vertical Arrows Horizontal Arrows Vertical Assistive Listening Systems asterisk At Audio Description backward Badge Check Badge Balance Scale ban Band-Aid barcode Barcode Alternate Barcode Read Barcode Scan Bars Baseball Baseball Ball Basketball Ball Basketball Hoop Bath Battery Bolt Battery Empty Battery Full Battery 1/2 Full Battery 1/4 Full Battery Slash Battery 3/4 Full Bed beer bell Bell Slash Bicycle Binoculars Birthday Cake Blind bold Lightning Bolt Bomb book bookmark Bowling Ball Bowling Pins Box Box Check Boxes Boxing Glove Braille Briefcase Medical Briefcase Browser Bug Building bullhorn Bullseye Burn Bus Calculator Calendar Alternate Calendar Calendar Check Calendar Edit Calendar Exclamation Calendar Minus Calendar Plus Calendar Times camera Alternate Camera Retro Camera Capsules Car Caret Circle Down Caret Circle Left Caret Circle Right Caret Circle Up Caret Down Caret Left Caret Right Caret Square Down Caret Square Left Caret Square Right Caret Square Up Caret Up Shopping Cart Arrow Down Add to Shopping Cart certificate Area Chart Bar Chart Line Chart Pie Chart Check Check Circle Check Square Chess Chess Bishop Alternate Chess Bishop Chess Board Chess Clock Alternate Chess Clock Chess King Alternate Chess King Chess Knight Alternate Chess Knight Chess Pawn Alternate Chess Pawn Chess Queen Alternate Chess Queen Chess Rook Alternate Chess Rook Chevron Circle Down Chevron Circle Left Chevron Circle Right Chevron Circle Up Chevron Double Down Chevron Double Left Chevron Double Right Chevron Double Up chevron-down chevron-left chevron-right Chevron Square Down Chevron Square Left Chevron Square Right Chevron Square Up chevron-up Child Circle Circle Notched Clipboard Clipboard Check Clipboard List Clock Clone Closed Captioning Cloud Cloud Download Cloud Download Alternate Cloud Upload Cloud Upload Alternate Club Code Code Branch Code Commit Code Merge Coffee cog cogs Columns comment Alternate Comment comments Compass Compress Alternate Compress Compress Wide Conveyor Belt Conveyor Belt Alternate Copy Copyright Credit Card Credit Card Blank Credit Card Front Cricket crop Crosshairs Cube Cubes Curling Cut Database Deaf Desktop Alternate Desktop Diagnoses Diamond DNA Dollar Sign Dolly Dolly Empty Dolly Flatbed Dolly Flatbed Alternate Dolly Flatbed-empty Dot Circle Download Dumbbell Edit eject Horizontal Ellipsis Alternate Horizontal Ellipsis Vertical Ellipsis Alternate Vertical Ellipsis Envelope Envelope Open Envelope Square eraser Euro Sign Exchange Alternate Exchange exclamation Exclamation Circle Exclamation Square Exclamation Triangle Expand Alternate Expand Expand Arrows Alternate Expand Arrows Expand Wide External Link Alternate External Link External Link Square Alternate External Link Square Eye Eye Dropper Eye Slash fast-backward fast-forward Fax Female Field Hockey fighter-jet File Alternate File Archive File Audio File Check File Code File Edit File Excel File Exclamation File Image File Medical File Medical File Alternate Minus File PDF File Plus File Powerpoint File Times File Video File Word File Film Alternate Film Filter fire fire-extinguisher First Aid flag flag-checkered Flask Folder Folder Open font Football Ball Football Helmet Forklift forward Frown Futbol Gamepad Gavel Gem Genderless gift Martini Glass Globe Golf Ball Golf Club Graduation Cap H Square H1 Heading H2 Heading H3 Heading Hand Holding Box Lizard (Hand) Paper (Hand) Peace (Hand) Hand Pointing Down Hand Pointing Left Hand Pointing Right Hand Pointing Up Pointer (Hand) Hand Receiving Rock (Hand) Scissors (Hand) Spock (Hand) Handshake Hashtag HDD heading headphones Heart Heartbeat Hexagon History Hockey Puck Hockey Sticks home hospital Hospital Alternate Hospital Symbol Hourglass Hourglass End Hourglass Half Hourglass Start I Beam Cursor Identification Badge Identification Card Identification Card Alternate Image Images inbox Inbox In Inbox Out Indent Industry Alternate Industry Info Info Circle Info Square Inventory italic Jack-o'-lantern key Keyboard Language Laptop leaf Lemon Level Down Level Down Alternate Level Up Level Up Alternate Life Ring Lightbulb Link Turkish Lira Sign List List Alternate list-ol list-ul location-arrow lock Alternate Lock Lock Open Alternate Lock Open Alternate Long Arrow Down Alternate Long Arrow Left Alternate Long Arrow Right Alternate Long Arrow Up Long Arrow Down Long Arrow Left Long Arrow Right Long Arrow Up Low Vision Luchador magic magnet Male Map map-marker Map Marker Alternate Map Pin Map Signs Mars Mars Double Mars Stroke Mars Stroke Horizontal Mars Stroke Vertical medkit Meh Mercury Microchip microphone Alternate Microphone Microphone Slash minus Minus Circle Minus Hexagon Minus Octagon Minus Square Mobile Phone Alternate Mobile Mobile Android Alternate Mobile Android Money Bill Money Bill Alternate Moon Motorcycle Mouse Pointer Music Neuter Newspaper Medical Notes Object Group Object Ungroup Octagon Outdent Paint Brush Pallet Pallet Alternate Paper Plane Paperclip paragraph Paste pause Pause Circle Paw Pen Alternate Pen Pen Square pencil Alternate Pencil Pennant Percent Phone Phone Slash Phone Square Phone Volume Pills plane Alternate Plane play Play Circle Plug plus Plus Circle Plus Hexagon Plus Octagon Plus Square Podcast Poo Portrait Pound Sign Power Off Prescription Bottle Prescription Bottle Alternate print Procedures Puzzle Piece qrcode Question Question Circle Question Square Quidditch quote-left quote-right Racquet random Landscape Rectangle Portrait Rectangle Wide Rectangle Recycle Redo Alternate Redo Registered Trademark Repeat Repeat 1 Alternate Repeat 1 Alternate Repeat Reply reply-all Retweet Alternate Retweet road rocket rss RSS Square Ruble Sign Indian Rupee Sign Save Scanner Scanner Keyboard Scanner Touchscreen Scrubber Search Search Minus Search Plus Server Share Share All Alternate Share Alternate Share Square Share Square Shekel Sign shield Alternate Shield shield Ship Shipping Fast Shipping Timed Shopping Bag Shopping Basket shopping-cart Shower Shuttlecock Sign In Alternate Sign In Sign Language Sign Out Alternate Sign Out signal Sitemap Horizontal Sliders Square Horizontal Sliders Vertical Sliders Square Vertical Sliders Smile Smoking Snowflake Sort Sort Alpha Down Sort Alpha Up Sort Amount Down Sort Amount Up Sort Down (Descending) Sort Numeric Down Sort Numeric Up Sort Up (Ascending) Space Shuttle Spade Spinner Spinner Third Square Square Full Star Exclamation Star star-half step-backward step-forward Stethoscope Sticky Note stop Stop Circle Stopwatch Street View Strikethrough subscript Subway Suitcase Sun superscript Sync Alternate Sync Syringe table Table Tennis tablet Alternate Tablet Tablet Android Alternate Tablet Android Rugged Tablet Tablets Tachometer Alternate Tachometer tag tags Tasks Taxi Tennis Ball Terminal text-height text-width th th-large th-list Thermometer Thermometer Empty Thermometer Full Thermometer 1/2 Full Thermometer 1/4 Full Thermometer 3/4 Full thumbs-down thumbs-up Thumbtack Ticket Alternate Ticket Times Times Circle Times Hexagon Times Octagon Times Square tint Toggle Off Toggle On Trademark Train Transgender Alternate Transgender Trash Alternate Trash Tree Tree Alternate Triangle trophy Alternate Trophy truck TTY Television Retro Televison Umbrella Underline Undo Alternate Undo Universal Access University unlink unlock Alternate Unlock Upload US Dollar Circle US Dollar Square User Alternate User User Circle user-md Add User User Secret Remove User Users Utensil Fork Utensil Knife Utensil Spoon Utensils Alternate Utensils Venus Venus Double Venus Mars Vial Vials Video Volleyball Ball volume-down volume-mute volume-off volume-up Warehouse Warehouse Alternate Watch Weight Wheelchair Whistle WiFi Window Alternate Window Window Close Window Maximize Window Minimize Window Restore Won Sign Wrench X-Ray Yen Sign Facebook Twitter Instagram LinkedIn LinkedIn In