Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

9/25/2009
03:35 PM
Keith Ferrell
Keith Ferrell
Commentary
50%
50%

Online Bank Fraud: 5 Riskpoints Your Business Needs To Worry About

How much do you know about the security habits, practices, technologies policies of your business's online bank and other financial services and institutions? Odds are, if Terry Austin of Guardian Analytics is right, it's nowhere near enough.

How much do you know about the security habits, practices, technologies policies of your business's online bank and other financial services and institutions? Odds are, if Terry Austin of Guardian Analytics is right, it's nowhere near enough.Think you know your online bank and all of the ins and outs of your relationship with it?

You probably need to think again.

Guardian Analytics provides online banking, anti-fraud and identity theft products and services. CEO Terry Austin is making some important points about your business's rights and responsibilities in terms of business banking fraud, and, refreshingly, he's doing so without over-hyping his company.

Certainly his points got me thinking about what small and midsized businesses can and should do to achieve a better understanding of their relationship to their banks.

Austin has five main points (their essence in bold below, followed by some of the things his thinking got me thinking about):

1. Know all of your financial rights, and how business rights differ from consumer rights: If your personal account gets tagged in an online scam, Federal regs require the bank to reimburse you, something not required for business accounts.

Find Out: Does your bank protect your business accounts from losses due to online fraud? If not, find out which of their competitors will protect you.

2. How up-to-date is your bank's security technology? What percentage of the institution's IT resources are devoted to proactive fraud monitoring systems? Does the bank go above and beyond the minimal requirements needed to hit compliance levels?

Find Out: Is your online bank minimally compliant with anti-fraud protection or does it manitain higher levels of alertness or monitoring?

3. Are you and your IT team doing everything you should to protect your side of the relationship? The nature of today's threat environment is such that you have to attend to daily anti-malware and firewall monitoring and maintenance. You can have the most secure and proactive online bank in the universe, and if someone's grabbed your business's identity, sign-ins, passwords or PINs, your business is in trouble.

Find Out:: Who's in charge of your business's online and communications security -- and how thorough and constant are they about making sure every device and connection involved in online banking is always fully updated, and every employee using those devices is well-grounded in online security habits and practices?

4. Do you monitor for unusual account activity? Does your bank? Unexpected, unusual or out-of-pattern bank transactions are about as red as red flags of fraud get. How closely do you or your employees monitor all business accounts? How promptly does your bank get in touch (or promise to) in the event of a potentially fraudulent transaction?

Find Out:: Does your bank offer transaction alerts or other services that notify you of unusual activity? Does your business take full advantage of these services?

5. How much do your business's financial managers know about online threats? Whoever is handling the day-to-day details and operations of your business's online banking needs to become at least conversant and at best expert in the nature of online threats. That's true if financial matters are a part-time responsibility for one of your office staff, or if your business is large enough to have full time bookkeeping, accountancy or CF0 staff.

Find Out: How much do your financial staff members know about online threats? How up-to-date is their knowledge? How close is the communication between financial staff and IT security staff (or vendors on both sides)?

On that last point, I'd actually recommend a conversation involving the financial staff, your business's IT security staff and a representative of the online bank you do business with.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Cybersecurity Industry: It's Time to Stop the Victim Blame Game
Jessica Smith, Senior Vice President, The Crypsis Group,  2/25/2020
5 Ways to Up Your Threat Management Game
Wayne Reynolds, Advisory CISO, Kudelski Security,  2/26/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
6 Emerging Cyber Threats That Enterprises Face in 2020
This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
Flash Poll
How Enterprises Are Developing and Maintaining Secure Applications
How Enterprises Are Developing and Maintaining Secure Applications
The concept of application security is well known, but application security testing and remediation processes remain unbalanced. Most organizations are confident in their approach to AppSec, although others seem to have no approach at all. Read this report to find out more.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-8741
PUBLISHED: 2020-02-28
A denial of service issue was addressed with improved input validation.
CVE-2020-9399
PUBLISHED: 2020-02-28
The Avast AV parsing engine allows virus-detection bypass via a crafted ZIP archive. This affects versions before 12 definitions 200114-0 of Antivirus Pro, Antivirus Pro Plus, and Antivirus for Linux.
CVE-2020-9442
PUBLISHED: 2020-02-28
OpenVPN Connect 3.1.0.361 on Windows has Insecure Permissions for %PROGRAMDATA%\OpenVPN Connect\drivers\tap\amd64\win10, which allows local users to gain privileges by copying a malicious drvstore.dll there.
CVE-2019-3698
PUBLISHED: 2020-02-28
UNIX Symbolic Link (Symlink) Following vulnerability in the cronjob shipped with nagios of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 11; openSUSE Factory allows local attackers to cause cause DoS or potentially escalate privileges by winning a race. This issue affects: SUSE Linux...
CVE-2020-9431
PUBLISHED: 2020-02-27
In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14, the LTE RRC dissector could leak memory. This was addressed in epan/dissectors/packet-lte-rrc.c by adjusting certain append operations.