Cyber security: How to protect your business

As reminders go, National Cyber Security Month, being observed for the 12th consecutive year this October, is a double-edged sword.

It reminds us first that this is a dangerous world and that there are bad actors out there.

If you doubt that, consider what happened to a top computer security outfit not long ago. A single employee ignored established procedures and opened an email attachment from an unknown source. The result was the infiltration of malware that compromised the company’s principal product. This, in turn, created a problem that took millions of dollars to fix.

Or consider the Silicon Valley firm with an employee who was taken in by an executive impersonation and wired nearly $50 million overseas, where it disappeared.

When you consider that these were sophisticated technology companies, you begin to wonder whether anyone can be safe.

In fact, however, we are not helpless. The positive message of National Cyber Security Month is that there are things we can all do to protect ourselves online. This applies to small businesses as well as to individuals and families.

As a business owner, your first step is to have a prevention plan in place, one that identifies policies and procedures that will reduce the risk of cyber-attacks. Where can you find help for creating a plan?

Consult online resources, such as the Small Biz Cyber Planner maintained by the Federal Communications Commission at “fcc.gov.”

Talk to your Internet service provider — many have services devoted to helping their business customers.

The company that provides your security software (and other software) can also help and may have special services for small businesses.

Talk to your banker. At City National, for instance, our treasury management specialists can help you identify ways to protect against cyber fraud.

A good plan will cover both data and network security. Procedures pertaining to email, mobile devices and the company’s Web site will be spelled out.

Once a plan is in hand, it’s time for the all-important step of educating employees. Actually, it’s more than education — it’s really a question of creating a culture of cyber-awareness and the willingness to comply that comes from understanding just how high the stakes are. Cyber security should be the focus of a continuing dialogue.

An employee who has been educated and who understands the risks is an employee who will delete suspicious emails instead of clicking on their attachments.

When the right policies and procedures are in place, well-informed employees will follow them. An employee who understands the breadth of wire fraud schemes in play is someone who is less likely to fall for a masquerade, and more likely to comply with procedures (such as enhanced authentication) designed to defeat the fraud.

As National Cyber Security Month reminds us, it can be done.

John Wilcox is the Nevada regional executive of City National Bank.