Online banking is a double-edged sword for small businesses: It's easy and convenient, and yet it makes them vulnerable targets for cybercriminals. There are a lot of small businesses out there, and they don't all have the big budgets for IT resources or a large staff.
Another potential downside is that as a small business, protection laws work differently. Small businesses may have more difficulty recovering any online account losses because business accounts typically do not have the same level of legal protection provided to consumers.
Like safecrackers of a different era, cybercriminals have many tools at their disposal to break into online accounts. Typically, businesses get tricked into giving out sensitive information through phishing attacks. A phishing attack is when seemingly legitimate e-mails lead to websites where they are asked to enter sensitive information (such as user names, passwords, credit card data, etc). Both the e-mails and the websites are professionally designed and appear to come from legitimate, trustworthy sources. Once cybercriminals have secured the information, they can either target the account to transfer funds out of the accounts or sell the login details to other cybercriminals--User information for online banking accounts is usually sold priced as a percentage of the available balance on the account. Today, bank accounts are available online for as little as 3 percent, which includes personal, business and offshore accounts.
Best Practices for Secure Online Banking
Despite the risks, online business banking is an extremely valuable tool in today's high-paced business world. Here are some best practices to help make the online banking experience a secure one.
Train employees: Social engineering is still often used to obtain sensitive information. For example, never trust e-mails requesting personal information such as user names or passwords. If there is no one in the office qualified to provide this type of training, find a trusted IT professional or consultant to educate employees.
Secure systems: Ensure your business systems (PCs, file servers, and mail servers) are protected by trustworthy internet security business products and are using the latest updates. Consumer solutions (paid or free) are not sufficient to provide adequate coverage and visibility for the security of your business.
Dedicated online banking PC: Designate a single computer to use as your business's online account machine. This computer should solely be used for online banking and not for other activities such as e-mail, web browsing, or file sharing.
Consult with your bank: Discuss with your bank the type of security they have in place and other best practices it can recommend based on its systems. Also, familiarize yourself with the protection and processes it provides to business accounts in the event of losses.
Learning the Lingo
Trojans: Programs that perform malicious actions but have no replication abilities. Like the original Trojan horse, these programs may arrive as seemingly harmless files or applications, but actually have malicious intent within their code. Banking Trojans are specifically designed to gain control and compromise online accounts.
Phishing: A form of identity theft in which a scammer uses an authentic-looking e-mail to trick recipients into giving out sensitive personal information, such as a credit card numbers, bank account numbers, Social Security numbers or other sensitive personal information.
Site spoofing: Websites that appear professionally designed and legitimate with the purpose of collecting sensitive information from unsuspecting visitors.
Dal Gemmell is a senior global product marketing manager in the Trend Micro Small-Business solutions team. As a global product marketing manager, he works in partnership with regional leaders to drive sales and marketing efforts.