Corporate Account Takeovers Criminals are set to Invade your Company’s Computer Network
How does it happen?
Criminals use malicious software, commonly called malware, to infect your workstation (49% of all breaches). Most often malware is delivered in a legitimate looking email urging you to click on the link or an attachment. Users can even be infected from compromised thumbdrives, websites or “banner” ads. This malware is sophisticated enough to begin infecting your entire network, allowing criminals to record everything including passwords, account numbers, trade information, etc.
What happens when our computers are infected?
This malware allows criminals to monitor everything via key-logging software that captures your online banking credentials and tracks your online behavior. Your credentials are used to transfers funds out of your accounts, many times electronically. To your bank, it appears you are initiating the transfers with your credentials…even from your specific workstation! Before the infection is detected the funds are gone…typically out of the country.
Criminal groups may monitor social networks or company web sites to determine the best individuals to target. Once the malware is planted, they’ll harvest personal identities, patient information or credit card numbers over weeks or months to then sell. Criminals are patient and will harvest as much information as possible before siphoning the funds.
What can I do to protect my network and accounts?
There are many things for a business to consider in protecting their network and there is no one solution. Contact your IT provider to discuss these threats and identify specific ways to protect your network.
Keep your software current with all necessary updates and patches including security software with measures for scanning incoming files, bot-net protection, antispyware and anti-malware.
Employ firewalls, encrypt outside network connections and perform regular scans to identify malware already present. Layer security options to add as many barriers as possible. Remember it takes days or weeks for software providers to develop countermeasures.
Do not click on email links or attachments from unknown senders or if they don’t make sense (do you really think you won the Canadian lottery or want to e-mail the IRS?)
Avoid conducting online banking from public or unsecured Wi-Fi connections.
Consider blocking unproductive or restricted websites (social networking sites commonly are used to deploy malware).
Ensure every employee has their own credentials and no sharing takes place.
Employ strong password protocols and change passwords on a regular basis.
Consider using one or two computers without network or e-mail access for all online banking activities. Contact your banker for tools to increase account security and payment control such as tokens, dual control for online transactions, Positive pay and ACH filters. Review your account daily, especially pending or recently sent wires or ACH files.
The number one way to protect your business from online threats is employee education. Don’t assume employees know the threats and methods. Cyber threats are very real. Take action today to protect all your assets, company funds AND information.
Courtesy of EPCOR™. EPCOR is a not-for-profit trade association headquartered in Kansas City, Missouri, that provides financial institutions and their business customers with reliable payments and risk management education, information, support and national industry representation.
For more information contact Jim Smith, Treasury Management Union Bank & Trust Co at 402-323-1779.