Cybercriminals are targeting small businesses with increasingly sophisticated attacks. Criminals use spoofed emails, malicious software spread through infected attachments and online social networks to obtain login credentials to businesses’ accounts, transfer funds from the accounts and steal private information, a fraud referred to as “corporate account takeover.”
 
“Small businesses remain in the crosshairs of cybercriminals,” said Joe Brannen, president and CEO of the Georgia Bankers Association. “You can shield your company from attack through a strong partnership with your financial institution.”
 
Combating account takeover is a shared responsibility between businesses and financial institutions. Bankers can explain the safeguards small businesses need and the numerous programs available that help ensure fund transfers, payroll requests and withdrawals are legitimate, accurate and authorized. Companies should train employees about safe internet use and the warning signs of this fraud, because they are the first line of defense.
 
“We’re far more effective at combating account takeover when we combine resources than going at it alone. We can teach you about the tools your business can use to minimize this threat,” said Brannen.
 
As part of National Cyber Security Awareness Month, the Georgia Bankers Association and American Bankers Association offer small businesses these tips to help prevent account takeover:
 
·        Educate your employees. You and your employees are the first line of defense against corporate account takeover. A strong security program paired with employee education about the warning signs, safe practices, and responses to a suspected takeover are essential to protecting your company and customers.
 
·        Protect your online environment. It is important to protect your cyber environment just as you would your cash and physical location. Do not use unprotected internet connections. Encrypt sensitive data and keep updated virus protections on your computer. Use complex passwords and change them periodically.
 
·        Partner with your bank to prevent unauthorized transactions. Talk to your banker about programs that safeguard you from unauthorized transactions. Positive Pay and other services offer call backs, device authentication, multi-person approval processes and batch limits help protect you from fraud.
 
·        Pay attention to suspicious activity and react quickly. Look out for unexplained account or network activity, pop ups, and suspicious emails. If detected, immediately contact your financial institution, stop all online activity and remove any systems that may have been compromised. Keep records of what happened.
 
·        Understand your responsibilities and liabilities. The account agreement with your bank will detail what commercially reasonable security measures are required in your business. It is critical that you understand and implement the security safeguards in the agreement. If you don’t, you could be liable for losses resulting from a takeover. Talk to your banker if you have any questions about your responsibilities.