Union Bank® for Business

Your Business and Cybersecurity

According to the Verizon 2019 Data Breach Investigations Report, 43% of data breaches affect small business. Due to their size, small businesses often do not have the resources to focus on cybersecurity. But they still handle large amounts of business and consumer data. This makes them a prime target for cybercriminals. If affected, a cybersecurity or data breach incident, can put a company out of business.

We’d like to help you.

Consider these 4 areas to help you “cyber-secure” your business:

Be ready - Strategy and Policies

  • Set and enforce cybersecurity-related policies, such as proper usage of devices. Assess cybersecurity as a legal and business risk; discuss the subject with lawyers and insurance providers, as needed.
  • Create a plan in case of an incident: How to stop or mitigate an issue; how to solve it (employing outside expertise?); whom to report (authorities, industry regulator?); how to inform affected parties and manage consequences.
  • Use only reputable third-party services (e.g., banking, tax advisory), and technology vendors (e.g., Internet provider). Include cybersecurity as part of your third-party vetting process (e.g.: ask about their cybersecurity and privacy-related measures, and establish liability, especially if the third-party is handling sensitive or consumer information).
  • Invest in an IT and cybersecurity expert that keeps an inventory of your digital assets, manages software updates and users’ access to those assets on a “need-to-know basis,” and manages your external website if you have one.

Be protective - Devices

  • Protect all devices with antimalware and antivirus software, and back up your data. Keep all company software up to date with the latest versions and security updates.
  • Offer general IT and cyber training: Train employees to recognize malicious software in their devices (e.g.: sudden slowness). Educate employees to recognize fraudulent communications, such as malicious emails or text messages, and to not click on links or attachments nor reply to them.
  • Create procedures on company devices limiting personal usage as general online browsing unknowingly can lead to malicious websites: Train employees to closely look at links before clicking, and to avoid clicking on shortened links. Prohibit downloading content for personal use on company devices.
  • Have policies for the use of personal devices for business reasons: Business-related tasks such as email can only be done on the company-approved app.
  • Cybersecurity and physical security are connected: keep devices locked and docked, protect access to facilities and secure paper records. Always shred documents when disposing of them.

Be secure - Networks and Online Accounts

  • Protect your network (i.e.: have a firewall), and change the default network names and passwords to unique, hard-to-guess passwords.
  • Have a different network for customers or visitors from the one in which you conduct your business.
  • If your business has a website/app that processes payments or other sensitive information make sure that it is encrypted (e.g., following the Transport Layer Security (TLS) protocol).
  • Secure all online accounts with lengthy unique passwords and enable, if possible, some form of 2-factor authentication where the user must enter an additional code to access the account.
  • If your business leverages social media for marketing purposes manage the security and privacy settings of the accounts. Be cautious with the type of information you share in those channels.

Be compliant - Data Privacy

  • Follow the regulations to protect data as required by your industry. If you hold any personal health information, for example, you need to follow the provisions of the Health Insurance Portability and Accountability Act (HIPAA).
  • Enforce local, national and even international data laws, such as the California Consumer Protection Act (CCPA), and the European Union’s General Data Privacy Regulation (GDPR).
  • Set processes to keep data, particularly consumer, sensitive business, and payment information, secure. Use secure and reputable point-of-sale systems (lately they have been a target) and actively monitor issues.
  • For proper implementation of regulations, consider getting expertise from a compliance officer or auditor/lawyer with a specialization in privacy and digital data.