Business cybersecurity often involves paying attention

Get our email updates

Stay up-to-date on the companies, people and issues that impact businesses in Syracuse, Central New York and beyond.

DeWITT, N.Y. — Protecting your money takes a lot more than an alarm or guard at the bank or shielding your PIN when you enter it at the ATM. This is especially true for businesses as more financial transactions take place in cyberspace. Businesses often notice bad transactions weeks after the fact, says Daniel Cardi, […]

Already an Subcriber? Log in

Get Instant Access to This Article

Become a Central New York Business Journal subscriber and get immediate access to all of our subscriber-only content and much more.

Learn More and Become a Subscriber

Businesses often notice bad transactions weeks after the fact, says Daniel Cardi, AVP and corporate security officer for Community Bank, N.A. in DeWitt. The number-one thing business owners and managers can do to avoid the fallout from such transactions is to pay attention, he adds.

That means staying up to speed on account activity and recognizing things outside the usual pattern of activity. Scammers often try to mix things into normal transactions, so those in charge of finances should keep a close eye on unusual patterns, he adds. Paying attention means a business can lock down a credit card or bank account as soon it sees something out of the ordinary to prevent any further fraud or loss.

Businesses should also educate employees of the dangers of phishing, according to Cardi. “We’ve seen a lot of commercial customers [who] receive these scam emails,” he says. These emails present as things like a bill that’s due, but the email might note that the original payment method didn’t work and include a link for providing a new payment method. If an employee clicks the link and inputs the company credit-card information, the scammers now have that data, he says.

It’s important to scrutinize every email and look for clues that show it’s fake, including unusual fonts, misspelled words, or names that are slightly different, Cardi says. “If you don’t feel right about it, we’re happy to do the work and check it out,” he adds.

Businesses are often aware of some of the most basic protections such as creating difficult passwords to protect accounts, Cardi says, but may fall short on things like periodically updating those passwords or making sure the software on their computer is up to date. Good antivirus software is also important, as is making sure your bank has updated contact information for your business in the event it needs to reach you, he adds.

Another thing to remember is that not all points of vulnerability are at the end of a computer. Cardi urges customers not to write checks if they don’t have to, especially since they are vulnerable at three points — in the mailbox, during delivery, and at the final destination. Something as simple as tossing a check into the trash after mobile depositing it could open the door to criminals who can image the check and sell that image on the dark web, Cardi says.

If your business must use checks, he has a few recommendations. First, make sure to shred checks as soon as they aren’t physically needed anymore. Second, he recommends routinely changing out check stock.

“Change up the colors, switch the font,” he says. “Make it difficult for the bad guys.” Doing these things even just a few times a year makes it that much harder for fraud to happen.

Finally, Cardi says, don’t be afraid to reach out to your financial institution for help.

Headquartered in DeWitt, Community Bank was recently named one of Newsweek magazine’s most trusted companies and has more than $15 billion in assets with more than 220 branches across New York, Pennsylvania, Vermont, and Massachusetts. Parent company Community Bank System, Inc, (NYSE: CBU) also operates Benefit Plans Administrative Services, Inc. (BPAS); Community Bank Wealth Management; Nottingham Advisors, Inc.; and OneGroup NY, Inc.

VIEWPOINT: Good cyber hygiene is essential to your personal and business information

Business Mentors, Health Care, Subscriber Only, Technology

Early in the COVID-19 pandemic, sanitation and hygiene took center stage. We saw long and detailed news articles on proper handwashing techniques, accompanied by soap shortages across the country. With this still in our collective conscience, it may feel strange to think about cyber hygiene, but it’s a vitally important concept for both businesses and individuals.

Already an Subcriber? Log in

Get Instant Access to This Article

Become a Central New York Business Journal subscriber and get immediate access to all of our subscriber-only content and much more.

Learn More and Become a Subscriber

Cyber hygiene, also known as cybersecurity hygiene, is defined as a set of practices performed regularly to maintain the health of computer systems, devices, networks, and data. Like proper handwashing, cyber hygiene works best when it is practiced all the time.

Cyberthreats are increasing at a dizzying pace, and bad actors find ways to circumvent security protocols almost as fast as they can be developed. This can seem discouraging, but we all need to keep in mind that many tried and true steps are our best line of defense.

If I were forced to pick just one cyber- hygiene item to highlight, it would be multifactor authentication, or MFA for short. Every individual and business should enable MFA everywhere it is an option — as soon as possible. MFA is exactly what it sounds like — in order to access a system, program, or account, users must provide multiple authentication factors. An example of MFA is a login to an account that requires you to sign on using your username and password, but before you can access the data, you must provide a code that is sent to your mobile phone — a code that should never be shared with anyone, as that would allow for unauthorized access to any of your accounts.

In other words, cybercriminals would have to not only know your username and password, but they would also need to be in possession of your cell phone in order to get into your account. Although that scenario isn’t impossible, it is unlikely. This is why MFA is considered the gold standard in basic account security. The first thing you do after reading this article should be to investigate where across your digital profile you are able to activate MFA — and then do it.

For businesses, one of the biggest cybersecurity lapses we see is the sharing of usernames and passwords. This lapse is frequently paired with either a publicly displayed (post-it note on a monitor) or easily discovered (post-it note poorly hidden) disclosure of a username/password combination. This is horrible cyber hygiene and very risky behavior.

Businesses large and small engage in these sorts of risky practices in the name of speed and efficiency. Small businesses, where employees are asked to wear many hats, are particularly vulnerable. Criminals are aware of this and will exploit it when and where they can.

Every business should adopt what is known as “the principal of least privilege.” This is a formal way of saying that only those who need access to certain programs and systems should have that access. Do not spread access rights around to all employees. Assign specific roles to the people who need access — and enable MFA to ensure they can’t share that information with others.

It might seem time-consuming to assign separate usernames and passwords and require all employees to use MFA, but it is essential to shoring up your defenses. And it is increasingly required by business-insurance policies. Put another way, if you think setting up MFA is time-consuming, compare that to the headache of a repairing a cyber breach — notifying customers, the potential for having your company’s data held hostage via a ransomware attack, the loss of public trust, and the need to overhaul your entire data network following an attack. If MFA can prevent any of that, it’s worth the additional few seconds it takes to activate and use.

Just like handwashing, taking the time to set up practices that keep your data safe is a good idea, and can protect the health of your systems. Once you are in the habit of using these best practices, they’ll feel routine rather than invasive — and they’ll help to keep your personal and business information out of the hands of cybercriminals.

Terra Carnrike-Granata is senior VP and senior director of information security at NBT Bank, where she designs and implements sophisticated controls to prevent loss and mitigate risk, while also developing innovative ways to educate consumers and businesses on cyberthreats.

Rome Lab’s chief of protocol retires

Employee Benefits & Human Resources, New York News, Nonprofits, People on the Move, Regional News, Technology

ROME, N.Y. — James Ray, the U.S. Air Force Research Laboratory’s (AFRL) chief of protocol, retired on July 1, wrapping up three decades of service

Binghamton University Ross Fund awards $24K to support collaborations with local nonprofits

Health Care, New York News, Nonprofits, Regional News

VESTAL, N.Y. — Binghamton University’s Stephen David Ross University and Community Projects Fund has awarded $24,000 in three grants to support initiatives involving collaborations between

Operation Oswego County’s Treadwell to retire at year’s end

Employee Benefits & Human Resources, Law, Accounting & Taxes, Nonprofits, People on the Move, Regional News, Small Business, Sports, Entertainment & Tourism

OSWEGO, N.Y. — After nearly 40 years of leading Operation Oswego County, Inc., L. Michael Treadwell plans to retire as of Dec. 31 of this

Rome Health names new chief nursing officer

Employee Benefits & Human Resources, Health Care, Nonprofits, People on the Move, Regional News

ROME, N.Y. — Rome Health announced it has appointed Ashley Edwards as its new chief nursing officer (CNO). As CNO, the Westernville native, Edwards, provides

People news: Utica’s Notre Dame Schools names new athletic director

Employee Benefits & Human Resources, Health Care, New York News, Nonprofits, People on the Move, Regional News, Sports, Entertainment & Tourism

UTICA, N.Y. — Notre Dame Schools announced the appointment of David Gardinier as its new athletic director. Gardinier spent 13 years coaching girls’ basketball, soccer,

Southern Tier 8 Regional Board working to expand broadband access in Southern Tier counties

Construction, Design & Real Estate, Employee Benefits & Human Resources, Health Care, Nonprofits, Regional News, Sports, Entertainment & Tourism, Technology

BINGHAMTON, N.Y. — The Southern Tier 8 Regional Board plans to explore the expansion of a middle mile fiber ring in Broome, Delaware, Schoharie, and

St. Elizabeth Family Medicine Residency Program graduates nine doctors

Employee Benefits & Human Resources, Health Care, New York News, Nonprofits, People on the Move, Regional News

UTICA, N.Y. — The St. Elizabeth Family Medicine Residency Program graduated nine doctors on June 24, bringing the total number of family physicians completing the

Townsend named coordinator for Oneida County STOP-DWI

Employee Benefits & Human Resources, Law, Accounting & Taxes, New York News, Nonprofits, People on the Move, Regional News

UTICA, N.Y. — Oneida County Executive Anthony J. Picente, Jr. recently appointed Eric Townsend as the county’s new STOP-DWI coordinator. He officially began in his

Get our email updates

Stay up-to-date on the companies, people and issues that impact businesses in Syracuse, Central New York and beyond.

Get our email updates

What's New

Upcoming Events

Annual Nonprofit Conference 2026

Tompkins Chamber Small Business Roundtable

Tompkins Chamber Business After Hours

CNYBJ Job Board

Get Instant Access to This Article

Get Instant Access to This Article

Get our email updates