Everywhere you look these days, you see signs of the major increase in online fraud. The era of the brazen bank robbery has largely been supplanted by a seedy underworld of international criminals operating over digital highways trying to tap into bank accounts.
If you own or operate the finances of a business, you need to be aware of fraud trends and how to protect your assets. If criminals access your finances through a hole in your company’s computer security, the business could be on the hook for those losses. Once your system has been tapped, crooks can be in and out in a matter of hours with a large chunk of your money.
Banks can provide technical information and assistance to their small business customers, but it’s ultimately up to the business to take action and protect their assets. These are some common steps small businesses should consider:
Businesses should conduct all online banking activities from stand-alone, completely locked down computers. Try not to use a PC that is also used for email or public Internet browsing.
Install a dedicated, actively managed firewall, which limits the potential for unauthorized access to a network and computers.
Use a secure session—with a URL of https, not just http, in the browser for all online banking. M&T and many other banks support secure sessions.
Activate an appropriate “pop-up” blocker on Internet browsers to prevent intrusions.
Regularly update the antivirus software on your PCs and systems to help protect your information.
Fraud attacks using ACH and wire payments are a global and industrywide problem affecting a large number of businesses around the world. The attackers are sophisticated, understand the ACH and wire payment systems and target customers with both small and large account balances.
Many payment fraud attacks begin with a “phishing” email, which correctly names the recipient and contains either an infected file or a link to a malicious website. The email recipient is generally a person within an organization who can initiate payments on behalf of the organization. Once the email recipient opens the attachment, or clicks the link to open the website, malware is installed on their computer. This malware usually consists of a Trojan keystroke logger, which is used to steal the recipient’s online banking credentials.
Once the criminal has those banking credentials, he creates another user account from the stolen credentials or directly initiates a funds transfer masquerading as the legitimate user. These transfers have occurred through ACH or wire transfers that are directed to the bank accounts of willing individuals who quickly accept the money.
Here are some ways you can protect your small business from ACH and wire fraud:
Utilize ACH and check payment blocks or filters to place appropriate limits on payments.
Reconcile banking transactions on a daily basis to identify and review any unknown payments.
Initiate ACH and wire payments under dual control, with one person originating the transaction and a separate individual approving the transaction before it is sent.
Prohibit the use of “shared” usernames and passwords for online banking systems. Set a different password for each website accessed.
Avoid using automatic “save” log-in features that remember usernames and passwords for online banking.
In the event you become a victim of fraud, there are a number of immediate recommendations you should take to help protect your financial interests:
Immediately cease all activity from computer systems that may be compromised and contact your security staff to perform virus scans on networks and PCs.
Unplug the Ethernet or cable modem connections to isolate the system or PC from remote access.
Immediately contact your financial institution.
Taking these steps can reduce your chances of being a victim of online fraud. Many banks also offer additional services for their small-business customers to help manage fraud risk. Be vigilant in securing your assets online. Criminals can now do just as much financial damage sneaking into your office on digital wires as they can by smashing through the front door.
Bob Cieslica Jr. is administrative vice president and regional business banking manager for M&T Bank in Rochester.
10/17/14 (c) 2014 Rochester Business Journal. To obtain permission to reprint this article, call 585-546-8303 or email firstname.lastname@example.org.