Many small business owners mistakenly think that federal fraud regulations cover their business accounts in the same way that these regulations protect personal accounts. However, federal regulations that protect financial accounts from fraud cover only personal accounts, leaving business accounts out in the cold when there's a cybersecurity breach. There is also very little protection when the source of the fraud is internal, such an employee with too much administrative access and not enough checks and balances in place. Here's what you can do to keep your business's bank accounts as safe as possible.
Hackers will often target email accounts to get their victims' bank credentials. BC Krishna, CEO of online payment solution provider MineralTree, said that small businesses often fall victim to these fraud schemes.
"Small business accounts are the most attractive targets for cybercriminals," he told Business News Daily. "Personal accounts often have small balances, and large corporations have tighter security, and fraud would be more noticeable. Hackers go after the weakest points in the chain: small businesses."
Many business owners rely on outdated security tools and strategies that are ineffective against cyberattacks in the first place. Staying on top of current events and being aware of threats in an ever-changing security landscape are the first steps to preventing bank fraud.
"There's too much trust in the system," Krishna said. "People need to become more aware that just because it's not happening in your own backyard doesn't mean it's not going to happen to you."
You can protect your business from outside threats with the following methods:
System integrity. Equip your computers and other system components with the most up-to-date firewalls and antivirus software. This means protecting smartphones, tablets and other mobile devices. Add to the protection level by executing daily backups of critical business data on every computer or server. If you use cloud storage, select a vendor with stringent security guidelines, and know your recourse if there appears to be a breach.
Two-step logins. To manage your bank account online, you generally need only your username and password. If those are compromised, anyone can get in. Set up two-step, out-of-band authentication, whereby a single-use code is sent to your phone or email for you to enter after you input your login credentials. Even if a cybercriminal intercepts that code, it will expire shortly after it's sent, and your account will remain protected.
Device identification and geofencing. Ensure that your payment system allows transactions only from recognized, registered devices. Similarly, setting up a location-aware system that operates within a trusted geographical region can help keep cybercriminals out of your accounts.
Employee training. Hackers gain entry to your accounts using a variety of methods, including links in what appear to be routine emails from financial institutions or other companies with whom you routinely do business. Train your employees to report any email that looks suspicious. Other training should include running scans on portable storage devices, like flash drives, before opening files, and limiting personal use of company business computers and devices.
The other, and perhaps more dangerous, threat to business owners' data security comes from their own staff. Internal fraud by employees is very easy to accomplish, so any company without sufficient monitoring systems puts itself at risk. Internal fraud can take the form of theft of money or product, misusing petty cash, or embezzlement. Here are some ways to protect your business from an inside threat:
Separation of duties. Businesses that utilize transaction verifications need to be sure that the person who sets up a payment is not the same person who approves it. This may be a bit of a hassle, but separating these duties will limit the chance of fraud by employees.
Background checks. For any employee who handles cash in hand, accepts payments from customers or clients, or has access to the company accounts, conduct a thorough background check during the pre-employment process.
Automated inventory systems. Theft of product or merchandise is equally as cost-disruptive and prevalent as misuse of funds. Control your inventory and know what you have by using automated inventory systems and frequently conducting spot-checks and partial inventories.
Audits. Using a third-party auditor protects your assets as well. Providing a fresh view on accounts, an auditory can more easily spot anything suspicious, resulting in an investigation as to root cause. Even if the problem is something as simple as an employee using the wrong account code, auditors can both protect your assets and find inconsistencies in procedure. Fixing these errors can improve not only monetary accuracy but also productivity.
Further advice on preventing fraud can be found in the following articles:
- "7 Ways to Protect Your Small Business from Fraud and Cybercrime"(Small Business Administration)
- "How to Protect Your Small Business from Fraud" (Wells Fargo)
- "Don't Let Your Business Pay the Price for Bank Fraud" (Forbes)
This article was originally published in 2013 and updated Oct. 7, 2015. Additional reporting by Business News Daily assistant editor Nicole Fallon Taylor.