Every business needs to have a written security policy that outlines the acceptable practices and expectations for keeping the business secure. These expectations should be clearly communicated to all employees. Small businesses may not have a dedicated IT team or specialist who can create and enforce a security policy. In such cases, the business owner is responsible for enforcing a security policy or security guidelines for the business.

A basic security policy should define how to:

• keep your information, systems and network protected from viruses, spyware and other malicious code
• keep your internet connection secure
• secure your wireless access points and networks
• install and activate firewalls on all of your business systems
• patch your operating systems and applications
• make backup copies of all important business data and information
• control physical access to your computers and network components
• train your employees in basic security principles
• limit employee access to data and information on a needs-only basis
• limit the ability to install software to admin users only

Merely having a security policy is not enough. All employees must be familiar with the policy as soon as they join the business. If possible, your business should have mandatory security policy training that all employees need to complete at least once a year.

Cybersecurity is often thought to be a matter only for the IT or security department. But cybersecurity is a task that involves the entire business and all employees. It’s important that your employees are aware of the real threats and are well informed about specific preventative measures. 

Even when a business has implemented the recommended security tools and practices, it’s still vulnerable to cybercrime. This is because fraudsters often exploit the weakest link in IT security: the employees. It's much easier to get an unsuspecting employee to open the door in good faith than to break into complex systems. 

If you receive a phishing email or a fake text message, you can report the incident by forwarding the email or sending a screen shot of the text message to falskemails@danskebank.dk.

Sometimes, cybercriminals operate by impersonating Danske Bank. Even if the email or text message doesn’t use Danske Bank as the sender name, you can report any fraudulent email or text message that references Danske Bank. We collaborate with other organisations and do our best to take down fraudulent webpages. When you report a fraudulent email or text message to us, you’re helping to protect others as well.

Learn more about phishing and smishing here. 

If an unauthorised person has obtained information about your business’s card or account information, please contact us immediately on +45 70 123 456.

Report cybercrime attacks to the police
Businesses are not obliged to report a cybercrime attack to the police, but a police report can help a business gain an overview of the extent of the attack and, in the long term, contributes to better prevention. If you want to file a police report, we’ll be happy to help you. Please contact us on +45 70 114 115. You can also contact the Danish police on +45 114 or file a report at politi.dk.

At Danske Bank, we do as much as we can to help keep your business protected against cybercrime.

To ensure that your business is safe with us, we work on several fronts. We’re constantly developing our systems so that they remain equipped against all external attacks. So you’re well protected when you use our online solutions for your business banking activities. 

We would also like to help you to increase your business’s own IT security setup. We do this by sharing our knowledge and experience about cybercrime and by offering various security tools you can implement in your business.

Phishing emails are a big problem, and they’re becoming increasingly sophisticated and more difficult to understand. To catch fraudulent emails, we’ve implemented multiple systems. The systems don’t just protect Danske Bank – they also protect your business from receiving mail from senders masquerading as Danske Bank. If a fraudster nevertheless manages to sends you an email claiming to be sent from Danske Bank, please report it at falskemails@danskebank.dk and we’ll work to take down the fake site immediately.

We recommend that our customers using District always communicate with us via the District platform because it offers heightened security features for payments. Some of these security features are detailed below.

Restricted user access
You can manage the rights of different users to execute payments and create creditors. This lets you limit the number of users handling new or large creditors, for example.

Authorisation of payments by two users
You can use two-step authentication where two authorised District users must authorise payments independently of each other. This makes it more difficult for hackers to make payments in the business's name.

Payments and accounts limit
You can set a limit on the amount that can be transferred from a specific account or by a specific user.

Receive notifications about your business’s accounts
You can receive a notification on your phone for example, when there are important transactions on your business’s accounts, for instance when a payment exceeds a certain amount or the balance of an account falls below a set limit.

User access overview
You can easily keep track of what the various users have access to in District — and you can change access rights yourself with immediate effect – also form your mobile device. This allows you to easily approve users or delete users who no longer need access to a given feature in District.