It’s unfair and just plain mean, but cyber-crime is on the rise and your small business is the target. Why would hackers in Europe care about your small business? One small businesses added to thousands of other small business means big money for criminals that are intent on accessing your bank accounts and corporate credit cards.
According to recent FBI reports, cyber criminals have drained $100 million from small business bank accounts in the last several years. It’s important that owners frequently check the status of bank accounts, verify deposits and withdrawals, and match debit and credit charges against the account(s). Notify your commercial banker of any discrepancies immediately so that a fraud alert can be placed on
Criminals use electronic trolling tools such as banking Trojans to sneak onto your computer systems and access banking login and account information. Once the criminal has this data, accessing your account through more traditional channels is easy. Using Automatic Clearing House (ACH) and wire transfers your hard-earned money is siphoned from your accounts and quickly routed to off-shore accounts never to be seen again.
Why are small businesses such easy prey? Many small enterprises don’t have the resources or IT staffing to ward off such attacks leaving the business highly vulnerable for fraud. A survey of 300 small businesses performed earlier this year found that 52 percent had “little or no familiarity with banking Trojans.” Moreover, most small businesses reported feeling “a false sense of security that the banks would cover any losses if they occurred.” The reality is that business accounts are not afforded the same consumer protections against fraud and that resolving and more importantly recovering any lost dollars could take months or years. In the meantime, a business owner would have to manage without the funds or risk losing everything to such fraud.
There is a spike in phishing emails to small business. The message looks like it comes from a legitimate business such as Best Buy and asks the recipient to perform specific actions regarding
Rick Bonito, owner of EverSafe IT Services in Nashua, NH says that fraud can come in all shapes and sizes. It’s important to guard against even the most blatant types of email fraud. “We’ve seen many incidents recently where clients received emails addressed from companies like Bank of America. The emails identify your account, warn that they are putting the account on hold, or other ‘urgent’ conversations that require your immediate attention. Emails requesting account numbers, personal data or access codes would NEVER come from your bank,” continues Bonito. “If you read the email very closely you’ll notice that the grammar is not precise and there are little details that are off from what the actual bank would do.”
Bonito advises that business owners should forward the fraudulent email to the Bank’s IT Fraud department so they are aware of the incident and then delete it from your system. Whatever you do, do not respond directly to the sender.
The Clampi Trojan virus (also known as Ligats, llomo, or Rscan) is one of the most popular causes of cyber-crime in small business. The Trojan resides on the victim’s computer waiting for the user to activate banking information or use the company credit card in an online transaction. Once activated, the Trojan gathers your passcodes, account numbers and log-in and then reroutes the banking funds to another online account or uses the credit card for unauthorized purchases. Eradicating Clampi is especially difficult because it has defensive programs that allow it to “avoid detection by anti-virus software.” It also has a self-spreading capability that enables it to replicate on other networked computers once it takes hold on a single PC.
- Invest in a dedicated financial computer for your online banking and business accounting. With one system it becomes easier to provide additional levels of security.
- Consider Cyber Insurance. There are insurance policies available that will provide additional remuneration in the event of a cyber-attack against your business. Talk with your insurance agent about your options.
- Know your bank and its business fraud policies. Because there is a clear delineation between personal and commercial banking, take the time to talk with your bank and review its
policies and procedures. In the event of fraud, you’ll know what your business’ liability is and the steps to take. An established relationship with your bank will also aid in the reporting and recovery process.
- Use two-factor authentication. The double layer of security asks for two separate security passcodes thereby increasing your protection.
- Perform frequent security updates. Antivirus software and other updates should be updated weekly in order to prevent the most recent attacks from accessing your system.
- Run a system back up and keep your accounting on a removable hard drive
or remote server.
- Follow internet safety protocols. Advise employees against opening attachments, clicking on downloadable files or providing passwords to unknown sources.
- Perform a live Linux installation.
Several highly reputable IT sources advise that while conducting sensitive transactions, inserting a copy of a bootable, live Linux installation like Knoppix or Ubuntu Live and booting your spare system to perform the online banking functions can provide additional protections. It may seem like more work, but it will further guard your business against attack.
If an incident of fraud occurs follow the steps below to reduce the impact to your business. Immediately report the fraud to your banking institution. The longer the time between the incident and the reporting, the more likely you will have to assume greater, if not 100 percent, liability for the loss. Secondly, take the time to update your security protocols and bring in IT support to scrub your systems and help to prevent future attacks. Most software companies issue weekly security updates on Tuesdays. Schedule your update for Tuesday night to receive the latest patches. It is also advisable to run multiple anti-virus programs to scan for threats. Using only one type of AV software leaves your system most vulnerable. If possible, run AV malware software off a bootable CD for even greater detection results.
Keeping abreast of the latest cyber-crime can be a full time job. Rather than trying to manage IT security yourself, it may be more cost-effective to subcontract your IT issues to an outside firm for 24/7 management.
To learn more about protecting your business from fraud, talk with a Fiducial Advisor by calling 866-Fiducial or visit the web site at www.Fiducial.com.