SEE BEYOND THE NUMBERS

Hackers Target South Florida Businesses

Are you prepared for the financial loss and business disruption that would occur if a hacker grabbed $50,000 from your bank account?   Cyber criminals are targeting the bank accounts of small and medium sized businesses in South Florida and worldwide.  And in many cases, the banks aren’t liable for your loss.

How can hackers get into my account?

To obtain access to financial accounts, cyber criminals target your employees – often senior executives or accounting personnel. They steal their personal information and log-in credentials for your online bank account using one of many methods, including mimicking your bank’s website, or using malware and viruses to compromise your business’ system. Then the criminal transfers funds by ACH or wire transfer to the bank accounts of associates within the U.S. or directly overseas with wires. A business’ systems may be compromised by:

  • An infected document attached to an email
  • Employees visiting legitimate websites – especially social networking sites – and clicking on the infected documents, videos, or photos posted there
  • An employee using a flash drive that was infected by another computer
  • A link within an email that connects to an infected website.  

Think your employees don’t click on suspicious links?

If you’re  thinking your employees are too smart to click on a link that says “There is a problem with your banking account, please reconfirm your ID and password,”  you may be right. 

But what about one from the Better Business Bureau that says “A complaint has been filed against you,” one from UPS that says “There’s a problem with your shipment,” or one from the court system that says “You have been served a subpoena?”

But isn’t my bank responsible for the loss?

Actually, when you set up your online business account, you probably signed papers accepting responsibility for losses like these.  In some cases the bank will work with you, in the interests of good customer service.  But don’t count on it.

Most companies I visit think their anti-virus software is working.

Many times they are wrong!  To enhance the security of your computer and networks, you should:

  • Install and maintain real-time anti-virus and anti-spyware desktop firewall and malware detection and removal software. Use these tools regularly to scan your computer.  Allow for automatic updates and scheduled scans. 
  • Install routers and firewalls to prevent unauthorized access to your computer or network
  • Perform IT Security evaluations periodically.

You can also enhance the security of your corporate banking processes and protocols by:

  • Dedicating one highly secured computer exclusively to online banking and cash management activity.
  • Not performing online banking and cash management activities in Wi-Fi hotspots, including airports or Internet cafes.
  • Initiating wire and ACH files using dual control — for example, file creation by one employee and file approval and release by another employee on a different computer with a different user id.
  • Reviewing accounts regularly.  This enhances the ability to quickly detect unauthorized activity and allows the business and the financial institution to take action to prevent or minimize losses.
  • Discussing the options offered by your financial institution to help detect or prevent unauthorized payments or changes to your accounts.

Jorge Rey is Director of Information Security for Kaufman, Rossin & Co., one of the top CPA firms in the country. He can be reached at jrey@kaufmanrossin.com.