What is Corporate Account Takeover?
Corporate account takeover is a type of fraud where thieves gain access to a business’ finances to make unauthorized transactions, including transferring funds from the company, creating and adding new fake employees to payroll, and stealing sensitive customer information that may not be recoverable
Corporate account takeover is a growing threat for small businesses. It is important that businesses understand and prepare for this risk.
Cyber thieves target employees through phishing, phone calls, and even social networks. It is common for thieves to send emails posing as a bank, court or the Better Business Bureau. Once the email is opened, malware is loaded on the computer which then records login credentials and passcodes and reports them back to the criminals.
Employee Education is Essential, but is Missing the Mark
You and your employees are the first line of defense against corporate account takeover. A strong security program paired with employee education about the warning signs, safe practices, and responses to a suspected takeover are essential to protecting your company and customers.
Ninety two percent of respondents to a recent survey indicated employee education of small business employees was effective in reducing the threat of account takeover. However, nearly 80 percent of respondents to a small business survey said they had no formal internet security policy, with almost half indicating they provide no internet safety training to employees.
How do I protect myself and my small business?
The best way to protect against corporate account takeover is a strong partnership with your financial institution. Work with your bank to understand security measures needed within the business and to establish safeguards on the accounts that can help the bank identify and prevent unauthorized access to your funds.
A shared responsibility between the bank and the business is the most effective way to prevent corporate account takeover. Consider these tips to ensure your business is well prepared:
Protect your online environment. It is important to protect your cyber environment just as you would your cash and physical location. Do not use unprotected internet connections. Encrypt sensitive data and keep updated virus protections on your computer. Use complex passwords and change them periodically. Educate and Train your employees
Partner with your bank to prevent unauthorized transactions. Talk to your banker about programs that safeguard you from unauthorized transactions. Positive Pay and other services offer call backs, device authentication, multi-person approval processes and batch limits help protect you from fraud.
Pay attention to suspicious activity and react quickly. Look out for unexplained account or network activity, pop ups, and suspicious emails. If detected, immediately contact your financial institution, stop all online activity and remove any systems that may have been compromised. Keep records of what happened.
Understand your responsibilities and liabilities. The account agreement with your bank will detail what commercially reasonable security measures are required in your business. It is critical that you understand and implement the security safeguards in the agreement. If you don’t, you could be liable for losses resulting from a takeover. Talk to your banker if you have any questions about your responsibilities.
Additional Measures You Should Take
- Secure your computer and networks
- Limit Administrative Rights–Do not allow employees to install any software without receiving prior approval.
- Install and Maintain Spam Filters
- Surf the Internet carefully
- Install & maintain real-time anti-virus & anti-spyware desktop firewall & malware detection & removal software. Use these tools regularly to scan your computer. Allow for automatic updates and scheduled scans.
- Install routers and firewalls to prevent unauthorized access to your computer or network. Change the default passwords on all network devices.
- Install security updates to operating systems and all applications as they become available.
- Do not open attachments from e-mail. Be on the alert for suspicious emails.
- Do not use public Internet access points
- Reconcile Accounts Daily
- Note any changes in the performance of your computer
- Dramatic loss of speed, computer locks up, unexpected rebooting, unusual popups, etc.
- Make sure that your employees know how and to whom to report suspicious activity to at your
- Company & the Bank
- Contact the Bank if you:
- Suspect a Fraudulent Transaction
- If you are trying to process an ACH Batch & you receive a maintenance page.
- If you receive an email claiming to be from the Bank and it is requesting personal/company information.
We strongly encourage our corporate customers to use the following list of websites as resources to better enhance their policies and practices.