8 Action Steps for Protecting Data from Cyber Crime

November 18, 2021 | Mark Phillips


Fraudsters used to want cash. Now, they want data. 

Protecting money has always been hard, even before it became largely digital. But safeguarding cash doesn’t hold a candle to the challenge of protecting data. And, cyber criminals don’t discriminate; every business, organization and individual on the planet is at risk from sophisticated data grabs. 

That risk became real for many people in our community this year. Breaches at DMACC, Wolfe Eye Clinic, EFCO and New Cooperative (just to name a few) exposed private data and caused massive business disruption impacting thousands. 

While preventing attacks like these is a complicated and continuously evolving endeavor, there are some best practices we’ve seen work wonders for our clients. Here are several. 

IT Audits:

 Hire white-hat hackers to find and close doors otherwise open to the bad guys.

Password a Week:

 Enforce the changing of PINs, codes, security questions and other authenticators every seven days. 

 Press Charges:

Resist the “Iowa Nice” temptation to slap the wrists of employees who steal or misuse data. Make it known that internal data breaches will be taken as seriously as external ones. 

 Separate Accounts:

Disconnect payables and receivables, writing checks only from a payables account. Likewise, purchase computers, tablets or phones that are used only for banking or other data-dependent purposes. 

Dual Controls:

 Institute checks and balances within any system where employees or third-parties can access customer or business data. 

Go Slow:

 Train employees to be suspicious of pressure to act fast. This is a common tactic of cybercriminals who know that harried employees will often violate internal controls. 

Cyber Insurance:

 Avoid “silent cyber” issues by buying policies that expressly cover losses related to data breaches and other cyber intrusions.   

 Change it Up:

Emulate old-school robbery training by instructing employees to change how and when they perform certain tasks, like processing payroll. 

Leaders can no longer stand by and watch because they are being watched. Every entity with access to data is under surveillance in some way by bad actors. Whether it’s a sophisticated crime ring testing your systems daily or a desperate team member mining data for dollars, the threat is imminent. You can start small with some of the action steps above. However, a comprehensive cyber security plan should be your goal as you head into 2022, a year experts predict to be the most challenging yet.

Mark K. Phillips is vice president of treasury management services for Bank Iowa, Iowa’s second largest family-owned financial institution. He can be reached at mkphillips@bankiowa.bank. To learn more, visit bankiowa.bank. Member FDIC.