Here’s something for IT managers at SMBs to keep in mind: If a consumer’s bank account is hacked, the bank is liable. But if a business’s bank account is hacked, the bank is not liable. Since SMBs are in the cross hairs of cybercriminals these days, security pros recommend taking a few extra steps to shore up your online banking security.
Actually, security pros are bemoaning the fact that SMBs might as well have a “kick me” sign on their backs given recent evidence targeted cyber attacks against small businesses are increasing at an alarming rate.
A report by Symantec found targeted attacks against companies with 250 or fewer employees went from 18% in December 2011 to 36% in June 2012 – a whopping 50% increase.
Why the sudden surge? Cyber criminals have pegged SMBs as easy targets. They know full well many small businesses lack the resources needed to mount a solid defense.
Chances are if there’s a way past your network security, they’ll find it. And what’s the first item on their hit list once they’ve hacked into your system? Your business’s bank account.
Online banking offers many advantages for small businesses but if you’re hacked and the breach isn’t detected in time that money may be gone forever. Banks aren’t under any obligation to take responsibility for unauthorized transfers from business accounts.
Unless your bank is willing to go after your money, you’ve got fraud insurance or you can prove the hack was the bank’s fault in court, you’re out of luck. Even if you can demonstrate in court the bank was at fault, it will probably take years and years of litigation to reach a decision.
Still, there are a few things you can do to make online banking safer for your company, aside from standard network security policies and procedures. Security experts recommend you follow these three online banking security tips to keep cyber criminals at bay:
- Use a dedicated machine. Dedicate an office computer for online banking only — no email, no Web surfing. Before you start using it though, make sure it’s clean and your browser is up-to-date.
- For added security, use Linux, not Windows. Since the majority of malware is designed to exploit vulnerabilities in Windows operating systems, it’s better to log on from a Linux machine, if possible. You could install it on an old PC collecting dust in a corner somewhere, configure your current PC to dual boot to Linux and Windows, or boot from a CD. Here’s directions for how to do that.
- Scrutinize your bank’s security measures. Take a look at the level of your bank’s online security. At the very least, it should require two-factor authentication (more than just a username and password). Some kind of one-time security code issued to you via a key fob or text message to your mobile phone each time you log on is preferable. If your bank doesn’t offer robust protections, shop around for a new one.