Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

9/25/2009
03:35 PM
Keith Ferrell
Keith Ferrell
Commentary
50%
50%

Online Bank Fraud: 5 Riskpoints Your Business Needs To Worry About

How much do you know about the security habits, practices, technologies policies of your business's online bank and other financial services and institutions? Odds are, if Terry Austin of Guardian Analytics is right, it's nowhere near enough.

How much do you know about the security habits, practices, technologies policies of your business's online bank and other financial services and institutions? Odds are, if Terry Austin of Guardian Analytics is right, it's nowhere near enough.Think you know your online bank and all of the ins and outs of your relationship with it?

You probably need to think again.

Guardian Analytics provides online banking, anti-fraud and identity theft products and services. CEO Terry Austin is making some important points about your business's rights and responsibilities in terms of business banking fraud, and, refreshingly, he's doing so without over-hyping his company.

Certainly his points got me thinking about what small and midsized businesses can and should do to achieve a better understanding of their relationship to their banks.

Austin has five main points (their essence in bold below, followed by some of the things his thinking got me thinking about):

1. Know all of your financial rights, and how business rights differ from consumer rights: If your personal account gets tagged in an online scam, Federal regs require the bank to reimburse you, something not required for business accounts.

Find Out: Does your bank protect your business accounts from losses due to online fraud? If not, find out which of their competitors will protect you.

2. How up-to-date is your bank's security technology? What percentage of the institution's IT resources are devoted to proactive fraud monitoring systems? Does the bank go above and beyond the minimal requirements needed to hit compliance levels?

Find Out: Is your online bank minimally compliant with anti-fraud protection or does it manitain higher levels of alertness or monitoring?

3. Are you and your IT team doing everything you should to protect your side of the relationship? The nature of today's threat environment is such that you have to attend to daily anti-malware and firewall monitoring and maintenance. You can have the most secure and proactive online bank in the universe, and if someone's grabbed your business's identity, sign-ins, passwords or PINs, your business is in trouble.

Find Out:: Who's in charge of your business's online and communications security -- and how thorough and constant are they about making sure every device and connection involved in online banking is always fully updated, and every employee using those devices is well-grounded in online security habits and practices?

4. Do you monitor for unusual account activity? Does your bank? Unexpected, unusual or out-of-pattern bank transactions are about as red as red flags of fraud get. How closely do you or your employees monitor all business accounts? How promptly does your bank get in touch (or promise to) in the event of a potentially fraudulent transaction?

Find Out:: Does your bank offer transaction alerts or other services that notify you of unusual activity? Does your business take full advantage of these services?

5. How much do your business's financial managers know about online threats? Whoever is handling the day-to-day details and operations of your business's online banking needs to become at least conversant and at best expert in the nature of online threats. That's true if financial matters are a part-time responsibility for one of your office staff, or if your business is large enough to have full time bookkeeping, accountancy or CF0 staff.

Find Out: How much do your financial staff members know about online threats? How up-to-date is their knowledge? How close is the communication between financial staff and IT security staff (or vendors on both sides)?

On that last point, I'd actually recommend a conversation involving the financial staff, your business's IT security staff and a representative of the online bank you do business with.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
News
FluBot Malware's Rapid Spread May Soon Hit US Phones
Kelly Sheridan, Staff Editor, Dark Reading,  4/28/2021
Slideshows
7 Modern-Day Cybersecurity Realities
Steve Zurier, Contributing Writer,  4/30/2021
Commentary
How to Secure Employees' Home Wi-Fi Networks
Bert Kashyap, CEO and Co-Founder at SecureW2,  4/28/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-31755
PUBLISHED: 2021-05-07
An issue was discovered on Tenda AC11 devices with firmware through 02.03.01.104_CN. A stack buffer overflow vulnerability in /goform/setmac allows attackers to execute arbitrary code on the system via a crafted post request.
CVE-2021-31756
PUBLISHED: 2021-05-07
An issue was discovered on Tenda AC11 devices with firmware through 02.03.01.104_CN. A stack buffer overflow vulnerability in /gofrom/setwanType allows attackers to execute arbitrary code on the system via a crafted post request. This occurs when input vector controlled by malicious attack get copie...
CVE-2021-31757
PUBLISHED: 2021-05-07
An issue was discovered on Tenda AC11 devices with firmware through 02.03.01.104_CN. A stack buffer overflow vulnerability in /goform/setVLAN allows attackers to execute arbitrary code on the system via a crafted post request.
CVE-2021-31758
PUBLISHED: 2021-05-07
An issue was discovered on Tenda AC11 devices with firmware through 02.03.01.104_CN. A stack buffer overflow vulnerability in /goform/setportList allows attackers to execute arbitrary code on the system via a crafted post request.
CVE-2021-31458
PUBLISHED: 2021-05-07
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handlin...