Here’s something to think about: At this very moment, cybercrooks are looking for ways to loot the bank accounts of small businesses. According to the FBI, hackers targeting small businesses, nonprofits, and other small organizations have tried to make off with about $100 million in fraudulent transfers so far. It’s getting bad enough that both the feds and the American Bankers Association are now advising businesses to use dedicated PCs for online banking.
What Cybercrooks Are Doing
Through phishing scams or malware attacks—both usually initiated via email—cybercrooks attempt to capture your online banking credentials, then use your credentials to log in and obtain the information they need to transfer money out of your account, often through ACH or wire transfer.
The reason hackers are aggressively targeting small organizations is simple. Compared with larger organizations, smaller businesses are less likely to have the resources in place to safeguard against these types of attacks. But there are still effective measures that owners can take to protect their businesses.
Five Steps to Take Right Now
1. Educate your staff. Let your team know about this threat, and educate your team members about the importance of simply paying attention to the emails they open on company computers. Spam is usually easy to spot, and recognizing and deleting it should be your first line of defense.
Also, take a look at this Biztech article on phishing [INSERT HYPERLINK: http://www.biztechmagazine.com/article.asp?item_id=121]. It provides an overview of what phishing is and how to avoid falling prey to it.
2. Keep your antivirus subscription current. Is your antivirus subscription up to date? Is it installed on all of your company workstations? Can your antivirus software scan emails, and is the email-scanning function activated? If an infected email attachment is inadvertently opened, an up-to-date antivirus scan will usually be able to detect it.
3. Monitor you bank activity. Most banks allow you to set up alerts, either by email or text message, when certain types of activities occur on your account. If an unauthorized bank transfer is detected quickly enough, your bank may be able to stop it.
4. Manage your passwords. If malware is detected on any of your workstations, you may want to change all of your passwords. Do you have a system in place to document and manage all of your online accounts? If you’re managing your passwords based on memory alone, you’re bound to forget one when the time comes to change them all. You may also want to look into acquiring a password manager.
5. Protect your important data. You may want to seriously consider the FBI’s advisory to use a dedicated PC for all of your online banking. Regardless of whether you decide to go this route, it’s always a good idea to back up all of your important data. A data backup, storage, and retrieval plan is not just protection against hardware failure. If any of your systems are ever compromised, the best solution is often to roll back the system to a pre-attack state, or to reformat the system and restore the important files to it.
What is your business doing to protect itself? Does your business have any other security practices you’d like to share? Let us know.