Our previous blog examined the interplay between adopting new technology and opening cybersecurity risks. The question becomes—how do you build a defensive moat against the digital flood of ne’er do wells? After all, you can’t let all tech slip you by, even if adopting a new program means opening new avenues of risk.
Since Prime Capital is a heavy equipment leasing partner, we’ve seen numerous industries through risks and recoveries. We recommend you read to the end to get the most value from how we’ve seen experts like you protect their assets while maintaining a positive cash flow.
Cyber Insurance for Your Business
While cyber insurance seems like a natural first step, it does not necessarily guarantee a refund. Still, depending on your industry, it might protect you from the risk of client litigation over lost and vulnerable data and help you forensically identify the loss impact.
Think of it like going into a delicate operation. Insurance is essential when looking into the damage, but it won’t bring back the dead.
Technology for Cybersecurity
As the adage goes, fight fire with fire! But hold up—it’s not a one-stop solution.
The more tech you have, the more APIs, logins, and password recovery paths the crooks have to poke holes in. Every push for convenience should be met with software that makes you a less attractive target.
Think of it like a digital yin and yang. Besides the basic digital hygiene to ensure you’re not the lowest-hanging fruit to criminals (that means no passwords taped to monitors!), ensure that your teams actively keep up with safe practices like 2FA, secure password managers, and scheduled device checks. Besides those suggestions, common sense measures really are the best strategy.
Finance Technology—Is It Worth It?
I’m old enough to recall when I had to navigate a road trip using a paper map, and my mom didn’t have any way to reach me on a sunny summer Saturday. I’m not saying that was better, but no one could track me easily—not even the “bad guys.”
As a lender, I’ve seen nearly every fraud that can be committed. A good friend of mine lost his business and declared personal bankruptcy because an unscrupulous individual joined their team and scammed the company out of a lot of money. The individual turned out to be a well-known con artist and is currently serving a term in jail for the previous scam they committed.
Less scandalous, but probably very common and equally impactful, are the many businesses I know who have had bank fraud committed on them. One straightforward scam is when someone impersonates one of your vendors and innocently tells you they have changed banks, conveniently (proactively) providing you with the new bank information. How thoughtful! Before you know it, your team accepts the information, and the next pay cycle payment goes out to the scammer’s bank account and frequently ends up in another country where your bank cannot recall it.
Like many of you, I am a total convert to tech. I have always been an early adopter, and I genuinely believe that technology levels the playing field for the better. In my field of work, I see automation, reductions of manual inputs, and so much more. I can only imagine what you see as you look out at the movers and shakers of your industry. More people than ever qualify for loans and leases they rightfully deserve, all thanks to technological advances. It’s a new world, seemingly every year, and like you, I wonder if it’s moving too fast or if I’m falling behind.
Learning to Trust in Tech
Cloud-based measures and mobile adoption have certainly driven economic growth across the world. Plus, there are a ton more amazing things it has enabled. Access to finance and communication are economic building blocks. While I’m still on the fence about crypto, I think blockchain has fantastic potential—as does AI applied to fields like diagnosis in healthcare.
Still, there is always a tradeoff.
All the conveniences at our fingertips regrettably lead us down the rocky path of trading speed for trust. As discussed earlier, we may be too comfortable clicking links, downloading documents, and logging into online accounts to recognize our behaviours betraying us.
Trust is often our downfall. But people inherently want to trust others. It’s part of the social contract that allows us to live together in large groups. It’s beautiful when done right and terrifying when abused.
Our lenders probably receive multiple phishing scams in our business every single day of the year. A fraudster sends an email claiming to be from someone we know with either a malware attachment or a link to a fraudulent location, encouraging us to enter our security credentials.
If you’re familiar with this kind of email, you might smirk, knowing you’ve outsmarted it. However, if you haven’t received this email, know it is coming. Maybe faster than you think.
10 Tips for Preventing Cybersecurity Risks in Your Business
If only I had as much time to write new tips as criminals do to think of new scams!
- If you have staff who manage your vendor payables, train them never to accept email change requests to payable bank accounts. This one fraud has caused magnitudes of financial loss for companies, small and large. The best process is one in which more than one person validates banking and electronic payment credentials. Again, analog is good. Pick up the phone and call the number you know is trusted for that source.
- Invest in training to recognize phishing scams. Mimicking email addresses or typical business scenarios is second nature for fraudsters. We got a clever one last week from a company purporting to be an HR firm, and the email with the link looks like a new HR employee manual for our firm staff.
- Teams that are not trained to verify emails with links and documents embedded in or attached to them are highly prone to introducing malware and other kinds of attacks on your systems. Train your team to make a phone call to the sender before clicking or opening anything.
- Work with your IT provider to ensure your systems are backed up with a remote provider. This is especially important if you also have an e-commerce site. If you were managing your own IT, I recommend getting external support—the cost of your business going down or your data getting locked up by the bad guys could be exorbitant. Upkeep is much cheaper than paying off crooks.
- Passwords. Do not replicate them across all of your various online accounts. Be careful how you store them, and use a good password-keeping product from a reputable, well-known enterprise. Force the passwords on any of your business systems to change periodically and make your team choose new passwords. Teach them the importance of random secure passwords and make sure your protocols force diversity and change time frames.
- Two good tools are KnowBe4 and “Have I Been Pwned.” KnowBe4 is a very inexpensive subscription that allows you to do random testing of email phishing scams with your team. This improves everyone’s awareness and helps you find the most likely problems in the business. “Have I been pwned” scours the Dark Web and will expose whether your passwords have already been compromised through one of the many hacks of many companies that are not (always) disclosed publicly.
- Your most considerable risk is human error. People want to trust others; people are in a hurry to get things done. Staff work in distributed teams now, and that creates silos. It’s hard to train, and it’s hard to defend when everyone is alone in their space. Our suggestion? Talk about fraud all the time. All. The. Time.
- Make sure your tech team is applying security patches and that you are not ignoring technology investments and upgrades. Technology does go stale, and software companies stop supporting apps over time. That one-time investment you thought would be too expensive might be how your compromised system got taken hostage.
- Multifactor authentication should be the standard on every application, every external technology you use, and every internal tech tool that could expose vulnerable information. It is one of the only ways to add a layer of security to our valuable organizations.
- For the love of Uncle Ben, stop your friends from filling in those Facebook surveys telling everybody their mother’s maiden name and first pet name. I can’t think of a nicer way of handing the bad guys your password recovery clues.
Lending With Prime Capital
March madness will end with the final four, the best of the NBA and WNBA battling for supremacy on the court. Unfortunately for the rest of us, March madness in the fraud world is a year-round reality. Evil never sleeps. Myself? I love sleeping. Lying awake at night, worrying about cyber attacks and how a bad guy could take advantage of a moment of complacency on my part doesn’t sit well with me. So I’m going to keep on trying to make it harder for an ill-intentioned somebody to make my life miserable even for a day. And I hope you do, too.
For better safety, financing options for your expansions and equipment, or just an ally in your corner to help you grow your business, reach out to Prime Capital. No inputting of your SIN is required.