Today’s volatile economy already poses enough challenges for companies without having to worry about the threat of fraud. While most large businesses may have the financial wherewithal to deploy firewalls, monitoring systems, and hire the right IT staff to protect their networks, smaller businesses aren’t as fortunate.
In the recent New York Times article, “Owners May Not Be Covered When Hackers Wipe Out Business Bank Account,” Gartner estimates over 10 percent of small businesses have had funds stolen from their bank accounts, totaling more than $2 billion in fraud losses. For Ann Talbot, whose engineering and construction company Golden State Bridge lost $125,000 from cyber fraud, lacking the security tools and internal resources can make small businesses easy prey for Internet-savvy hackers.
“People think, ‘It’ll never happen to me,’ but these are incredibly sophisticated criminals, and we’re not I.T. experts. When you work for a big company, you have a full I.T. staff and you’re locked down like Fort Knox. When you work for a small to midsize company, you’re not locked down at all.”
In the case of Golden State Bridge, an office manager violating company policy by visiting a social networking site unknowingly downloaded malicious software. The criminals were able to capture the office manager’s user name and password, which they used to make two automated clearinghouse batch transactions that routed the money to eight different banks across the country.
While there is no foolproof security tool that stops every type of fraud tactic under the sun, a multi-layered authentication approach that covers online, email, text and telephone transactions is essential for detecting and stopping fraud techniques that can defeat single authentication defenses. According to some fraud experts, security solutions alone may not be enough. Because criminals tactics are evolving faster than many antivirus products, establishing corporate policies and applying additional best practice security measures can also play an instrumental role in helping small business owners protect their IT systems and networks. Some recommended strategies for small businesses include:
-Keep firewalls up-to-date and limit the number of employees with access to accounts
-Educate all employees and enforce strict rules for office computers
-Place limits on the amounts of all automated clearinghouse transactions
-Dedicate one computer solely for online banking (and never email or browse the Web from that computer)
-Check business accounts daily
-Purchase fraud insurance, otherwise businesses could shoulder the losses alone
-Have multiple people to approve every business transaction
-Ask and understand the security policies of business partners, vendors, etc.
Even with corporate policies in place, it’s impossible to control the online habits of your employees and anyone else who connects to your network. Because small businesses don’t have the deep pockets to deploy anti-fraud defenses required to ensure their systems and proprietary information are safe from cyber criminals, a multi-layered approach that combines effective and efficient tools like real-time device reputation technology with security best practices is critical to protecting their businesses from new and evolving forms of online fraud and abuse.