Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

9/25/2009
03:35 PM
Keith Ferrell
Keith Ferrell
Commentary
50%
50%

Online Bank Fraud: 5 Riskpoints Your Business Needs To Worry About

How much do you know about the security habits, practices, technologies policies of your business's online bank and other financial services and institutions? Odds are, if Terry Austin of Guardian Analytics is right, it's nowhere near enough.

How much do you know about the security habits, practices, technologies policies of your business's online bank and other financial services and institutions? Odds are, if Terry Austin of Guardian Analytics is right, it's nowhere near enough.Think you know your online bank and all of the ins and outs of your relationship with it?

You probably need to think again.

Guardian Analytics provides online banking, anti-fraud and identity theft products and services. CEO Terry Austin is making some important points about your business's rights and responsibilities in terms of business banking fraud, and, refreshingly, he's doing so without over-hyping his company.

Certainly his points got me thinking about what small and midsized businesses can and should do to achieve a better understanding of their relationship to their banks.

Austin has five main points (their essence in bold below, followed by some of the things his thinking got me thinking about):

1. Know all of your financial rights, and how business rights differ from consumer rights: If your personal account gets tagged in an online scam, Federal regs require the bank to reimburse you, something not required for business accounts.

Find Out: Does your bank protect your business accounts from losses due to online fraud? If not, find out which of their competitors will protect you.

2. How up-to-date is your bank's security technology? What percentage of the institution's IT resources are devoted to proactive fraud monitoring systems? Does the bank go above and beyond the minimal requirements needed to hit compliance levels?

Find Out: Is your online bank minimally compliant with anti-fraud protection or does it manitain higher levels of alertness or monitoring?

3. Are you and your IT team doing everything you should to protect your side of the relationship? The nature of today's threat environment is such that you have to attend to daily anti-malware and firewall monitoring and maintenance. You can have the most secure and proactive online bank in the universe, and if someone's grabbed your business's identity, sign-ins, passwords or PINs, your business is in trouble.

Find Out:: Who's in charge of your business's online and communications security -- and how thorough and constant are they about making sure every device and connection involved in online banking is always fully updated, and every employee using those devices is well-grounded in online security habits and practices?

4. Do you monitor for unusual account activity? Does your bank? Unexpected, unusual or out-of-pattern bank transactions are about as red as red flags of fraud get. How closely do you or your employees monitor all business accounts? How promptly does your bank get in touch (or promise to) in the event of a potentially fraudulent transaction?

Find Out:: Does your bank offer transaction alerts or other services that notify you of unusual activity? Does your business take full advantage of these services?

5. How much do your business's financial managers know about online threats? Whoever is handling the day-to-day details and operations of your business's online banking needs to become at least conversant and at best expert in the nature of online threats. That's true if financial matters are a part-time responsibility for one of your office staff, or if your business is large enough to have full time bookkeeping, accountancy or CF0 staff.

Find Out: How much do your financial staff members know about online threats? How up-to-date is their knowledge? How close is the communication between financial staff and IT security staff (or vendors on both sides)?

On that last point, I'd actually recommend a conversation involving the financial staff, your business's IT security staff and a representative of the online bank you do business with.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
News
FluBot Malware's Rapid Spread May Soon Hit US Phones
Kelly Sheridan, Staff Editor, Dark Reading,  4/28/2021
Slideshows
7 Modern-Day Cybersecurity Realities
Steve Zurier, Contributing Writer,  4/30/2021
Commentary
How to Secure Employees' Home Wi-Fi Networks
Bert Kashyap, CEO and Co-Founder at SecureW2,  4/28/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-24259
PUBLISHED: 2021-05-05
The “Elementor Addon Elements� WordPress Plugin before 1.11.2 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method.
CVE-2021-24260
PUBLISHED: 2021-05-05
The “Livemesh Addons for Elementor� WordPress Plugin before 6.8 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method.
CVE-2021-24261
PUBLISHED: 2021-05-05
The “HT Mega – Absolute Addons for Elementor Page Builder� WordPress Plugin before 1.5.7 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by ...
CVE-2021-24262
PUBLISHED: 2021-05-05
The “WooLentor – WooCommerce Elementor Addons + Builder� WordPress Plugin before 1.8.6 has a widget that is vulnerable to stored Cross-Site Scripting (XSS) by lower-priv...
CVE-2021-24263
PUBLISHED: 2021-05-05
The “Elementor Addons – PowerPack Addons for Elementor� WordPress Plugin before 2.3.2 for WordPress has several widgets that are vulnerable to stored Cross-Site Scriptin...