Businesses today rely on apps and systems, and it’s important that you can trust that they keep your data safe. But how do you know how safe and secure they are? And what would happen if an unauthorised person got access?
We’re starting with a disadvantage, in that you need your systems secure 100% of the time, whereas fraudsters only need to get lucky once. And with today’s interconnected world, they could gain access to customer data, business information and even your bank accounts. So security really matters.
Internet security firm Norton predicts that with a toughening economic outlook, fraud and scam attempts could increase during the next year. Staying vigilant will be the key to protecting yourself and your customers.
In this post we outline;
- Why we all need to think about security
- What problems can a lack of security cause?
- What security systems do apps use?
- How do fraudsters get access?
- What to do about it
<br>
Why we all need to think about security
Most people today are relatively security conscious – but not all of the time.
This provides the key to what scammers and fraudsters rely upon. Not everyone is vigilant all of the time.
Fraudsters only need to get lucky once and you could have a major problem on your hands. Or worse, several major problems all in one.
The most important asset to a fraudster is information. If they can get company information they have a way in, and from there they can start to work on your systems.
<br>
What problems can a lack of security cause?
The first and most obvious problem that fraudsters cause is that they steal money.
If they can gain access to your banking systems then they can divert funds wherever they like and this is the area that most companies concentrate their security upon.
But it is not the only area that could come under attack and you need to have a view of security across all of your systems.
An attack might not just be a straightforward theft. A denial of service attack shuts down your systems until you pay a ransom which was exactly the type of attack that caused problems for the NHS.
Attackers might choose to steal information. This is then either sold on to other fraudsters or released into the public domain. Both of these could be damaging not just financially but also from a reputational point of view.
A release of customer information is also a data protection breach, so in addition to the loss of trust, you could face action from the ICO.
So the damage that attackers can cause varies from case to case which means that it is vital to secure your systems.
<br>
What security systems do apps use?
The most obvious security system that an app will use is a password. Each app will have its own version of what that must consist of. Unfortunately, some don’t enforce strong password protocols which makes them easier to crack in the future.
A strong password is a vital first step to protecting your information. The general rule is that your password should be at least 11 characters and include a mix of numbers and special characters as well as both upper- and lowercase letters. Such a combination would take up to 41 years to breach!
Some apps will use device features such as face or fingerprint recognition. Biometrics are a good way to secure a device but usually aren’t available on desktop machines.
Some apps will enforce Two-factor Authentication(2FA) or Multi-Factor authentication (MFA). In the former, a password will also be supplemented by another piece of information such as a favourite place or a pet's first name. In the latter, another device can be used like sending an sms to your phone or calling to check if it is actually an authorised user logging on.
Caxton uses password protection as well as two-factor authentication. In addition to that, we also have a set of conditional access requirements which mean that even in the event of a fraudster getting a hold of your password and breaching 2FA, there is an additional layer of security.
We also inherently understand that in order to keep our customers safe from fraudsters, we need to always be one step ahead. That’s why new security features for the Caxton apps are in continuous development, and will be rolled out when appropriate.
<br>
How do fraudsters get access?
Many people think that fraudsters gain access to systems by using high-tech methods to crack networks but actually, the majority of security breaches are achieved in low-tech ways.
Put simply, someone accidentally gives the fraudsters their password or enough information to work out what it is.
This usually happens for one of three reasons.
The first is that the company itself hasn’t emphasised how important password security is and instituted all the correct protocols.
Secondly, people have a large number of different apps all requiring passwords and so the person concerned uses the same password across all of their systems. This greatly increases the risk that fraudsters will have their “lucky break”.
Thirdly, the company has a lot of apps but the person uses different passwords and then stores them insecurely either on a sticky on their desk or on an insecure online notepad or word processor.
<br>
What to do about it
The first thing to do about security is to get serious about it. Implement training, make sure your systems are set up correctly and lead from the top. Ensuring you have a culture of cyber security is the fastest way of ensuing your employees are as dedicated to data security as you are.
Next, stop diluting your information across so many apps, especially where important functions like financial information and payments are concerned. The more SaaS solutions you use, the more likely it is that your employees will find ways to circumvent the system to do their jobs more quickly.
Also, only choose apps that have the highest security standards built in.
Alongside this make sure that you have required password changes every so often. Companies usually use 30 or 45 days for a password refresh.
A good way to ensure that passwords don’t get hacked is to integrate all of your systems using a highly secure API. Systems linked in this way talk directly to one another and don’t need anyone to log in each time they want to make a transaction.
Remember that the more systems you have the more ways the attacker can find to get in.
<br>
Don’t put it off!
In summary, an attack by a malign party can really cripple your business and even the largest organisations can fall prey.
The attacker only needs to get lucky once to cause irreparable damage to your business, so make sure you take security seriously.
Reduce the number of apps you have to reduce the number of vulnerabilities and make sure your people aren’t storing their passwords insecurely.
For your payments, outsource your security to Caxton and collect all your payment needs on one platform.
As a financial business, data security is embedded in our DNA. Our customers need to be able to trust that we are doing everything we can to ensure the security of their data, and their money. That’s why we never stop searching for more ways to keep our customers’ data safe.
Caxton can handle all of your payment needs from Payroll to Accounts Payable, from Treasury to Expenses. And with our proprietary API, there’s no end to how we can securely connect your finance functions, eliminating the need for multiple apps with separate logins.
Contact us now for a no-obligation chat about how Caxton could make your business payments more secure.
<br>
Was this article useful? Try:
Cyber security is at the core of Caxton Payments and our CEO, Rupert Lee Browne, often gives talks on the subject. If you're interested in how important cyber culture is for a business, check out Rupert's speaker page where he regularly gives insight into the topic.
Caxton Payments is an alternative to traditional banks, established over 20 years, we help businesses make faster payments more reliably. We offer streamlined processes, automation through API and a collaborative solution to complex payment issues all from a single platform. Our payment capability extends from business expense management, to payroll payments, supplier payments, and currency risk management. We also offer personal prepaid travel cards and international money transfer.