If you use online banking for your business – beware! Cybercriminals have increasingly been targeting the online accounts of small- to medium-sized businesses, non-profits and municipalities.
These types of “corporate account takeovers” are attacks carried out by cybercriminals to either obtain the login credentials or hijack the secure online session of a legitimate user through the use of malicious software. The criminals then initiate wire and ACH transactions through the victim’s corporate online banking account.
These attacks typically begin with the introduction of malware. These malicious programs, such as spyware and viruses, can be spread between computers by e-mail, infected websites and other means.
Therefore, it is essential that you utilize proper computer security practices when you access your accounts online. We’ve pulled together some tips about computer security for businesses.
Assess your risks
Before you can begin to secure your electronic assets, assess what risks your business faces based on what data you store and to what degree a system compromise would impact your business. In most cases, this type of corporate account takeover would drastically affect most businesses. As a result, we recommend you conduct these risk assessments, and identify solutions, on a regular basis.
Many banks’ business internet banking services – including MidWestOne’s Business Online Cash Manager – offer a dual control feature. Under dual control, all transaction requests must be submitted by one user and approved by another user before processing. This security control can greatly reduce the likelihood of fraud if the transaction is initiated and approved on two different computers.
Stand-alone machine or limited browsing
If your employees have access to surf the internet on their work computer, they are exposing your computer system to additional risk. Consider limiting browsing privileges or pinpointing a computer that will strictly be used for online banking. Ensuring that the computer is only used for online banking will drastically lower the chances of it becoming compromised via an infected e-mail or website.
A firewall prevents unauthorized access to your business computer system by restricting allowable communication. Most operating systems have a built-in firewall feature, but you still need to verify that a firewall is indeed present and that it is turned on. Firewall programs are also readily available from security software providers and are often included in a business security software suite.
Malware protection/anti-virus software
In addition to a firewall, all computers on your business network should have anti-virus and anti-spyware programs installed. These programs detect and respond to threats that may reach the computer through an e-mail attachment or website.
Malicious software, such as computer viruses or spyware, can be used to collect confidential information or even to take control of the entire computer. This is another element that is often included in business security software packages.
Update and patch all operating systems, business and security programs regularly
The security software protecting your business will be ineffective if it is not routinely updated. Any programs your employees use, especially operating systems and web browsers, need to be updated and patched to protect against new threats. These updates are often included in a service agreement with a security software provider. However, if it is not included, make sure you know how and when to update the software on your own.
Monitor account activity
If fraud does occur on your business accounts, it is important to catch it as soon as possible. At a minimum, check your accounts daily for unauthorized activity. Contact your bank immediately if you notice suspicious activity on a business account.
- Enforce a strong workstation password policy.
- Do not send confidential information through unencrypted e-mail.
- Shut down or disconnect computers from the internet when not in use.
- Educate your employees about avoiding phishing attacks and social engineering.
- Back up your data.
If you have any questions about keeping your business safe online, don’t hesitate to reach out to your local MidWestOne banker.