Support on this site for Internet Explorer 9 and Internet Explorer 10 will end on April 18, 2018. You must update your browser prior to then to continue accessing ubt.com and UBTgo Online Banking. Learn More Here >>

Monitor and protect your accounts from Fraud

Jim Smith,

October 02, 2015

Building Your Business

Articles

Cyber security experts believe cyber security threats will continue now and into the future with increasing sophistication. Cyber crime is profitable and the risks for the criminals to be caught or punished are still negligible. Often the information stolen is not used by these fraudsters; rather it’s sold as a commodity.

Corporate Account Takeover

Corporate account takeover is when fraudsters use malware, purchased like any software program, to control your PC and record keystrokes to record your online credentials and passwords. They automatically monitor your keystrokes (sometimes up to 6 months) until they are able to log-in to your financial software and attempt to transfer money to their shell accounts at other banks.

Protect your business:

Create dual-control procedures and multiple layers of checks and balances before funds are released from your financial institution. Make sure those in charge of disbursing funds know who they are talking to, verify the request, and raise a red flag if anything is amiss. Be sure your virus and firewall software is continually updated to reduce vulnerabilities. At Union Bank, check out fraud prevention tools that automatically verify your check file against those being presented for payment. (Positive Pay, ACH Block)

Web-Based Infection and Browser-Based Exploits

Cyber criminals are shifting away from spam to deliver their malware and turning their talents to web-based infection and browser-based exploits. It is very easy to rapidly infect poorly secured websites. There are thousands of websites that are key entry points to company networks and can provide a way to disseminate malware to visitors.

Protect your business:

Ensure that your website software is frequently updated with the latest security patches. Talk with your website developer about where your site is hosted; make sure the hosting server or third party provider has strong security measures in place.

Flaws in Widely-Used Open Source Software

Before Sony Pictures, before Home Depot—Heartbleed was the big problem. There will likely be another exploit on similar hidden open source code. Many systems have embedded open source software; hackers are looking for ways to exploit vulnerabilities that have been dormant for years.

Protect your business:

Unfortunately you can’t identify the next big issue in advance. Stay alert of early warnings of exploits and act as quickly as possible.

Cyber Theft

Data breaches are still happening to too many merchants and companies that accept credit cards. It’s still common to hear of smaller companies as the victim of a data breach involving stolen credit card information.

Protect your business:

If you accept credit cards, be sure you meet the latest payment system (PCI) security requirements. If you are not in compliance, you will not only risk losing customers and paying for the recovery, you risk lawsuits by the victims and other parties involved. Upgrade to the most current EMV terminals to ensure security of your customers’ transactions.

Ransomware

Expect increased frequency of ransomware attacks. This is software created to take possession of your PC or network with the threat to delete if you don’t send funds to the fraudsters. Experts forecast attempts at the cloud storage level as well as network level.

Protect your business:

Be sure you have redundancy in backups of your critical data. Make security awareness a company culture to reduce the chances of an employee allowing the malware to access your network. Always question it if something looks strange on your PC.

Social Engineering

More cyber criminals will attempt to find ways into networked systems with creative and highly targeted strategies. Is that e-mail message really from your colleague or boss? These people are really, really good at investigating people. CIA level skills of investigating are not uncommon, but often the criminals just search social media and phone employees for easy clues. Recent cases have convinced company staff to wire large sums to a fraudsters account masquerading as a stockholder or owner.

Protect your business

Test your business by having employees role play social engineering activities to demonstrate the type of questions a criminal may ask. Share ways to avoid responding to the criminal’s questions.

Internet of Things

Hackers are expanding their efforts into products that can easily be accessed. They will go after products such as network printers for a lateral attack into a business network. It is all about maneuvering to get to the end goal – confidential data on your network system.

Protect your business

Ensure your IT support inventories your system for second tier entry points. Once top tier entry points are secure, harden the other possible access points to make it more difficult for the hacker.

Insider Attacks

Even in small businesses, there are disgruntled employees as well as friends and relatives of employees that may exploit your employee.

Protect your business

Be sure your security precautions do not place employees in the position that they could directly or indirectly access information they do not have a business need to access, nor remove such data from your company. Evaluate all suspicious activities impartially; don’t assume the employee would never harm your business. Hire a third party (auditor or accountant) to investigate if needed.

Weak Passwords and Flawed Password Retrieval Processes

If you allow customers or vendors to access confidential information on your system via password, make sure your password reset process is secure and complex. Traditional questions for reset are too easy to hack. Just go to a social media or heritage websites to find lots of mother’s maiden names.

Protect your business

Review your password reset procedure to see if the process is complex enough. Two level authentication is better than just answering a basic personal question and providing a user email address. Studies show the password “1234” is still one of the most often used passwords.

Mobile Device Exposure

With the rapid increase in mobile device usage for business, the amount of business data accessible is staggering. The cyber criminals see this as a rich frontier of opportunity. Even Apple products will be targeted more frequently since the volume of users is now a significant-sized market.

Protect your business

Review your Bring Your Own Device (BYOD) plan and ensure employees follow it if they utilize their personal smartphone or tablets. Set controls and limit the number of employees that have access to confidential information via mobile devices. Many employees need access during normal working hours in the office, but not all may need the same data access via mobile.

Cyber crimes are our present and our future. Recovery will be painful and disruptive. Legal recourse is limited. However, we do know there are many ways a small business can take responsibility and protect itself. Put the right tools in place to protect yourself now, before you find your business hacked.

Back to Top

Add new comment

This blog article is for informational purposes only, and is not an advertisement for a product or service. The accuracy and completeness is not guaranteed and does not constitute legal or tax advice. Please consult with your own tax, legal, and financial advisors.