10 Tips to Protect Your Bank Account from Hackers
It’s hard to imagine a worse nightmare for a small business than having their bank account drained by a thief and finding out there’s no recourse, yet that scenario is becoming more common. The FBI reports that Business Email Compromises (BEC) where criminals steal from business accounts using email scams rose 270% from January to August last year. And, small businesses (1-250 employees) are the most likely targets of phishing campaigns, according to Symantec. While the law offers some protection for individuals — if your personal bank account is breached, you’ll probably be able to recover the funds after some effort — business accounts don’t have the same legal protections and the banks often won’t pay. So, what can you do to protect your company assets?
The Law
The Electronic Funds Transfer Act protects individuals who may be victims of cybercrimes that compromise their bank accounts. Federal law generally says that you will get your money back if you notify the bank within 60 days of a fraudulent transaction appearing on your bank statement. Although if you did something that exposed your account to fraud, you may not be protected. Business accounts, on the other hand, are covered by the Uniform Commercial Code. The standard is much different. If a bank has “commercially reasonable security procedures” in place that it follows, then the fault does not lie with the bank, and they will not reimburse the business for fraudulent withdrawals. That means businesses need to take security into their own hands to protect their assets from cybercrime.
10 Tips to Protect Your Bank Accounts
There are a number of steps businesses can take to minimize the risk of cybercriminals accessing their financial accounts:
1. Talk to your bank. Ensure that the bank uses two-factor or multi-factor authentication (not just a user name and password to verify who you are) and ask about protocols for dealing with security issues.
2. Be wary of emails. Never respond to emails that appear to be from a financial institution or ask for financial information — even if they seem to be authentic or to come from a known individual. Don’t click on links in emails that may lead you to bogus websites or install malware on your computer.
3. Monitor your bank accounts closely so that you can identify fraud quickly.
4. Do not use public Wi-Fi, especially to access bank accounts.
5. Update your technology. Make sure you have the latest version of antivirus software running and install software patches as they are made available.
6. Control and limit access to your data and accounts. Consider using a dedicated computer for financial transactions (one not used for email, web surfing, or social media).
7. Establish protocols for wire transfers. For example, create an internal authorization system for wire transfers that requires in-house signatures before transactions go through. Require employees to confirm legitimate wire transfer requests via direct communication, such as a telephone calls to a known, authorized contact point (not via a link sent in an email).
8. Educate your employees so that they are aware of cyberthreats, including spear phishing tactics. Make sure they understand and follow any financial procedure or other security protocols your business puts into place. (See blog posts: Employees: The Weak Link in Your Company’s Cybersecurity and What’s the Biggest Cybersecurity Threat? Employees)
9. Utilize banking apps. There are a few reasons using mobile apps may be more secure than accessing accounts via your PC. The bank knows who you are by your user name and password, but also by your phone number, which adds an additional layer of security. The phone allows the bank to communicate with you via message, text or email very rapidly, so transactions can be confirmed quickly. Most people have the phone on their person or know where it is at all times. If you do use an app, get it from the bank, not an app store, and only use it on a secure device.
10. Use strong passwords and don’t put information on social media or elsewhere online that makes your passwords easy to guess or makes you an easy target (See blog post: Real Stories of Cyberscams: Don’t Let it Happen to You)
For more tips on how to secure your small or mid-sized company and protect your data and assets, download our FREE, easy to understand e-book.