5 Steps your Business Should Take Right Now to Protect Against ‘Banking Trojans’ and other Malware
Here’s something to think about: At this very moment, cybercrooks are aggressively targeting small businesses and looting their bank accounts.
According to the FBI, hackers targeting small businesses, non-profits, and other small organizations have attempted to make off with about $100 million in fraudulent transfers so far. It’s getting bad enough that both the feds and the American Banking Association are now advising businesses to use a completely separate PC just to do online banking with.
Here’s what cybercrooks are doing:
Through phishing scams or malware attacks—both usually initiated via email—cybercrooks attempt to capture your online banking credentials, then use that to log in and obtain the information they need to transfer money out of your account, often through ACH or wire transfer.
Unfortunately, the reason hackers are aggressively targeting small organizations is simple. Small businesses are much more likely to lack the controls or have the resources in place to safeguard against these types of attacks when compared to larger organizations. But there are still effective measures you can take to protect your business.
5 steps you should take right now
1. Educate your staff – Let your team know about this threat, and educate them about the importance of simply paying attention to the emails they open when on company computers. Luckily, spam is more often than not easy to spot, and recognizing obvious spam, and deleting it, should be your first line of defense.
Also, take a look at this Biztech article on phishing. It provides a pretty good overview of what phishing is and how to avoid falling prey to it.
2. Keep your antivirus up-to-date – Is your antivirus subscription up to date? Is it installed on all of your company workstations? Does your antivirus software scan emails, and, if so, is that functionality activated? If an infected email attachment is inadvertently opened, an up-to-date antivirus scan will usually be able to detect it.
3. Monitor you bank activity – Most banks allow you to set up alerts, either by email or text message, whenever a certain type of activity occurs on your account. If an unauthorized bank transfer is detected quickly enough, your bank may be able to stop it in its tracks.
4. Manage your passwords – If malware is detected on any of your workstations, it might be a good idea to change ALL of your passwords. Do you have a system in place to document and manage all of your online accounts? If you’re going based on memory alone, you’re bound to forget one when the time comes to change them all. You may also want to look into acquiring a password manager.
5. Protect your important data – You may want to seriously consider the FBI’s advisory to use a dedicated PC to do all of your online banking on. Whether or not you decide to go this route, it’s also a good idea to always have a back up all of your important data. A data backup, storage, and retrieval plan is not just protection against hardware failure. In the event any of your systems are compromised, the best solution is often to roll back the system to a pre-attack state, or to reformat the system and restore the important files to it.
What is your business doing to protect itself? Does your business have any other security practices you’d like to share? Let us know.