These days, most small businesses utilize some form of eBanking or online banking, but have you ever considered what would happen if your account was compromised? Do you think your bank would compensate you for the loss? Are they required to? While banks are certainly required to comply with the security requirements outlined in the Federal Financial Institutions Examinations Council (FFIEC) security guidelines, what happens when the security breach comes from within your business?
A recent court ruling demonstrates that SMB’s can’t rely too heavily on their banks for protection against account fraud. In this case, the small business used online banking primarily to make weekly payroll payments. The cyber thieves used the ZeuS trojan to steal its online banking credentials, and then heisted over $500,000 in batches of fraudulent automated clearing house (ACH) transfers over a period of seven days. While the business was able to recover about $230,000 of the stolen funds, they were out the rest of the money.
This is just one example of how small businesses are increasingly becoming targets of online fraud and need to ensure that they’re taking the computer and network security seriously.
As a small business, what are some steps you can take to help guard against this type of fraud? Here are a few useful tips from security experts.
Probably the most important precaution a small business can take today is that of a “layered” approach to security. This includes ensuring you have up-to-date security software on your computers along with having advanced network firewalls that offer built-in malware and intrusion prevention systems (Often called UTM firewalls – these are not the wireless routers/firewalls you find at typical big box retail stores). Layering is crucial because viruses use multiple methods to discover and exploit weaknesses in your computers and network, and then replicate themselves.
Never accept incoming communications purporting to be from financial institutions you do business with, whether by email or phone call.
“Call them back using only the phone numbers published on your cards or statements,” Richard Wang, manager of SophosLabs US, said.
Use strong passwords and don’t reuse your bank password elsewhere.
“Remember that if you use the same password on multiple sites, then it’s only as secure as the weakest site,” Wang said.
Use two factor authentication if your bank offers it, such as confirmation numbers by text message to your phone, Wang said.
When logging in to perform online transactions, always enter the website address directly in your browser. Never click links that claim to take you to banking sites.
Log in and review the transactions for all your bank accounts on a daily or semi-daily basis. The sooner you catch fraud, the better.
Keep all operating systems, software and security measures up to date. Manufacturers are constantly updating these programs to tackle the ever-changing realm of threats out there, and unless you’re staying on top of these updates, you could leave yourself vulnerable.