Thursday, June 24, 2010

Protect your business from the cybercrime wave

Fantastic article from Steve Straus at USA Today...

Q: I really think you should warn people about the increasing dangers coming from scam artists who are targeting small business. Our business had several thousand dollars illegally transferred out of our bank account recently and my banker says this is becoming more and more common. – Paul

A: As with everything else it has touched, the Internet has changed financial fraud, too. And the problem with that is that e-scammers are more difficult to detect. But make no mistake about it – being the victim of financial fraud of any sort can put you out of business in a hurry.

Maybe the worst case of financial fraud that I have been associated with was an old client who ran a very successful, seven-figure construction company. But after his bookkeeper embezzled several hundred thousand dollars, the company had to file two separate bankruptcies before eventually going out of business anyway.

And as I said, today's bad guys have gone high-tech and have unfortunately devised new and better ways to steal your money.

Consider the recent story about a dental group in Missouri that discovered one morning that more than $200,000 had been illegally transferred out of its bank account. To make matters worse, the dentists also found out that, unlike consumers, small businesses do not get the same protections afforded consumers who are the victim of online fraud. If your credit card is stolen, and you report it promptly, your out-of-pocket loss is capped at $50.

Such is not the case with illegal commercial wire transfers.

According to Brian Krebs, a journalist who has covered this issue extensively, "Most companies that get hit with this type of fraud quickly figure out that their banks are under no legal obligation to reimburse them."

So how does this type of fraud occur, and what can you do to protect yourself? Typically, the bad guys are able to plant malware on the victim's computer and then use that to access the company's online banking profile. They then use that information to transfer huge sums of money out of the targeted accounts.

Estimates of losses to business from these types of cyberscams run from the hundreds of millions annually, to the billions.

So what do you do? To answer that question, I recently spoke with Bill Conner, the dynamic president and CEO of Entrust. Conner is one of the world's leading experts on cybersecurity, and his company provides security for everything from Homeland Security, to all U.S. and British passports.

According to Conner, cybercrooks are now targeting small business: "We are in an arms race with sophisticated, high tech enemies who are now concentrating on smaller business bank accounts in addition to their continued efforts to steal from large corporations." To combat the risk, Conner suggests that small businesses employ a "triple threat" security package that would include

• Authentication

• Fraud detection, and

• "Out-of-band transaction verification and signing for high-risk transactions"

Authentication and fraud detection intuitively make sense – these sorts of products look at your transaction, and transaction history, and check for suspicious activity. Conner explained that while Entrust already offers the first two types of protection, to better serve its customers, it is adding that third, necessary layer, of protection with a new product being launched this week.

"IdentityGuard Mobile" is an app for your smartphone. When a potentially suspicious activity begins to hit your account, this product sends you a text of the transaction details and asks you to authenticate and approve it before the bank can approve it.

With the challenges to small business coming from all sides – decreased lending, tighter budgets, wary consumers – the last thing we need is to take a financial hit due to cybercrime, so we must be vigilant. Keep your security patches up to date. Make sure you have a robust antivirus suite. Change your pass codes frequently. Use the triple threat.

You will be glad you did.

No comments:

Post a Comment