Digital scams like ransomware, phishing, and private data leaks have affected countless businesses over the past few years. So when you’re using online accounts and communicating with customers and clients, it’s important to keep these best practices in mind to prevent your business from being affected.

Business Email Compromise (BEC)

Business Email Compromise (BEC) is scam where criminals send an email message that appears to come from a known source making a legitimate request. These tips can help you avoid it:

• Recognize unusual behavior: Encourage your employees to watch for unusual or suspicious behavior, and say something if they see it.
• Use a secure email solution: Modern email applications may automatically flag and delete suspicious emails or alert you that the sender isn’t verified. This allows you to block certain senders and report emails as spam. Seek features like advanced phishing protection and suspicious forwarding detection.
• Use email authentication tools*: Consider working with a professional to make your email harder to spoof.
• Set up multifactor authentication (MFA): Make your email harder to compromise by turning on multifactor authentication, which requires a code, PIN, or fingerprint to log in as well as your password.
• Teach employees to spot warning signs*: Make sure everyone knows how to spot phishing links, a domain and email address mismatch, and other red flags. Simulate a BEC scam so people recognize one when it happens.
• Set security defaults: Your software administrators can tighten security requirements across the entire organization by requiring everyone to use MFA. Consider challenging new or risky access with authentication, and forcing password resets if information is leaked.
• Adopt a secure payment platform*: Look into switching from emailed invoices to a system specifically designed to authenticate payments. 
• Encrypt important information*: Secure your data by encrypting it to help prevent unauthorized access.

Consider reaching out to an information security professional if these steps appear overwhelming or out of your comfort zone.

*Advanced security knowledge or help from an information security professional may be required.

More resources can be found on the FBI’s website.

Password Protection

Another aspect of your business’s online security is you and your employees’ passwords. A secure password is difficult for others to guess through cyber attacks. Here are some tips to create a strong password:

• Avoid personal information: Avoid using personal information such as name, birth date, or address in your password.
• Minimum length: Shoot for a minimum of 12 characters. The longer the password the harder it is to guess. 
• Consider developing a passphrase: A passphrase is a sequence of words or other characters that is used. Passphrases are typically longer than passwords and can include a mix of letters, numbers, and symbols, but they are often composed of several common words strung together in a unique combination. Passphrases are considered more secure than passwords because they are more difficult for hackers to crack using brute force methods. 
• Don’t reuse passwords: Use a unique password for each account to prevent one compromised password from affecting multiple accounts. 
• Change or update passwords frequently: Consider changing your password every 3-6 months.
• Use a password manager: A password manager can create and store complex passwords, and make it easy to use different passwords for each account.

A secure password is only the first layer of protection. Consider setting up two-factor authentication when possible. Keep all devices and software up-to-date. Always be diligent about sharing personal information online. Reach out to an information security professional for additional help.

If you have any questions about your business, you can rely on your trusted Hills Bank advisor! Reach out to us anytime and we’ll be happy to help.

You can also schedule a meeting with a business banker.