Jorge Rey, Director of Information Security & Compliance for Kaufman, Rossin & Co., contributed this article to BusinessNewsDaily's Expert Voices: Op-Ed & Insights.
President Obama met with CEOs of major organizations on March 13thto discuss the latest cyber threats (including the First Lady's personal information, which was allegedly compromised) and the need for cybersecurity legislation. While all of this happened on Capitol Hill, small businesses are also at risk of account takeover and losing thousands of dollars if cyber-criminals steal money from their accounts.
Account takeover occurs when a cyber-criminal steals a business owner's or employee's online banking log-in credentials for their business accounts. Once the cyber-criminals have the credentials, they have a window of opportunity in which money can be stolen. They can initiate funds transfers to their own bank accounts. Often these funds can't be recovered by the business, causing disruption and financial loss.
Cyber-criminals use different techniques to steal corporate online banking log-in credentials and takeover accounts. One of these techniques is "phishing." For example, a business may be compromised by:
- An infected document attached to an email
- A link within an email that connects to an infected website
- Employees visiting social networking websites and clicking on infected documents, videos, or photos posted there, and
- Transferring documents infected from another computer.
So, if the government cannot prevent hackers, what can you do to protect your business?
How to prevent account takeover:
- Install and maintain real-time anti-virus and anti-spyware desktop firewall and malware detection and removal software. Use these tools regularly to scan your computer. Allow for automatic updates and scheduled scans.
- Install routers and firewalls to prevent unauthorized access to your computer or network.
- Perform IT security evaluations periodically. Security auditors will evaluate whether you are actually protected against malware.
- Be wary if you unexpectedly receive emails from the IRS, UPS, Financial Institutions, Better Business Bureaus, Court Systems, etc… asking you to download and open a file. Hackers are capable of creating emails and documents that look legitimate.
- Do not perform online banking activities in public spaces like airports and internet cafes that offer free Wi-Fi hotspots. Your log-in credentials can be intercepted by a hacker.
- If you are using an electronic security token and, after entering your code, you receive a message that online banking is temporarily unavailable, notify your banking institution immediately. Your session could've been hijacked.
- Initiate wires and ACH files using dual control. For example, one employee initiates the transfer and another user approves and releases the wire or ACH using a different computer with a different user ID.
- Discuss the options offered by your financial institution to help detect or prevent unauthorized payments or changes to your accounts.
Hackers are constantly on the prowl, and you should be alert at all times to prevent cyber-security attacks. Small business owners should take the above-listed precautions to minimize the risk of business identity theft and account takeover. Not knowing where your weakest link is can affect your bottom-line and disrupt your business' operations.
The views expressed are those of the author and do not necessarily reflect the views of the publisher.