Feb 13 2012
Cyber criminals are on the attack and more and more of their targets are small businesses. The number of attacks is now so large and their sophistication so great, that many businesses are having trouble determining which new threats and vulnerabilities pose the greatest risk.
Hackers Shift Attack to Small Firms
The percentage of attacks at businesses with 100 or fewer employees is reportedly on the rise. In 2009, only 27% of attacks were against small businesses, whereas in 2010, the figure jumped to 63%! Fraudsters mainly used checks with 93% of affected organizations reporting their checks had been targeted. According to the Association of Financial Professionals, the typical loss for organizations was $18,400.
How Do Hackers Get Access?
Attackers are continually finding new ways to access computer systems, and are using hidden methods like rootkits and botnets to gain access to your systems. These instances of cyber fraud have increased every year law enforcement has been tracking these issues, and you may be a victim without even realizing it. Attackers may be able to access information, monitor your actions, modify programs, or perform other functions on your computer without being detected. Bank Info Security recently named ACH and wire transfer fraud against small and midsized businesses as its top fraud concern in 2010.
How Can You Mitigate Your Risks?
Here are some suggestions on how to protect your business against cyber attacks. Each control provides you security in layers.
- Dedicate one computer or system for online banking, especially electronic payments such as ACH transaction and wire transfers.
- Use multifactor authentication with independent mechanism – use your IT experts to help design.
- Log and monitor key computers or systems.
- Segregate origination and approval on banking transactions.
- Reconcile transactions daily especially electronic originated transactions.
- Dedicate accounts to special purposes and fund using “just in time” deposits.
- Use a “run as needed” bootable CD that cannot be contaminated by a virus or malware or other software that protects against malicious software (malware).
What Should You Do Next?
- Establish “Dual Control” authorizations and other security options offered by your financial institution.
- Review your limits for ACH and Wire to determine if they suit your business needs.
- Consider a “stand alone” computer that is used exclusively for online banking.
- Review your internal controls (this is a good practice for all financial transactions).
- Schedule a meeting with your banker, accountant and legal partners and then review with your IT team to review your total risk exposure and learn how to mitigate those risks.
To help you start an internal review and risk assessment request Webster’s Fraud Awareness & Risk Assessment Checklist from firstname.lastname@example.org
What to Do If You’ve Been Hacked
- Don’t unplug – malware resides in computer’s memory and not the hard drive. Turning off a computer erases the memory, and with it many traces of the hack.
- Call in the Pros; IT, Legal and your accounting partners in addition to your banker.
- Keep a chain of custody – record every time someone touches a compromised computer or server and everything that’s done to it.
- Stop the bleeding – Figure out how the hacker broke in, and fix that hole.
- Find out what they stole.
- Figure out who to tell; start with your bank, lawyer and accountant. There may be law enforcement and regulatory reporting required as well.
- Be apologetic – in your customers minds, it’s your fault!
Education is the most important fraud prevention tool you have! Take time to protect your business and make sure you’re doing all that you can to proactively guard yourself from cyber crime. Do you have any other suggestions to share?