What would you do if your small business's bank account got hacked? If a cybercriminal or untrustworthy employee were to drain your funds, you'd have very little chance of ever seeing that money again: Federal regulations that protect financial accounts from fraud only cover personal accounts, leaving business accounts out in the cold when there's a cybersecurity breach.
Internal fraud by employees with too much administrative access is very easy to accomplish, so any company without sufficient monitoring systems is putting itself at risk. In the case of hackers, cybercriminals will often target email accounts to get their victims' bank credentials. BC Krishna, CEO of online payment solution provider MineralTree, said that small businesses are often the victims of these fraud schemes.
"Small business accounts are the most attractive targets for cybercriminals," he told BusinessNewsDaily. "Personal accounts often have small balances, and large corporations have tighter security, and fraud would be more noticeable. Hackers go after the weakest points in the chain: small businesses."
Not receiving help from banks or the government in fraud situations can be pretty frightening for small businesses, but an even larger problem is that many business owners rely on outdated security tools and strategies that are ineffective against cyberattacks in the first place. Staying on top of current events and being aware of threats in an ever-changing security landscape are the first steps to preventing bank fraud.
"There's too much trust in the system," Krishna said. "People need to become more aware that just because it's not happening in your own backyard doesn't mean it's not going to happen to you."
Krishna offered these three measures that small business owners can take to protect their company bank accounts from both internal and external threats:
Two-step logins. To manage your bank account online, you generally only need your username and password. If those are compromised, anyone can get in. Set up two-step out-of-band authentication, whereby a single-use code is sent to your phone or email for you to enter after you input your login credentials. Even if a cybercriminal intercepts that code, it will expire shortly after it's sent, and your account will remain protected.
Separation of duties. Businesses that utilize transaction verifications need to be sure that the person who sets up a payment isn't the same person who approves it. It may be a bit of a hassle, but separating these duties will limit the chance of fraud by the employee.
Device identification and geofencing. Ensure that your payment system only allows transactions to occur from recognized, registered devices. Similarly, setting up a location-aware system that operates within a trusted geographical region can help keep cybercriminals out of your accounts.
Originally published on BusinessNewsDaily.