The recent rash of cyber attacks and malware, including the ‘wannacry’ attack which affected organisations around the world including the NHS, has been a cause for concern for businesses across the UK and globally. Whether you’re a large multi-national corporation or a small-medium enterprise (SME), it’s impossible in 2017 to hide from the fact that you are a viable target for such electronic attacks, and that the results of allowing this to happen could be catastrophic.
The difference is that as a small business with fewer information security resources at your disposal, you are in many ways more vulnerable than your larger counterparts, and may be a target for such attacks because you are perceived as being vulnerable. This was highlighted in a recent article by fortune, which details a, “growing trend in which sophisticated cyber criminals are eschewing big financial institutions in favour of softer targets.” One example given recounts the tale of a small US tech startup who had more than $1m siphoned from their accounts by hackers, never to be recovered.
The article goes on to say that, “mid-tier firms, now the targets of hackers of all strips, can be defined as companies that lack resources for chief security officers, and other full-time defense operations.”
So, what are the potential threats to SME’s financial security? These include:
- Malware, ransomware and viruses that can infect computers, steal information (including financial account details) hold data to ransom and otherwise interfere with normal operations.
- Phishing – Tricking employees into handing over passwords and account details via email and other channels, or tricking them into directly transferring money to bogus accounts.
- Using key loggers and other covert software to steal passwords and other account details
- Direct hacking into company systems
How to stay secure despite a lack of resources
One of the key barriers to protecting your business’ financial data and documents in this new age of cyber crime is that as a small business you have very limited resources to throw at the problem. However, while you may not be able to afford the high-end cybersecurity troubleshooters and solutions that big businesses put in place, you can still do plenty to protect your business on a budget. It‘s all about having good document security procedures in place, as follows:
- Have a document management security policy – You need to control who has access to which financial documents, therefore you need a system of classification, e.g.:
– Restricted – The most sensitive and tightly controlled data. All financial documents should be restricted. Always be fully aware of who has access to this data
– Confidential or Private – Less sensitive, but only relevant departments should have access
– Public – Not sensitive and access is not controlled. General documents which do not pose a risk.
Once you have a document security policy in place, train staff to make sure that everyone is aware of the seriousness of confidentiality. You should also organise your folder structure so that documents with similar levels of security are kept together, making it easier to see what is/isn’t secure
- Shred sensitive paper documents that contain financial data and details when no longer needed
- Avoid sharing sensitive financial documents on personal email accounts. Use a secure cloud service instead to store and share files.
- Add passwords – Once you have determined different levels of security, you will need to add a password to documents as required. It is important that different passwords be used for different functions, to further protect your security.
- Use Microsoft RMS – Rights management services can be used to restrict access to people that don’t work for your company, and restricts people sending documents in an email or printing documents.
- Redact information – When sharing financial documents digitally, use a tool like Power PDF to redact (or censor) sensitive information.
- Utilise e-signatures – Nuance’s Power PDF can add an electronic signature and date to your financial documents, which when in place lets you know that your documents haven’t been tampered with.
If you use the right tools, there’s no reason why you shouldn’t be able to effectively protect your business from cyber threats. Power PDF enables you to do all of the above on a slim budget, giving you peace of mind and protection. Try a free trial today.