Online banking offers a world of convenience, and can increase productivity by saving hours traveling and waiting in the queue at the bank. As it increases in popularity, small and mid-sized businesses must understand that online heists can and have taken place.
In fact, at least one small business had its online banking account electronically cleaned up to the tune of almost half a million dollars. And for this small business at least, getting the money back proved an arduous journey despite the clear electronic trail. Before the same situation befalls your organization, below are three tips for how SMBs can better protect themselves when doing online banking.
One of the primary weaknesses of online banking has to do with how it is susceptible to credential stealing and session hijacking malware. While security software and regular patching helps to somewhat mitigate the risks on this front, hackers have a huge financial impetus to discover novel security loopholes and ruthlessly exploit them for personal gain.
Using a separate computer for online banking sidesteps this arms race by working on a system that is not at risk from two of the most common vectors of infection: Web browsing and phishing emails. So while the idea of using a separate computer for online banking sounds somewhat archaic, doing so does offer a much greater level of protection against Trojans and malware.
Moreover, a netbook will more than suffice for this task, as with an unused computer or even a tablet. For the first two options, it makes sense to equip them with the latest security software, too; and best avoid using the obsolete Windows XP operating system on these machines.
With a new generation of banking malware already making its round stealing one-time keys from infected mobile phones, it surprised me that some financial institutions still relied on a static username and password combination for authentication. As a bare minimum, SMBs should insist on a physical key fob for generating a one-time security key for logging on, or for a text message containing the same information. The first option is more desirable at this point, though the second still offers reasonable protection.
Where protecting mobile devices is concerned, not jailbreaking (iOS) or rooting (Android) a smartphone offers slightly more protection by allowing a standard vetting process from smartphone makers to help weed out Trojan apps.
Unlike large enterprises with their deeper pockets, smaller businesses can literally be bankrupted by a single online heist. As such, it makes sense to check out the bank's commitment to resolve fraudulent transfers before the fact; you may want to work with the bank that best looks after your businesses' interest in this regard.
Generally speaking, though, businesses are less protected than consumers in this area, with banks often reluctant to commit resources to investigate and recover stolen funds. SMBs can also find themselves left in a particularly bad position compared to larger companies that command a higher priority due to banks' concern over the potential loss of future businesses from them.
Have additional tips that SMBs can adopt to protect their financial transactions online? Feel free to chip in with your suggestions below.