Financial fraud through digital means is on the rise and there is no signs of it slowing down. Criminals continue to grow in sophistication, and are always inventing new and creative ways to separate you and your money or data. Protecting your business may seem daunting, but with a few simple steps and common sense, you can keep the criminals at bay and keep your information safe and secure.
Install system and third party updates. Criminals will use flaws or vulnerabilities in outdated software to gain access to your devices. This includes “Smart” devices as well. If you unsure on how to update a particular device you or software you use, contact a trusted computer professional.
Install an anti-malware solution on your computers and network and keep it completely updated. While a determined attacker can get around even the best solutions to install malware on your machine, you don't want to be the low-hanging fruit. Make yourself an unattractive target!
Use strong passwords. A strong password is a combination of numbers, uppercase letters, lowercase letters, and, if possible, other characters. This makes the password nearly impossible to guess in a reasonable amount of time, and ensures that all the hard work you put into keeping your devices well-protected does not go to waste. The longer the password, the harder it is to guess. Do not re-use the same password across different services. Always use unique passwords especially for financial transactions. You may want to consider using a password manager such as Keeper (www.keeper.com) or Dashlane (www.dashlane.com).
Be cautious with free/open wi-fi. Avoid performing any kind of financial transactions over open Wi-Fi connections as it is much easier for information to be stolen or compromised this way. It is much safer to use your 3G or 4G cellular connection for these types of transactions.
If you use wires to send money routinely, segregate responsibility for initiating wires from the responsibility for authorizing them. Also, ensure that each person uses a different computer with unique authorization passwords. For some, dual control seems like an added, perhaps unnecessary step. However, separating these responsibilities will ensure that even if the criminal can compromise your user ID and password and he goes and initiates a wire, someone else would have to approve the wire before it goes out. Suddenly the added step has become your safety net.
Keep a suspicious mind when you receive email that asks you to click on a link, open an attachment or that seeks your credentials-even if it's from a trusted source like the bank. You can often spot a fraudulent email because of poor grammatical structure, misspellings, typos or other errors. But some fraudulent emails can be very convincing. For instance, it could look exactly like an e-mail from a trusted source. Sometimes, only the URLs embedded in the e-mail can give it away. Fraudsters will sometimes modify the top-level domain of a URL (e.g., switching .com to .net) or substitute a letter for a number or vice versa (e.g., switching abc0123.com for abcO123.com). If you're not expecting an e-mail, you should not assume it's legitimate. Always double-check; pick up a phone and call, even if the email is from a co-worker or boss within your organization.
Be careful when following links on social networking sites or when asked to give information over the phone. Criminals like to compromise social networking sites because users often treat them as safe, trusted places. Clicking on the wrong link can expose you to malware. Likewise, don't give up authorization credentials over the phone. Review your online banking records on a daily basis. If someone has managed to access your account, you may be able to spot it and prevent a fraudulent payment. But you have to stay on top of it. You have a very small window of opportunity.
Backup your data. As much as people are afraid of someone breaking into their computer or compromising their data, it is even more common to experience a hardware or software failure causing you to lose your data. Backing up information on your computer regularly is recommended so you do not lose important information. This will also protect you from new types of malware that will hold your data hostage until you pay the criminals to unlock it. This includes backing up the data on your mobile device such as photos and contacts.
If you find that your computer or account has been compromised, there are a number of steps you should take:
- Call the bank. Ask us to disable your online access and to monitor your account. Depending on the situation, we will also recommend additional steps that you should take.
- Try to trace what happened and how it occurred. Stop using any computer that is potentially infected. Contact a trusted computer professional to help remove any threats from your device.
- Use a non-infected device to change your passwords. (another reason to use a password manager)
- Look at your insurance policy. Make sure you understand your liability and what your policy covers. (Cyber insurance is an option)
Educate all of your staff on these best practices. It takes an entire company working together to ensure that your data is kept safe.