The Small Medium Business Online Banking Crisis

Smaller businesses are now the #1 target for online banking theft. Your banking credentials are obtained through malware or social engineering or brute force username/password combination attempts. Here’s the rub: You aren’t insured against theft from online banking transactions. You money is just gone.

Meanwhile banks are encouraging all of us to participate in online banking. Some are even going so far as the charge additional fees for not using “paperless” accounts.

Here are a few sample thefts to read about. http://krebsonsecurity.com/2013/05/nc-fuel-distributor-hit-by-800000-cyberheist/

http://krebsonsecurity.com/2013/04/bank-sues-cyberheist-victim-to-recover-funds/

http://krebsonsecurity.com/2013/04/hay-maker-seeks-cyberheist-bale-out/

These types of cases are most often settled in favor of the bank and not the business. But even it they were settled in favor of the business, how many businesses can survive drained bank accounts AND an expensive lawsuit? It’s a mess. They are finding in favor of the banks by pointing out that the businesses haven’t taken up the bank on every security feature that they offer. Whether you know about these options or not is another thing. Your bank might not tell you. My credit union told me “Of course we would cover you in case someone broke into your account” “Oh that’s great. I can see that in writing?” As you can guess, the conversation ended there. They don’t have it in writing because it’s not really going to happen. “You should use our new Phone banking app!” “I don’t think so”

Security is one of those things that has no absolute. We can’t guarantee security, no one can. We can however make things more security. Being more secure than the next guy means that it’s more work to hack you than someone else, they will go to that someone else. So here’s what we did and what I suggest that you do as well. Recognize that you have to have online banking these days, here’s a suggestion for how to handle it.

  • Open a set of bank accounts that have NO online access and keep most of your funds there.
  • Authorize the fewest number of computers possible to access online banking accounts. (BTW, online banking includes ACH, wire transfers and payroll)
  • Take advantage of EVERY security option that your bank offers
  • Have current anti-malware software
  • Install and configure EMET. It’s a free security package from Microsoft to protect against suspicious behavior in browsers.
  • Install and configured Tracking Protection in Internet Explorer
  • DO NOT authorize anyone to do banking over mobile phone
  • Keep your limits low for ACH and Payroll transfers. Set instant alerts if your bank offers them

This is a place for serious policies and protective additional computer security. We can help by providing a boiler plate policy and installing and configuring additional security on your authorized banking computers.

If you really want to get serious, we can create a virtual computer that it only turned on for banking, then turned off again and used for nothing else.

Please think seriously about your security and let us help you make these important decisions.

-Amy

Leave a comment

Your email address will not be published. Required fields are marked *