Cyber security is an important topic for small businesses, and while there are a lot of challenges to understand, business owners have a number of resources, including BMO.
BMO offers small business owners accessible, up-to-date cyber security information and resources, and their work is led by security expert Larry Zelvin.
With more than 25 years of security experience, Zelvin is BMO’s Executive Vice President and Head of the Financial Crimes Unit, and he is responsible for cyber security, fraud prevention, physical security, and crisis management.
Before joining BMO, Zelvin served on The White House’s National Security Council, and helped lead the U.S Department of Homeland Security’s cyber security and communications centre while working at the U.S. Defense Department.
Zelvin’s advice for businesses starts with awareness since many Canadians don’t realize the threats they are facing.
“First, organizations of all sizes can benefit from adopting a strong focus on cyber security,” Zelvin said. “Almost half of data breaches happen to organizations with fewer than 1,000 employees [Verizon’s 2021 Data Breach Investigations Report]. These organizations often have critical data that can be lucrative to threat actors and there is a perception that smaller organizations are easy targets because they may not have comprehensive security infrastructure in place.”
“The bottom line is–regardless of your size or scope–cyber security is a critical investment that will help protect your operations, employees, and customers.”
“Second, cyber security is not a ‘set it and forget it’ program. The cyber security field is constantly evolving due to the emergence of new technologies, new regulations, and increasingly sophisticated cyber threats. Organizations need to be aware of shifts or trends in the threat landscape that require changes and adapt accordingly.”
“It is also important to remember that there is no such thing as ‘perfect security.’ The aim is to constantly make things harder for the ‘bad guys’ and then be prepared to quickly respond when incidents inevitably occur.”
Zelvin also said that businesses need to think about training all of their staff, not just the IT departments or technology experts.
“One of the biggest misconceptions is that the responsibility of protecting the business belongs exclusively with your in-house security team or external vendor you’re partnering with to execute your security program,” Zelvin said.
“All employees have a significant role to play when it comes to protecting the business as most security incidents are a result of human error, such as clicking on a phishing email. It’s critical that organizations take steps to execute a comprehensive security program and continue to educate employees on security-related policies, procedures, and best practices, as well as potential security threats and how to respond to them.”
Beyond tips and information, BMO is ready to help businesses with their security needs.
“BMO’s Financial Crimes Unit brings together Cyber Security, Enterprise Fraud Management, Physical Security and Resilience and Integration under a Fusion Centre model to protect against the ever-growing threat landscape and strengthen the enterprise’s resilience posture.”
“Through the Fusion model, experts from BMO’s lines of business, business functions and industry to work together with our security experts to assess risks, analyze threats and best defend against modern security challenges.”
“Our Fusion Centre, a state-of-the-art facility, collaborates closely with Financial Crimes Unit Security Operations Centres, located in North America, Asia and Europe, to provide global 24/7/365 follow-the-sun security detection and response. This global approach to security enables us to protect BMO clients around the clock, gain a deeper understanding of threats by learning their diverse political and socioeconomic contexts, and constantly be in collaboration with international partners.”
“Driven by BMO’s Digital First framework, the Financial Crimes Unit also harnesses the latest cyber and fraud technologies and the power of data to protect the bank and our customers from cybercrime and fraud.”
BMO’s has offered a number of top security tips for businesses to consider in their cyber security planning and assessment. The top tips include:
- Enable efficient patching for all critical systems
- Roll out scaled multi-factor authentication
- Implement robust identity access management programs that are regulatory compliant, audited, and evolve to meet the security needs of your organization
- Ensure plans are in place for alternate communication technologies in the event normal communication pathways become unavailable or disrupted
- Communicate the importance of using work technology for business purposes only
- Educate your employees on common social engineering ploys and methods used in cyber and fraud attacks; you can access tips and resources quickly at BMO.com/Security
- Implement people practices that mitigate risk, such as separation of duties, assignment rotation and mandatory vacation
- Integrate and enhance fraud and cyber analytics to detect fraudulent transactions more efficiently
- Adjust and test cyber and fraud incident response and plan for the worst-case scenario with playbooks and handbooks
- Collaborate with vendors, contractors, and supply chains to ensure their security
Join our list
Subscribe to our mailing list and get weekly updates on our latest contests, interviews, and reviews.