As a business owner, you are faced with taking risks in order to create a successful organization—and financial challenges are at the top of the list. Nowadays, this includes combating cybercriminals. According to the FBI 2021 Internet Crime Report, the cost of cybercrimes in the U.S. reached $ 6.9 billion in 2021. The Hiscox Cyber Readiness Report 2022 found that the average financial cost of cyber attacks to a small U.S. business was $25,612 last year. The same study found that 23% of small businesses had suffered at least one cyber attack in 2021.
Lack of resources to fight cybercrime and lack of awareness are the greatest reasons that cybercriminals are choosing to target small and midsize businesses. Finding a progressive banking partner who can give you the tools and knowledge to help you combat cybercrime can be critical to protecting your business.
Identifying the Cyber Criminal
Who are these cyber criminals? Today’s cyber criminals who are trying to “hack” or obtain unauthorized access to your accounts are motivated by financial gain, and they have the organization and funding necessary to execute a well-orchestrated attack. Cyber criminals electronically initiate fraudulent transactions by using stolen online credentials. These activities are described as corporate account takeovers.
In a corporate account takeover, cybercriminals gain access to a business’s bank account by stealing its online banking credentials. According to NACHA, small businesses are increasingly targeted in this way because they “do not have the same level of resources as larger companies to defend their information technology systems.” Additionally, “many small businesses do not utilize additional banking services, such as password-generating tokens, and do not monitor and reconcile their accounts on a frequent or daily basis.”
Unfortunately, social engineering or “people hacking” techniques such as phishing or tricking someone into opening up malicious attachments or clicking links are still effective because the human has always been the weakest link in the security chain.
One misstep by a single employee at a business can be the opening that a cyber-thief needs to gain a foothold within an organization's computer systems. Once inside the system, a hacker may install malware that can infiltrate and encrypt files. Known as “ransomware,” hackers can use malware to demand payments from an organization or remotely capture keystrokes to gain access to employee accounts.
Companies are vulnerable to “phishing,” as employees are curious or often fail to take the time necessary to recognize the bait in the ruse. If an employee clicks a phishing link or opens an attachment, malware may be installed, particularly if the employee’s software is outdated.
Your organization can reduce the likelihood of malware infections by training your employees to identify various methods of cyber criminal attacks, regularly patching operating systems, applications, browsers and other helper applications and browser add-ons. However, patching requires frequent attention and can be easily overlooked — especially by businesses that have small IT departments or rely on a third party for patch management.
Partner with Your Business Bank
By joining forces, you and your bank can work together to combat cybercrime. For example, your bank can implement certain controls for clients with a higher risk of fraud, such as commercial clients with ACH/wire capabilities. One such control involves requiring two ways to authenticate users within online banking. Relying solely on a user login and password is a risky proposition in the internet banking world. A username/password is single factor authentication — “something you know.” Multi-factor authentication includes a second factor — “something you have” — such as receiving an out of band code. Out of band is defined as receiving information or a code using a different method of communication. Instead of receiving it via an internet medium such as email, the code is sent to your phone, received from an authenticator app, by text or voice greeting. Linking your mobile phone with online banking has proven to be effective in reducing the likelihood of corporate account takeovers. An analogy to multifactor authentication is using an ATM. Something you have — your debit card — and something you know — your PIN.
Protect Your Business Against Cybercrime
As banks implement new controls to combat ever more sophisticated threats, the other half of the equation is based on the controls you establish at your workplace. One additional layer may be dual authorization. Dual authorization requires two separate employees to be involved in drafting and confirming an ACH or wire. This reduces risk to your organization from an outside attack or collusion among internal associates. With dual authorization, two users of two different devices must touch the transaction. Typically, the first user drafts the transaction and the second user authorizes or confirms the transaction.
Another way to reduce the risk of cyber-attacks includes setting daily limits on transactional amounts based on your normal activity. If you don’t anticipate ever transacting more than $25,000 in ACH per day, then set a limit to that amount.
You can also do this for daily wire activity. Setting alerts, whether email or text, on sensitive security functions will keep you in the know about activities within your online banking environment. For example, you can set up an alert to receive a message when an incorrect password has been entered. Or you can receive an alert when a new user has been created in your online banking platform.
Finally, one of the best ways to combat cybercrime is to use a dedicated computer to perform your financial activities. This computer should be restricted to only access your banking websites—no email, web surfing or other activities. This reduces the risk of phishing or visiting a “drive by download” malware website.
Cybercrime is a real threat to the financial success of your business. Look for a banking partner who can actively help you mitigate your risk. Most banks offer products that follow regulatory guidance for high-risk transactional systems such as online banking. Out of band at the login and transactional levels helps reduce the risk of fraudulent activity occurring.
Within your workplace, consider adding additional layers such as setting limits, configuring alerts, employing dual authorization and even using a dedicated computer for banking. Together, you and your bank have a better chance of stopping fraud in the ever changing world of cybercrime. For additional resources, visit our Security webpage.