The pandemic caused businesses to shift operations online practically overnight, which included the adoption of digital, modern payment solutions for both enterprises and small businesses. As digital transformation remains prevalent in this modernized landscape, cyber crimes have made advances into these digitized frameworks. In the last year, there were nearly 400,000 cases
of credit card fraud in the U.S. alone. On top of that, the FBI Internet Crime Complaint Center’s
(IC3) most recent report showed an increase in reported incidents of not only credit card fraud, but also phishing, ransomware, non-payment/non-delivery, identity theft, denial of service and other crimes. As criminals continue to seek out savvier ways to reach victims and exploit vulnerabilities, the number of cyber attacks will only continue growing.
Here are five best practices for businesses to implement, safeguarding users from falling victim to a cyber attack.
1. Data Backups: Keep reliable and secure copies of important data that aren’t just replicas.
We have all experienced accidently deleting information from a document we may have spent hours on. Typically the fall out of this mistake is having to re-write or re-do whatever we were originally working on. While this is a minor inconvenience, the consequences aren’t always damaging or harmful.
However, when it comes to an enterprise-level scenario, the impact of losing critical data can be detrimental to your company and customers. Unfortunately, the rise in ransomware attacks has only escalated rates of criminals deleting or encrypting data to hold ransom for excessive amounts of money or other collateral. Even if the ransom is paid, it still doesn’t guarantee the bad actors will return the data or stolen information.
By ensuring you have a verifiable backup of critical data, you can avoid costly attacks on business. A common mistake when it comes to data backups is the reliance on a single replication. Replicated data is only kept in sync between various data warehouse locations like Box or Google Drive. The downfall of replication is if the primary copy is encrypted, deleted or corrupted, the replica will follow suit.
Unlike replication, an offline or non-addressable backup is protected against attackers and ensures that you can restore the data to a recent point in time. It is critical for businesses to routinely test backup restoration processes to verify data hasn’t been lost.
2. Secure Authentication: Ensure you know who has access.
In our digital world, there are many ways for individuals to fake their identities online. Failure to put secure authentication into place on your application can be equivalent to a stranger going through your personal belongings and having access to private information. It is essential to know who is signing up for your application and that they’re not doing so to harm others. Having processes in place to verify the identity of individuals accessing sensitive information or money grants greater visibility into who needs access to certain information and people are who they say they are. Authentication is considered a cyber security best practice to mitigate the risks of perpetrators having access to sensitive information.
Some of the different types of authentication include email validation, multi-factor authentication and even biometric verification.
3. Encryption & Hashing: Protect sensitive data in a variety of locations.
We must be vigilant when we store sensitive information such as dates of birth, addresses, bank account numbers, social security numbers and any other identifiers or qualifications that can grant access to identity or money. Similar to leaving a post it note with your passwords right next to your laptop, having this sensitive information unguarded increases the chances of being compromised and used against you. All it takes is a single incident to create a long-lasting impact for the worst.
To prevent such occurrences from happening, sensitive information must be encrypted or hashed before it is stored or transmitted. Passwords should never be stored in a reversible form, or out in the open for perpetrators to see over your shoulder. Hashing is used to eliminate bad actors from reconstructing information, typically useful for the former example while encryption applies to the latter as it hides the information’s true meaning and reduces the risk of being obtained by converting information into secret code.
4. Surveilling & Monitoring: Pay attention to what’s occurring.
Just as a store clerk monitors for potential theft, you should monitor for cyber breaches. Watch for signs of these breaches, which can include someone guessing passwords or usernames and triggered alerts or lockouts. Also take notes of individuals downloading a substantial amount of data from your system. All of these can be indicators that a bad actor is attempting to or already in your system.
Make sure to have advisable limits in place on individual activity and alerts turned on. Don’t be afraid to investigate potential aberrant activity when surveilling and monitoring your systems, even if it turns out to be who they say they are. Additionally, you should have sufficient logs of recent activity and access to investigate incidents, curtail damages of a breach or even prevent an attack.
5. Overseeing Vulnerability: Keep systems up to date.
Preventing vulnerabilities and maintaining your software system or application is a day-in and day-out responsibility requiring you to keep dependencies and updates current. One of the most common ways attackers creep into systems is through the exploitation of vulnerable systems. You can keep your own code secure and protected against cyber threats by using guidance like the OWASP Top 10. This ensures you are routinely updating dependencies and guarantees you’re not subject to vulnerabilities that could have been prevented in the first place.
For example, when using systems like a modern payments platform, making sure your side of the software is up to date with the latest versions can eliminate the risk of perpetrators intercepting and exploiting your money.
Keeping these best practices in mind in an evolving, digital world, can prevent attacks from happening and have an advantage over cybercriminals seeking users’ weak spots.
Benjamin Blakely is the Director of Data Intelligence and Information Security Officer at Dwolla.