If you think small businesses are less vulnerable to cyber attacks and other forms of fraud than bigger, better known businesses, it is time to think again.
According to the Association of Certified Fraud Examiners, small businesses actually suffer a greater proportion of losses to fraud than larger ones. Increasingly, the perpetrators—employees, customers, vendors and cyber thieves—know that small businesses make easier targets and are shifting their focus to them. Here are some things you can do to fight back.
Dedicate one PC to online banking. It happens all the time: an employee innocently opens an email containing a hidden Trojan virus. After attaching itself to the employee’s computer, the virus allows the hacker to manipulate transactions on the infected computer, including accessing company bank accounts; creating new user accounts; and wiring thousands of dollars to accomplices around the world—all before anyone suspects a thing.
One of the most effective and least expensive ways to combat cyber attacks like this is to limit your company's online financial transactions to a dedicated PC that is accessible only to a tightly controlled group of users. Email and web-browsing—the vehicles used by hackers to download viruses—should be blocked on this dedicated “banking computer.”
Even the transactions themselves should be initiated on a separate computer. The goal is to create a system in which, if hackers were to intercept any one computer, it alone would not have the tools, passwords and account information needed to complete the process.
Implement dual controls. When managing company finances, no individual should control more than one phase of a financial transaction or operation.
In practical terms, that means that the person who writes checks shouldn't also be reconciling accounts. Likewise, a person who initiates a wire transfer shouldn’t also submit it to the bank or approve its release. And if at all possible, a second computer should be used for approval processing. Dual controls like these not only help prevent internal fraud, but can help protect against cyber attacks as well.
Make sure home computers are protected. Fraud control measures are only as good as those used by your employees, customers and vendors. With employees especially, it's important for you to make sure that if they are allowed to use a home computer, they are running antivirus software that is updated daily, as well as anti-spyware software, personal firewalls and other protection tools. Consider whether you want to allow employees to access company systems from home since popular social networking sites seem to be hotspots for hackers.
The message for companies, large and small: be vigilant. The gateways for fraud are always changing, as attackers modify their approaches to work around the latest controls. Contact your banker for ways he or she can help you fight off fraudsters. We are truly all in this together! iBi
