Here’s an important question about your finances with a shocking answer: If a cyber-criminal were to gain access to your company’s bank account and steal all of the money in it, could you get it back? In many cases, the answer is no.
Many small business owners falsely believe they are protected by Federal Deposit Insurance Corporation (FDIC) laws and that the bank (or Federal government) would replace money stolen by a thief. Not so. The FDIC protects bank accounts against bank failures, not theft or embezzlement. So if your money is taken by a criminal—be it a completely anonymous person or even a “trusted" employee or vendor—the bank is not responsible for replacing the funds.
What’s really concerning about this is the fact that online criminals are becoming more and more sophisticated in their attacks. Criminals are also targeting small businesses since they are the “low hanging fruit”—small businesses often don’t have the security systems in place to prevent these attacks.
One Real Example That Cost One Business Close To $100,000
Sign Designs Inc. is an electric-sign maker in Modesto, California that had almost $100,000 stolen from their account by an unknown group in Eastern Europe. The first sign of trouble was a phone call from Bank of Stockton, their local community bank. It had just received a call from Chase Bank’s anti-fraud team regarding a $9,670 electronic payment to a Chase customer in Michigan. The owner confirmed he had not set up or authorized that payment, and when he looked further, he discovered that 17 similar transactions had already been processed the previous day from his bank account.
Although the owner’s bank notified all the banks that had received the funds, a large chunk of the money had already been withdrawn by “money mules” (people who launder money for online criminals, usually in Eastern Europe). The biggest problem for Sign Designs is that the Bank of Stockton isn’t accepting responsibility for the losses, claiming its systems were never breached. Hackers had planted a malicious program on the computer of Sign Designs’ controller and used that program to steal his online-banking credentials. The bank also points out that Sign Designs failed to implement proper security measures on its network that might have averted the losses.
How To Protect Yourself
1. Keep Your Network SECURE!
Hackers are focusing on small business computer networks because they are far easier to crack than a bank’s network. Weak passwords, out-of-date anti-virus, security patches that aren’t updated, and unmanaged (or non-existent) firewalls are the simple security checks that hackers are counting on you to neglect. Don’t be an easy target! Of course, our XperCARE Proactive Managed IT Service clients know that we’re watching over their network and making sure the gateway to your data is safe.
2. Educate Your Staff
While up-to-date anti-virus will protect you against a LOT of threats, it’s not 100% effective in protecting you. That’s because the most common way criminals access financial accounts is through e-mail: phishing scams, malware attachments in documents or links, or brute-force password guessing/reset attacks. The first two are made possible through human error; employees or trusted account holders “giving” hackers access by accidentally downloading malware, typing passwords in an e-mail, clicking on a link in an e-mail they believe to be safe, and so on. That’s why it’s important that anyone accessing financials should know NOT to click on strange links, open questionable attachments or send any account information via e-mail.
3. Talk To Your Bank
Find out exactly what their policy is for fraud and what you can do to prevent problems. Ask your bank to set up "dual controls" on your account so that each transaction requires the approval of two people. You might also establish a daily limit on how much money can be transferred out of your account, and require that all transfers be prescheduled by phone or confirmed via phone call or text message. If possible, impose restrictions on adding new payees.
4. Watch Your Account Daily
You should also get into the habit of checking your accounts daily at the end of the day and notifying your bank immediately of any questionable withdrawals. Money is laundered quickly; the sooner you catch the mistakes, the better your chances are of recovering the funds.
5. Make Sure Your Accountant Has Proper Security Controls
If you have someone doing your payroll and/or accounting, make sure they are following the same strict security procedures of your own computer network. Sign Designs was hacked by accessing the controller’s PC and using his credentials to make the transfers. Therefore, it’s essential that any and every employee, vendor or person accessing your financial accounts is following even tighter security controls on their PCs or other devices used to log into your bank, credit card account, etc.
If you’re not certain your computer network is secure from these attacks, call us for a FREE Network Security Assessment and find out for sure if you’re protected…or not!