Commercial

Periodic Risk Assessment and Process Implementation Is the Key to Business Success

Jul 31, 2020

Trust is a big factor when it comes to running a business. The trust that your customers, vendors, and suppliers have in your business’s ability to keep their information safe can lead to more business in the form of new referrals or repeat business from existing customers. However, the task of keeping information secure is dependent on how your company continuously improves the identification and implementation of safeguards to mitigate security risks. According to the FBI’s Internet Crime Complaint Center’s (IC3) 2019 Internet Crime Report, “Business email compromise (BEC), or email account compromise, has been a major concern for years. In 2019, IC3 recorded 23,775 complaints about BEC, which resulted in more than $1.7 billion in losses”. Do not become a crime statistic – learn how to ensure that your business is doing everything it can to maintain trust with increased data security.

Identify and Assess

Being transparent and honest with yourself and your internal business processes is the first step to securing the safety of customer data. A periodic assessment of processes, operating systems, online applications, user access, and management controls will help to highlight vulnerable areas to prioritize for process creation or improvement. For example, a periodic audit of network access can help identify process gaps between your Human Resources department notifying and your IT Access Controls department when employees are reassigned or terminated.

Continuously Improve Protocols and Procedures

Purchasing, installing, and regularly updating anti-virus, anti-malware programs, and firewalls on all computers help to deter hacking threats. But not all threats come from outside sources. Implementing processes to manage and update user access is a low-cost method to help mitigate risk. Examples include enabling dual controls for exception review and decisioning review, separating access to and the responsibility of issuing checks, and having adequate office supervision to reduce unauthorized access to sensitive records.

Back Up Information

An act of god, in the legal sense, is defined as a natural hazard outside of human control, such as an earthquake or flood, for which no person or business can be held responsible. Regardless of how information could be lost, a process for regular and continuous data backups is a priority. Cloud storage options are becoming more affordable, easier to implement, and accessible remotely.

Develop a Contingency Plan

Recent economic disruptions have changed the way the world does business. Creating and updating a business continuity plan (BCP) is essential to managing your business during a natural disaster, a pandemic, or network compromises. If applicable, BCPs include plans to operate from alternate locations if a specific essential equipment is out of service. After creating a BCP, annual tests ensure that processes are relevant and up-to-date.

Educate Employees

By educating your employees on safe Internet practices, identifying phishing scams, and creating resolutions for technology issues, you can set up your employees for success in combating fraud while becoming better resources to help support customers and vendors in this endeavor. Including detailed and specific network security implementation plans in your annual business plan underscores the importance of network security to your business. Establishing employee expectations about their roles and responsibilities in protecting customer and business information starts with company values and culture. In addition to providing regular security training, requiring employee acknowledgment of security policies provides you with the confirmation of employee participation in meeting security expectations. This agreement should include directives and information for employees on how to report any suspicious activities to the proper management channels.

Protecting customer, vendor, supplier, and employee information is the foundation for building trust and business success. The risk of losing information and data will never fully disappear but implementing the best practices will prepare you for unforeseen circumstances. If you have any questions about how your business can start building better practices, the Axos Commercial Banking team is here to help. Contact our team by phone at 833-307-1542 or by email at [email protected] to learn more.