How to protect your business

IT security is not just a matter for the IT department or the officer responsible for IT. It is a common task for your entire business.

IT fraud affects businesses of all sizes, so both small and large enterprises should focus on IT security. And it is not just about managing your antivirus programs, firewalls and the like. It is equally important that your employees are aware of the actual threats and that they are familiar with specific precautions.

The human factor

Even if you have installed the recommended tools, you are still vulnerable to IT fraud. The reason is that fraudsters often exploit the 'weakest link’ in a business’s IT security – that is,  the employees. Getting an unsuspecting employee to open the door in good faith is much easier than breaking into complex security systems.

Get an IT policy

We recommend drawing up an IT policy for your business. A good start is to find any gaps in your existing security. This entails going over your security tools and getting familiar with your employees’ day-to-day conduct and routines.

A simple IT policy should include

  • a review of the various threats
  • payment and transfer procedures
  • software update procedures
  • procedures for the use and renewal of passwords
  • rules on the programs to be used
  • rules on the use of USB sticks, external hard drives, etc.
  • guidelines on what to do in case of suspected fraud

When the boss is away ...

Skilled fraudsters know when members of your management team are out of office
and use this knowledge to commit cybercrime.

Read more about CEO fraud.

Below we provide a number of tips

Pay attention in these situations

  • When you travel

    When you travel

    When you or your colleagues are travelling on business, you should always use secure connections when you go online. We therefore recommend that you use a VPN connection for your computers, mobile phones and tablets. 

    In some countries, VPN connections are not permitted. So you need to get acquainted with the specific rules for the country in question. Contact your national trade organisation if you are not sure about the rules:

    Confederation of Danish Industry (DI)

    Think about what is on your hard disk

    You should also be aware that your computers, mobile phones and tablets may be thoroughly examined on entry into certain countries or get stolen. Remove critical and confidential information from your devices before you leave.

    Reset mobile phones and tablets

    If you are travelling to a country that does not permit the use of a VPN connection, we recommend that you reset your mobile phones and tablets – both before you leave and when you return. This will delete any viruses.

    What does using a VPN connection imply?


  • When you transfer money

    When you transfer money

    Several cases every year involve businesses that have been victims of fraud in connection with money transfers. We therefore recommend that you always take extra care when you transfer money. Once the money is in the hands of a fraudster, it may be difficult to do anything about it.
     
    IT fraudsters typically take advantage of busy periods at work, or they make their move during holiday periods and when members of the senior management are away. Therefore, watch out for fraudulent e-mails and inquiries. These may include invoices from unknown suppliers, messages about payments to accounts other than those normally used and e-mails from the CEO regarding unexpected transfers (CEO fraud). Always contact the supplier in question or the CEO if you are in the slightest doubt.
     
    If you are using Business Online, you can set up the system to reduce the risk of fraud. For example, you may introduce requirements for two-stage approval of invoices or alarms in connection with selected money transfers.
     
    Read more about fraud in connection with payments and transfers:
    Invoice scams
    CEO fraud

     

  • When you use a mobile phone to go online

    When you use a mobile phone to go online

    Your business’s mobile phones may be exposed to fraudulent e-mails, text messages, apps and various types of harmful programs (malware). 

    Install secure apps only

    Always have clear guidelines on what apps your employees are allowed to install on their business mobile phones. You may also choose to use a device management program that installs only pre-approved apps.

    Do you use your personal mobile phones for work?

    If you use your personal mobile phones for work, viruses and malware from personal programs may be transferred to business data. You can prevent this by installing Virtual Mobile Infrastructure technology for all your business programs.

    Read more about

  • If you find a USB stick that someone has 'lost'

    If you find a USB stick that someone has 'lost'

    A USB stick that someone has 'lost' in your parking lot is a simple scam that may have serious consequences for your business. The USB stick may contain harmful programs and may infect local workstations and entire networks.

    It is important that all employees know where to hand in a USB stick they have found and know that they must never insert it into a drive of one of your business’s computers.   

    You should generally be aware that USB sticks may contain harmful software and viruses. We therefore recommend that you always scan USB sticks before using them in one of your business’s computers.

     

  • If you receive suspicious e-mails and text messages

    If you receive suspicious e-mails and text messages

    Phishing (fraudulent e-mails) and smishing (fraudulent text messages) are some of the most common types of fraud. The purpose is to get the victims to disclose their NemID, card and bank details or other sensitive information. Phishing and smishing are also used for installing concealed and harmful software on computers and mobile phones.
     

    If you receive a suspicious e-mail or text message

    Sometimes, you will also see that the letters in the sender’s name have been reversed or replaced so that the name of the sender is not entirely correct. Skilled fraudsters may, however, spoof messages. This makes it possible to send a fraudulent e-mail or text message in which the name of the sender is seemingly correct.

    Please contact us in case of suspected fraud

    If you receive suspicious e-mails or text messages, you can always contact us. If it turns out to be attempted fraud, we will make sure that the website concerned is removed from our approved lists. 

    Forward the e-mail or a screenshot of the text message to this adress: falskemails@danskebank.dk.

Additional security tools

Most businesses are already using the most important tools such as firewalls and antivirus and spyware programs. Below you will find a few suggestions on how to supplement your toolbox.

Protect yourselves against fraudulent e-mails

It may be an advantage for businesses of a certain size to implement systems that provide protection against fraudulent e-mails. The systems can prevent unauthorised use of the business’s domain as the sender of fraudulent e-mails (spoofing) and warn of phishing e-mails in the business’s own inboxes.

Use secure connections

If you have employees working elsewhere or from home, they must be able to access your network and servers through secure connections. We recommend that you use a VPN to create secure and encrypted point-to-point connections, typically via the internet.

Improve security on your mobile phones

Many mobile phones contain both work-related and personal programs. This may jeopardise security because viruses and malware in personal programs may be transferred to your infrastructure. You can increase security on your mobile phones in several ways:

Read more about Mobile Device Management

Read more about Virtual Mobile Infrastructure

Få alle fordelene i dag. Bliv kunde i Danske Bank.