Small businesses need to protect against corporate account takeover

Corporate account takeover is a growing concern for small businesses. According to the American Banking Association's 2015 Warning to Businesses the majority of corporate account data breaches affected organizations with fewer than 100 employees. By getting through a company's security setup, criminals have access to such valuable information. This data may consist of customers' names, addresses and stored credit cards, in addition to sensitive data generated by the company.

The importance of watching out and protecting against these threats cannot be understated. Small businesses, even if some have limited resources, have to take a proactive approach when it comes to security and effectively safeguarding against corporate account takeover.

Small buisness owner.

Every small-business owner needs a cybersecurity plan in place.

Why is this a threat?
Corporate account takeover can be classified as a type of fraud. If criminals were to gain access to a small business, they could make unauthorized transactions, steal unrecoverable customer information and transfer funds out of the company. They may even add fake employees to the payroll system and steal money via that method. According to a joint report conducted by the U.S. Secret Service and the FBI, most of the money stolen is never recovered. For a small business just entering the marketplace, stolen funds can be potentially back-breaking.

Luckily, there are a few ways small businesses can protect themselves from corporate account takeover. A strong security framework may not be put in place overnight, but these steps will eventually lead to one.

Start with education
According to the Secret Service report, most criminals gain access to a business by targeting employees, from accounting to the top senior executives. Everyone within a business is the first line of defense against potential threats, as some criminals attempt to steal workers' login information.

An educational program centered around strong Internet and business habits is a good starting point. For example, these programs can talk about the dangers of email phishing and how to avoid falling for fake emails. Most importantly, however, is the need for a strong password. In their annual list of the worst passwords, TeamsID found the worst passwords of 2014 were"123456," followed by "password." Stress the importance of a complex password to every employee, in addition to other safe practices, such as how to not fall for phishing attempts.

Education should cover all bases, including passwords and employees' usage outside of work. An intrusion on a personal computer can lead to a more severe attack, particularly if employees access work files while working from home.

Create a secure online environment
An educated workforce will only go so far and will be virtually worthless if a secure online environment is not in place. Network protection should be high on a small-business owner's list. IT departments will want to ensure networks and WiFi connections are protected. According to Entrepreneur, small businesses should disable their network's service set identifier and regularly update the password.

With so much sensitive information being exchanged, file encryption is also important. Both Windows and Mac operating systems have built-in encryption programs. Computers should already have anti-virus software installed, in addition to automatic updates turned on. While constant updates may seem annoying, they help patch up potential security flaws.

"Network protection should be high on small-business owner's list."

A secure online environment will ease the minds of workers and help small businesses spot unusual transactions, enabling them to act quickly and prevent further damage.

Always be proactive
Cybersecurity is not an issue that can be brushed to the side. Criminals are always adapting and looking for new ways to hack into networks and small businesses. Business owners have to do the same. This also includes working with banks to develop an action plan that deals with how to handle security breaches.

For example, owners should talk about unauthorized transactions with their bank. Through device authentication and a multi-person approval process, banks can help protect small businesses just as much as anti-virus software.

Small businesses that don't have employees with a strong IT background will want to utilize resources to develop a cybersecurity plan. The Federal Communications Commission, for instance, will help small businesses create customized cybersecurity plans. These plans should ideally include audits and other measures to protect against internal fraud, according to Business News Daily. Partnering with a third party to handle security is also a viable option if a business doesn't want to deal with it in house.

Businesses of every size have to take cybersecurity seriously. While small businesses may not have the same resources as corporations, they can still create viable plans to fully protect themselves. Protected networks and computers are a must, as are educational programs for employees that will stress the need for strong passwords. Through the combination of these efforts, businesses will reduce their chances of falling victim to corporate account takeover.

For more tips and updates on the latest in banking technology, contact Landmark Bank.

Back to Blog