Electronic payments are essential and normal components of conducting business today. Practicing safe habits for electronic payments can prevent fraud, loss of money and cyberattacks. As more businesses establish their online presence, hackers have become more sophisticated in their attempts to steal information and money from businesses. Having well-trained staff that can recognize malicious attempts like phishing, ransomware, etc. is crucial in preventing scams. Familiarizing yourself with the best practices for electronic payments will help you conduct business transactions online while avoiding any mistakes that can lead to loss of capital. Some best practices for electronic payments include:
Train employees to identify phishing emails: Hackers can use any public information about your business to send customized phishing emails to your employees. For example, if your website lists the clients you work with, a hacker can disguise themselves as an employee of one of your clients seeking payment for a project. This can lead to them sending fraudulent invoices, wire transfer requests and more. Always verify with an executive, manager or a person in charge before sending any money.
Authenticate before sending a large payment: Authenticating the receiver’s information before sending a large payment is vital to avoid fraud, mistakes and loss of money. Any small differences in emails, wire numbers and other details can result in a completely different person receiving the money. It’s important to talk with the receiver and clarify their information and state when they should receive the payment. Some ways to do this can include sending a text, phone call or email before sending the payment.
Have a process of sending/receiving payments: A well documented and defined process for payments is a great way to establish a uniform method for payments within your business. This allows everyone working with payments in the organization to be on the same page; any mistakes, changes and strange actions can be recognized easily if the same process is being used for all payments. This also helps onboarding any new employees in regards to payments within your business.
Use Account Alerts: Some banks and financial institutions give customers the option of having account alerts on their checking and saving accounts. Account alerts notify your business when there’s any unusual activity happening in your bank account; this can include large payments, overdraft fees, payment reminders and more. Account alerts basically serve as two-factor authentication for your bank account. It allows you to report any strange activities quickly to prevent permanent loss of funds if something is stolen. Ask your bank if they provide a similar service; most banks like Wells Fargo, Chase, etc. provide these services for free.
A firewall network serves as the first line of defense for all incoming and outgoing web traffic. Depending on the restrictions set by a company, employees can’t access certain websites. Configurations for firewalls that companies can use for their networks can protect employees from accessing harmful sites that can lead to phishing, malware, etc. The purpose of the firewall is to minimize the amount of harmful communications entering your business’ network while maximizing legitimate communications. Firewalls can be hardware, software or cloud based; depending on the type of firewall chosen, there are different benefits and drawbacks. Some of the types of firewalls include:
Packet-filtering firewalls: Packet-filtering firewalls are the oldest and most basic form of firewalls. These types of firewalls create a checkpoint at a switch or traffic router; the firewall does a check on the data packets (units of data) that come through the router. This checkpoint provided by the firewalls looks at information like the sender IP address, destination, packet type and more. Packet-filtering firewalls are pretty simple and don’t have a great impact on the network’s performance. They are good firewalls to start off with, but it can be bypassed in comparison to other stringent firewalls.
Circuit-level gateways: Circuit-level gateways is another simple firewall that gives access or denies traffic without compromising performance. These gateways work by authenticating the transmission control protocol (TCP) handshake. This a good basic barrier, but if a data packet were to have malware and had the correct TCP handshake, it would pass through the circuit-level gateway. This is why circuit-level gateways alone are insufficient in protecting a business. Circuit-level gateways are relatively inexpensive and maintain privacy for data going in and out of private networks.
Stateful firewalls: Stateful firewalls combine both packet inspection technology and TCP handshakes. This combination provides a level of protection that surpasses other technologies on their own. Stateful firewalls are able to block cyberattacks that target protocol vulnerabilities; stateful firewalls can also work with fewer open ports which reduces the attack surface. Additionally, these firewalls are able to various types of denial-of-service attacks. Some drawbacks of stateful firewalls include the difficulty of skill required to safely configure the firewall, inefficiency against stateless protocols and the high processing overhead required to run it.
Application-level gateway: Application-level gateways, also known as proxy firewalls, work at the application level to help filter out traffic between your network and the traffic source. Application-level gateways are capable of detecting and blocking attacks that are not visible to the transport layers and OSI model network. Some difficulties with these types of firewalls include the difficulty required to configure and maintain them, the proxies required to set them up for each application and their high processing overhead.
14.5 billion spam emails are sent every single day; this accounts for nearly 45% of all emails globally. With this influx of spam emails being sent to businesses daily, it’s important to be able to recognize legitimate emails from fraudulent ones. Email is the primary communication method for most businesses, so this is a major target for hackers to send spam, phishing and other malicious emails. If an employee of a business opens one of these harmful emails, it can compromise all the email accounts in the whole organization. It’s important to train employees on the consequences of opening an illegitimate email. Some of the consequences include:
Phishing: Phishing is one of the main wanted outcomes from a spam email. Phishing is intended to gain personal information from the recipient like usernames and passwords. This can be used to target additional members within a company.
Malware: Malware is another popular outcome of a spam email. Malware is software that is designed to harm networks, servers or any other application a client uses. If an employee downloads any malware on a computer, it can lead to other malicious software like spyware, which can be used to steal data.
Ransomware: Ransomware is one of the most expensive outcomes from a spam email. Ransomware is a form of digital blackmail; in ransomware cases, the user’s data is encrypted by the hacker and they cannot access it until they pay the hacker a given amount of money. Ransomware usually happens through email, but it can also happen by visiting an infected website.
Red flags to watch out for:
Grammar issues: Many spam emails are sent from overseas locations and there are distinct language differences in how their emails are written. Normal, legitimate emails are not filled with various syntax, spelling and grammar issues; if you doubt the legitimacy of an email, don’t open it or click on any links provided. From normal senders your business works with, there is little or no attachments in any emails except for projects or contract related work.
Urgency to respond: Another red flag to watch out for is urgency to respond to the sender’s email. Majority of daily emails don’t prompt you to reply quickly or warn about consequences. The spammer/hacker who sent the email wants a response from you to establish trust and entice you to click on a link or send over personal information. It’s important to never share any personal information over email, especially to a sender you don’t know in real life.
Irregular time sent: It’s important to notice the time an email was sent to look for clues as to the location of the sender. Generally, if an email is sent from anywhere in the continental U.S., the time sent shouldn’t be more than 2-3 hours ahead or before your time. If an email is sent at obscure times like in the middle of the night or extremely early/late in the day, it can mean it’s sent from an international sender. Also, if the email address looks strange (many hyphens, dashes, etc.), it’s likely from a spam sender.
Educating employees on how to identify spam, phishing and malicious emails is the best defense for your business. A business with an educated and email-savvy staff is extremely unlikely to fall into every day spam traps and other scams related to emails. Some ways to educate your employees regarding email etiquette include:
In today’s digital world, customer data is one of the most valuable currencies. Unfortunately, that makes it an incredibly attractive t
Over 5 million people today are working remotely in the U.S.; this is equivalent to roughly 3.5% of the population. By all metrics, the future of work is trending towards remote work. Several factors like automation and travel for work are pushing remote work as a viable option for businesses of all sizes. As the workforce is going remote, it’s important to educate employees on safe WiFi practices when conducting work. Safe WiFi practices protect employees and businesses from cyberattacks like ransomware, malware and phishing.
Good practices for using WiFi for remote work include:
Plan for high speed/bandwidth: Many employees take the strength and capabilities of their work internet connections for granted. When working remotely, it is very likely that the WiFi connection employees are using for work is subpar to the connection at the office. This can be very problematic if there’s work that involves big files or downloads. This alone can slow collaboration and productivity among teams. It’s very important to check your router, network and WiFi to ensure you have the technical bandwidth to perform day to day operations like downloading files or collaborating on a project.
Avoid public/unsecured WiFi: Avoiding public and unsecured WiFi may seem intuitive, but this can be difficult for employees who are traveling. Planning on where to work from and the times you anticipate working can prevent hastiness and the urge to use public and unsafe WiFi for work-related activities. Also, remote workers who like to work from coffee shops and similar areas should be wary of the WiFi options available to them at those locations. It’s better to grab coffee and go to a secure location instead of assuming your local coffee shop has secure WiFi
Use a VPN/remote server: Using a VPN/remote server when using WiFi is a great additional layer of security and privacy. For remote workers who work with sensitive data like lawyers or doctors, a VPN may be obligatory to keep up with compliance needs like HIPAA. A VPN/remote server provides encryption for your communications while ensuring work documents and other sensitive data does not get leaked. Most employers can provide a VPN account for employees who are traveling or work remotely.
Separate private network from guest network: This is one of the most overlooked WiFi practices for both remote and onsite employees. Generally, when WiFi is setup at a home or office, there’s the option to create a guest network in your Wireless Access Points (WAP). This allows the guest network to have its own username and password that you can provide to anyone who visits you. This is important because anyone who’s connected to the same network you are has the ability to access your data. Separating the network you do work on from other networks is important for the privacy and security of your business.
Good practices for password management is one of the first defenses against breaches, hacks and any other form of cyberattacks. One of the best practices for password management is multi-factor authentication. Multi-factor authentication (MFA), also referred to as two-factor authentication (2FA), is an advanced security measure that prompts you to enter two credentials before accessing your account. The credentials needed can be a password or pin, fingerprint, text message code and more; by using two credentials before giving access, multi-factor authentication prevents anyone who knows just your username and password from accessing your account.
After logging in a few times with multi-factor authentication, your device (phone, laptop, etc.) is remembered; this allows you to sign in simply with a fingerprint or a different credential. When your account is accessed from a new, unrecognized device, multi-factor authentication will request two credentials before giving access.
Multi-factor authentication should be used any time you’re dealing with sensitive information. This can include your emails, health records, financial information or any work-related information. Generally, hospitals, banks and your place of employment can give you a step-by-step protocol of setting up multi-factor authentication for your account.
Multi-factor authentication provides:
Shield against negligence: Businesses are not immune to human errors like negligence, forgetfulness, etc. By using multi-factor authentication along with login credentials, there are two layers of security before accessing an account. This prevents third parties from gaining access because there is a second code or password required after entering the correct login credentials. Multi-factor authentication also alerts users if their account is being accessed from a new location or device. This multi-pronged defense that it provides protects businesses against most human errors like negligence.
Meets compliance requirements: For businesses working in sectors with strict compliance regulations, multi-factor authentication is almost a requirement. For example, companies working with important user data like health information should have extra layers of security before gaining access to data. Certain compliance regulations like HIPAA emphasize the importance of cybersecurity for health professionals; multi-factor authentication is an important tool that can be used to safeguard patient information.
Simplifies the login process: Multi-factor authentication simplifies the login process by using advanced login methods. Multi-factor authentication allows businesses the choice to use a single, sign in method like a fingerprint. This is very beneficial for employees who access their accounts from their smartphones; since their fingerprint is already on their smartphone, they don’t need to enter the username or password. The moment they use their fingerprint or phone password, they gain access to their account.
Less help desk complaints: Employees within a business contact the support team frequently for help resetting passwords, usernames and more. Nearly 35% of help desk calls are concerned with resetting account information. Multi-factor authentication resolves this issue by allowing the user to be in charge of resetting their own password information. With multi-factor authentication, one credential (text message code) can be used to reset the main credential (email). This allows any usernames and password changes to be managed by the user.
I really appreciate the speedy response and FDI team's understanding that getting us up and running as quickly and painlessly as possible is a priority. Thanks.
Fantastic support and expert knowledge. Outstanding.