Small businesses are frequent targets of criminal attacks and hostile threats to systems, according to the National Institute of Standards and Technology. Owners face serious challenges in protecting their business information, as well as safeguarding their clients and employees privacy. As small businesses become increasingly dependent on online tools for day-to-day operations, protecting confidential information in cyberspace is crucial.
Cybercriminals target small businesses with sophisticated attacks. Criminals use spoofed emails, malicious software and online social networks to obtain login credentials to businesses’ accounts, transfer funds from the accounts and steal private information.
Fraud with increased sophistication like corporate account takeovers are on the rise. This type of fraud is where thieves gain access to a business’ finances to make unauthorized transactions, including transferring funds from the company, creating and adding new fake employees to payroll, and stealing sensitive customer information that may not be recoverable.
Combating account takeover is a shared responsibility between businesses and financial institutions. Bankers can explain the safeguards small businesses need and the numerous programs available that help ensure fund transfers, payroll requests and withdrawals are legitimate and accurate. As a starting point, here are several tips to help prevent account takeover:
Educate employees. Cyber protection is a team effort. Employees are the first line of defense against an account takeover. Employees should know the warning signs, safe practices and responses to a suspected takeover. They should be on alert for strange network activity, instructed not to open suspicious emails and should never share account information.
Protect your online environment. Just as physical locations and assets are protected, virtual environments should be protected as well. Do not use unprotected Internet connections, and be sure to encrypt sensitive data and keep reputable anti-virus and anti-spyware programs updated. Passwords should be complex and updated periodically.
Partner with your bank for payment authentication. Talk to your banker about services that prevent unauthorized transactions, such as call backs, device authentication, multi-person approval processes, batch limits and other tools that increase protection against account takeover.
Pay attention to suspicious activity and react quickly. Unexplained account transactions, unauthorized network activity, pop ups or suspicious emails can all indicate cybercrime. If detected, stop all online activity, keep records of all suspicious transactions, and contact your financial institution immediately. Remove any systems or computers that may have been compromised from the rest of your network.
Understand your responsibilities and liabilities. An account agreement with your financial institution details what commercially reasonable security measures are required for your business. Understanding in full detail what security safeguards are required in the agreement is critical to maintaining adequate cyber protection. Failure to do so means you could be liable for losses resulting from a takeover. Effectively implementing these safeguards ensures your cyber security can withstand and prevent hacks and attacks. Talk to your banker if you have any questions about your responsibilities.
by Marianne Cederlind /Senior Vice President and Chief Business Banking Officer /Mission Valley Bank