As we discussed last month, criminals are increasingly targeting small businesses for financial cyber attacks. These attacks have included: stealing customer and company data to sell, high-jacking and holding the information system for ransom, and taking money. Small companies are under fire because they’re low hanging fruit.
Owners who would never leave the doors unlocked on their building or office are leaving their cyber doors wide open. They have installed locks, security systems and gates against the local “physical” criminals, yet all but put out a Welcome mat for the cyber ones anywhere else in the world.
But, it doesn’t have to be that way – with a little discipline and some common sense procedures you can prevent or minimize the possibility of a successful attack. Here are some suggestions.
Scrutinize emails
Create an awareness program about phony emails, which you and your employees follow. Fake emails are used to plant malware and spyware, which allows thieves access to the system (i.e. account numbers and amounts, passwords, transaction history, credit card numbers). Don’t open links or attachments unless you’re very sure you know who they’re from.
Another popular ruse is to use realistic emails to initiate money transfers to outside accounts. The thief, via email, poses as a manager and asks an employee to transfer money from a company account to an outside one. An employee, properly trained, will make sure the request is legitimate before sending the money.
Avoid Wi-Fi
Smartphones and tablets have made it easy to do work anywhere. But, it’s also made it easy for hackers to easily access your information. Wi-Fi connections are notorious for having weak security – no matter what the sign on the door says.
Would you trust a stranger to lock up your office every night? Then why would you trust the owner (or a major corporation) of the local coffee shop to protect your important data, especially when the chances are very good that they aren’t protecting their own.
Use your bank as a partner
Your bank wants you to succeed – it’s good for you, it’s good for them and it’s good for the community. Sit down with someone and find out what options they have for safeguarding your accounts. They probably have some you don’t know about.
Do they have two-factor authentication? It requires unfamiliar account users/devices to supply additional information. Do they have software that flags attempted logins from unfamiliar sources? If the bank doesn’t recognize a login they will send a one-time access code to a separate device of your choosing. Can they provide text messages for each withdrawal?
Many small business owners don’t know that companies don’t have the same fraud protection consumers have. Depending on the bank’s policies and the agreement you signed with them they may not be liable for stolen money. Some banks provide fraud protection only when specific security measures are in place.
Financial cyber attacks aren’t going to decrease, nor will they ever be “fixed”. They’ll increase in frequency and sophistication, while having moving target solutions. The cost of doing business in the internet age is realizing the problem isn’t going away, and it’s time to start dealing with it now, rather than later when all your money has disappeared.