Six Tips for Protecting Small Business Against Cybercrime

Lori Peterson

AVP Operations

Fidelity Bank

lorip@fidelitybankmn.com

fidelitybankmn.com

Topic: Banking / Finance

The threat of cybercrime is more prevalent today than ever before.  Small to medium sized businesses are being targeted by a type of cybercrime know as “corporate account takeover”. 

In corporate account takeover crimes, cyber-thieves gain access to a business' bank account(s) by stealing valid credentials, such as account names, numbers, and online banking passwords.  With this information, thieves gain access to the business’ accounts through online banking and create fraudulent transactions such as outgoing wire transfers and ACH transactions.  The scheme often involves obtaining the credentials through malware; or through deceptive communications, such as phishing emails, or fraudulent phone calls.  To make matters worse, malware can also corrupt and or infect a business’ computer network. 

Here are a few basic steps that small businesses can take to help minimize the risk:

1.     Firewall/ Anti-virus/ Anti-spyware:  Install anti-virus and other security software and update them frequently.  You need multiple layers of security, because if one fails, others still stand. 

2.     Isolate equipment. Consider using a dedicated computer for online financial transactions. Keep this computer independent of machines used for email, web-surfing, or more general Internet activities.

3.     Strong Passwords:  Always create passwords that use mixed-case letters and include numbers and symbols.  For the strongest passwords, don’t use words at all. Use random letters, numbers and special characters. Some computer hackers have programs that can try every word in the dictionary.  Make sure to change passwords on a regular basis, and don’t use the same password twice.

4.     User Education:  It's essential that managers and employees have a basic understanding of cyber security, including company-specific procedures and overall best practices.  Educate your employees about potential threats so they know what to recognize. Always log off the computer when you leave your desk. 

5.     Create a “Separation of Duties” policy:  Establish dual control protocols, particularly in your payment system.  Require one person to sign-in to authorize payments, and a second person to sign-in to release payment.  Dual control protocol can be used for all financial transactions, or just for transactions above a certain threshold, depending on the cost verses benefit for your organization of taking this extra security measure.

6.     Reconcile your bank accounts often! 

The Internet is a very powerful resource for small businesses.  The reality is this type of crime does exist.  Following these steps will help mitigate your risk of financial loss.