CRIMINALS USE spoofed e-mails, malicious software spread through infected attachments and online social networks to obtain login credentials to businesses’ accounts, transfer funds from the accounts and steal private information—a fraud referred to as “corporate account takeover.”
Combating account takeover is a shared responsibility between business- es and financial institutions. Bankers can explain the safeguards small businesses need and the numerous programs available that help ensure fund transfers, payroll requests and withdrawals are legitimate, accurate and authorized. Companies should train employees about safe Internet use and the warning signs of this fraud, because they are the first line of defense. These tips can help to prevent account takeover.
Protect your online environment. It is important to protect your cyber environment just as you would your cash and physical location. Do not use unprotected Internet connections. Encrypt sensitive data and keep updat-ed virus protections on your computer. Use complex passwords and change them periodically.
Partner with your bank to prevent unauthorized transactions. Talk to your banker about programs that safeguard you from unauthorized transactions. Positive Pay and other services offer call backs, device authentication, multi-person approval processes and batch limits, which help protect you from fraud.
Pay attention to suspicious activity and react quickly. Look out for unexplained account or network activity, pop-ups, and suspicious e-mails. If detected, immediately contact your financial institution, stop all online activity and remove any systems that may have been compromised. Keep records of what happened.
Understand your responsibilities and liabilities. The account agreement with your bank will detail what commercially reasonable security measures are required in your business. It is critical that you understand and implement the security safeguards in the agreement. If you don’t, you could be liable for losses resulting from a takeover. Talk to your banker if you have any questions about your responsibilities.
Beware of ransomware. Individuals and businesses have become targets to a growing online fraud scheme known as ransomware. Ransomware is a form of malware used by cybercriminals to freeze your computer or mobile device, steal your data and demand a “ransom”—typically anywhere from a couple of hundred to thousands of dollars—be paid.
Ransomware poses great risks to individual computers or laptops, enterprise networks and or servers used by government agencies, financial institutions and healthcare providers. In addition to educating your employees, here are some tips for your business.
Manage the use of privileged accounts. Restrict users’ ability to install and run software applications on network devices, in an effort to limit your networks exposure to malware.
Employ a data backup and recovery plan for all critical information. Backups are essential for lessening the impact of potential malware threats. Store the data in a separate device or offline in order to access it in the event of a ransomware attack.
Make sure all business devices are up to date. Ensure antivirus and anti-malware solutions are set to automatically update and conduct regular scans so that your operating systems operate efficiently.
Contact your local FBI field office immediately to report a ransomware event and request assistance.