Bill Keen is the Founder and CEO of Keen Wealth Advisors and the Best-Selling Author of Keen on Retirement.
getty
We’ve all had those situations when we open up our credit card bill for the month and see a charge on there for a purchase we didn’t make. Or we get the email asking for money from a trusted source that seems real — only there’s something off about it, leaving us unsure of what to do. Being the target of cyberattacks like these is scary, especially because of how vulnerable they make us feel.
Now, imagine that feeling, only it’s your entire customer base being targeted, not just you. That’s the reality of owning a business in 2021. It’s no longer IT companies or Silicon Valley startups that need to worry about cybersecurity. Everyone — and I mean everyone — who owns a business now has a responsibility to understand the basics of cybersecurity. The threats from cybercriminals are simply too numerous, persistent and complex to ignore.
As a business owner myself, this is an area I have been focused on. Over the years, I’ve been diligent about doing what needs to be done in order to keep our clients safe. But I also understand that cybersecurity can be a little daunting for some. With that in mind, here are a few steps I would recommend that have been helpful for my company.
Where Can You Add Extra Protection?
Think about it: If you work your whole life to save money, stick to your budget and do everything right, only to have a scammer swoop in and steal a big chunk of your wealth, that would be awful, right? It makes my heart ache just thinking about that outcome, which is a possibility if you aren’t taking measures to protect yourself.
So, the first step in a successful approach to cybersecurity is the right mindset. A breach or an attack doesn’t just affect you or your business; it affects your clients. That’s why you must take cybersecurity seriously — out there somewhere, you can assume there are hackers taking it seriously.
With the right mindset, you can easily see extra steps that are simple for you to take but have a tremendous impact. For example, at our firm, we require a verbal confirmation from a client before we will move their money. Emails won’t suffice; those are too easy to mimic nowadays.
Think your customers might be annoyed having to call for big moves involving their money? Think again. I’ve never had a client complain about this extra step. Not once.
We use this same system inside our business, as well. Nobody in our human resources or payroll departments can make a payment without first verifying it with me or another responsible party. That way, we avoid situations where seemingly genuine-looking calls or emails catch people off guard.
Invest In Your Success
Even with these safeguards in place, don’t rest on your laurels. One piece of advice I would give to business owners: find an established company you can partner with on your cybersecurity. There will come a point when you can bring this in-house, but until then, don’t skimp on this expense. You wouldn’t skimp on hiring or product development, would you?
To stay ahead of today’s cybercriminals, you need professionals whose full-time job is to stop these criminals in their tracks. Hackers today are so sophisticated, and the opening they need is so small; it’s difficult to manage this kind of thing on your own.
Switching gears a bit, be thoughtful about the vendors you select because, oftentimes, those vendors will have access to the sensitive information of your customers. Think of your customer relationship management (CRM) software, for example. Before making a selection, ask to see their policies regarding cybersecurity. Who are they working with to stay on top of their security? Have they had any attacks recently, and if so, how did they deal with them? What kind of recourse is available in the event of a breach?
These are all questions I recommend asking before deciding on a vendor. Like many choices in life, it’s best to have all the information upfront, rather than finding something out the hard way.
The Weakest Link In Cybersecurity: People
If you’re a business owner, you know your people are your greatest asset. Your long-term success will hinge on the team you put in place. But when it comes to cybersecurity, it’s important to acknowledge that people are actually your greatest liability.
No, your people aren’t trying to intentionally hurt you. It’s just that, over time, they’re likely going to slip up and click on things they shouldn’t click on. And with that one click, a piece of malware is downloaded or a breach is opened that allows hackers to sneak in and wreak havoc.
That’s why it’s important to run mock “cybersecurity trials” with your team on a regular basis. Hire an IT team or task yours with testing team members to see if they’ll click on a fraudulent link. Tell them upfront, of course — you’re not trying to put them in a “gotcha” situation.
Monitor the results and coach employees just as you would on any other area of their performance if they fall short during those tests. Also, require all employees to log onto the internet from their work computer using a virtual private network (VPN). This will provide an extra layer of protection, especially if they use their laptops outside of the office.
If all this sounds like a lot of work, that’s because it is. But the reward is well worth the effort you’ll invest. Remember, all it takes is one click for your security to be breached.
Forbes Finance Council is an invitation-only organization for executives in successful accounting, financial planning and wealth management firms. Do I qualify?
Follow me on LinkedIn. Check out my website.