CyberRobbers Attack Small Business Daily - Protect Yours

"As America runs on small business so do CyberRobbers. Almost everyone I know has received at least one email informing them of their recent good fortune in some foreign lottery. Those scams are easy enough to spot, the CyberRobbers themselves only make a half-hearted attempt at legitimacy. It's not the lottery that they are trying to sell you on but rather inserting a nasty little creature called a ""banking Trojan"" onto your pc's hard drive. Small businesses are a prime target as they usually have less sophisticated technology and less skilled employees or ""techies"" than larger corporations.

There are a number of ways they can go about their dirty little deeds and they come in a variety of flavors. Some of the 'banking Trojans"" are highly sophisticated and can actually fight against safe guards to protect your company's information, such as software to defeat single-use PIN codes, smart cards, security certificates and biometric scanners used commonly in ACH transfers and wire transfers.

Most small businesses with net income under $250,000 operate on limited funds and believe themselves safe from CyberRobbers because of the ""hands on"" banking approach. But even the smallest business with only one or two employees handling the financial transactions of the company can under attack. Online banking, while being extremely convenient for the small entrepreneur, is not as safe as the banking industry would lead the small guy to believe.

For instance, if a small business is attacked by CyberRobbers the bank may or may not return any stolen funds. If the bank determines the small business has not preformed due diligence in their own security it holds itself unaccountable. How is that possible, is it ethical? It is quite a gray area as to what due diligence is in the opinion of the bank.

The most common mistake a small business can make that does online banking is the lack of updated and strenuous anti-virus security protection and the installation and maintenance of firewalls. Such as a small business that purchases it's computer systems with pre-installed security systems like Norton Utilities fails to renew the subscription to Norton upon expiration, the small business is held at fault in case of attack by CyberRobbers.

Another frequent mistake one that I have experienced personally is the attack on the financial employee via another unrelated employee in the company. Most companies spend a great deal of time training their financial wizards to not touch any email that comes from an unrecognized source. In recent years it has become necessary to include recognized sources as well like the IRS and FedEx. The CyberRobbers are aware that the small business has become more suspicious so they change their tactics to go with the times.

For example, Employee A is the company accountant and is accustomed to the annoying and relentless emails of the CyberRobbers and very adept at ignoring them. Employee B is the company receptionist and receives an email to their account that states FedEx in the reference line, as they regularly receive the FedEX shipments they open the email. The message refers to a money transfer and they believe the email has been mistakenly sent to them so they forward the email to Employee A. Employee A noting the email has come from Employee B suspects it is to do with some sort of FedEx payment and reopens the email. Aha! Their company is now under attack.

The CyberRobber's evil little ""banking Trojan"" has been inserted onto the hard drives of the correct person. If the computer system of Employee A is fully protected it might dispel the attack and none the wiser. But as the CyberRobbers become more technologically advanced the likelihood of such a minor incident can become a major one.

For weeks after the attack the little bug can sit in the hard drive recording banking account log-ins by Employee A. Once they have the log-in information it is only a matter and time and the monies will begin to shift. Quite often the first monies deposited are insignificant amounts such as $0.30 or $.0.98 something not readily noticeable. Then within a few days and they've tested their account they either deposit sums to be extracted into other accounts, thus laundering their own dirty funds, or they withdraw whatever monies are available in the small business's account.

Therefore; proper training of all company personnel, updated security systems and regular maintenance such as all available updates for those systems is imperative to protecting your small business assets. Expecting the bank to reimburse in case of fraudulent use of your account is naïve and shows poor business acumen."