3 Ps of Franchise Cyber Security
December 1, 2021 •First Franchise Capital
According to a 2019 report released by Cybersecurity Ventures, cybercrime is the biggest threat to business. Additionally, they predict cybercrime costs will exceed $6 trillion by the end of 2021. This increase in cybercrime may leave many franchise owners wondering what they can do to prevent cyberattacks. Fortunately, no matter the size of your business, there are three strategies you can implement to defend against cyberattacks – protect, plan, and practice.
The first step is to determine what is most vital to your franchise and put controls around those assets. For example, in your franchise , financial information or client data might be the most crucial aspect of your business. A hierarchical list of what is most important to your organization will give you a roadmap to building your cyber defenses.
Make sure you have layers of defense. Nick Ritter, Chief Information Security Officer of First Financial Bank, explains, "So, I've got a piece of Swiss cheese, and it's got a bunch of holes in it. I put another piece of Swiss cheese on top of it, and it's got holes on it as well, but the holes don't overlap. By the third piece of Swiss cheese, it's a solid piece of cheese." In the same way, layers of defense are best when combined with other layers to protect the inner circle of your most important assets.
There are several tools already available to franchise owners to defend against cyberattacks. Nick recommends, "The Microsoft Window's operating system has an excellent tool called Defender built into it. There's also CrowdStrike and Carbon Black that you can get for about a $10 monthly subscription. Those software options tend to be more effective against more modern ransomware."
Once you have determined what is most important, develop a plan that details how to handle cyberattacks and partner with experts in cyber security. Think about a worst-case scenario and ask yourself, how would you react if your franchise were to succumb to a ransomware or business email compromise? Having a plan before the attack happens will mitigate loss. To help small businesses create a plan, the Federal Communications Commission provided a Cyber Security Planning Guide.
Additionally, partner with experts in business cyber security to help you develop a reaction plan which incorporates best practices that are applicable for your organization. Nick suggests companies should have a reliable security professional to talk to who understands their business and can give them practical solutions.
Practice good hygiene when it comes to cyber security. Some of the best ways to prevent and combat cyberattacks are through dual controls, password protection, multi-factor authentication, and awareness.
One way cybercriminals target businesses is through email compromise. For example, the hacker, who impersonates a trusted person, sends an email to an employee that reads, "I'm away from my desk right now. Please wire $10,000 to this account right away." If the company does not have dual controls in place, the employee could wire the money without a moment's hesitation. However, with dual controls requiring two individuals to sign off on a transfer, there is an increased chance the business will not succumb to the fraudulent wire hack.
Another practical approach to cyber security is proper password storage. Nick says, "Passwords should not be shared. Make sure they're really complicated, so people don't memorize them. And it’s really important to store them in a password vault." Apps like 1Password are available for a small monthly subscription fee. Change your passwords frequently, so if someone attempts to log in as you, the password is incorrect.
Multi-factor authentication is crucial to prevent cyber hacks should your passwords become compromised. According to the Verizon 2021 Data Breach Investigations Report, 61% of breaches involved credential theft. Adding layers of identification helps ensure only authorized users access the most vital data in your company.
The final aspect to practice is awareness. If something doesn't feel right, it probably isn't. Be extra cautious when providing personal information like social security numbers, tax identification, or contact information. Make calls directly to the company to verify the validity of the person or organization asking for your information.
There are a lot of issues facing franchises today, and it can be challenging to prioritize cyber security. However, cyber security applies to small and large companies, and no one managing a business should avoid addressing this issue and topic. Business cyber security is a global issue that affects every business, no matter the size or industry. Fortunately, adherence to the three Ps will increase your chance of defending your company against cybercrimes.
First Franchise Capital does not make any representation as to the accuracy of materials presented in any webinar, whitepaper, vlog or blog, nor legal or financial information contained therein. Third party advertisements, links or presentations are not endorsements or recommendations by First Franchise Capital. Any materials presented are for informational purposes only. They are not offered as and do not constitute an offer for a loan, professional or legal advice or legal opinion by First Franchise Capital and should not be used as a substitute for obtaining professional or legal advice. The use of any materials, including sending an email, voice mail or any other communication to First Franchise Capital, does not create a relationship of any kind between you and First Franchise Capital.