Cybercriminals are targeting businesses with increasingly sophisticated attacks. Criminals use spoofed emails, malicious software and online social networks to obtain login credentials to businesses’ accounts, transfer funds from the accounts and steal private information, a fraud referred to as corporate account takeover. We recommend following these tips to help prevent your business from becoming a victim of corporate account takeover:
- Protect your online environment. It is important to protect your cyber environment just as you would your physical location. Do not use unprotected Internet connections. Encrypt sensitive data and keep updated anti-virus and anti-spyware protection on your computers. Change passwords from the default to something complex, including at point-of-sale terminals.
- Partner with your bank for payment authentication. Ask about services that offer call backs, device authentication, multi-person approval processes, batch limits and other tools that help protect you from unauthorized transactions.
- Pay attention to suspicious activity and react quickly. Put your employees on alert. Look out for strange network activity, do not open suspicious emails and never share account information. If you suspect a problem, disconnect the compromised computer from your network and contact the bank. Keep records of what happened.
- Understand your responsibilities and liabilities. The account and service agreement with the bank will detail what commercially reasonable security measures are required in your business. It is critical that you understand and implement the security safeguards in the agreement. If you don’t, you could be liable for losses resulting from a takeover. Please contact us if you have any questions about your responsibilities.
We suggest the following resources to help you assess your risks and protect your business from corporate account takeover.