Consumers and corporations alike have turned to online banking platforms due to its convenience and efficiency. However, it has become a double-edged sword for businesses worldwide because as technology becomes ever more sophisticated, cybercrime threats continue to climb. In fact, according to a Global Economic Crime Survey, Cybercrime has climbed to the 2nd most reported economic crime and affects 32% of organisations.
Protection laws also work differently for businesses. Corporate organisations, especially SMEs, will find it more difficult to recover online account losses as there is typically a lesser degree of legal protection afforded to them.
Why cybercriminals target online banking platforms and their methods
E-banking platforms are a particular favorite of criminals as these transactions are 1) carried out over the internet which exposes them to these criminals’ methods of attack and malware tools; and 2) these transactions are specifically financial in nature and can thus be ascertained for fraud faster.
In order to pull off a cyberheist, cyber criminals also turn to a variety of tools and means to crack the security measures a company has put into place. The most basic of these is phishing and has since then involved to include malwares like trojans, which like their namesake, masquerade as harmless or even helpful software programs. In order to fully arm and protect yourself and your business from such attacks, it’s important to familiarize yourself with their mode of attack and how they are done:
- Social engineering. These attacks rely heavily on human interaction and seek to manipulate and mislead the user.
- Man in the Middle attacks involve an attacker or device that can listen or intercept transactions between a client and a server. Once done, it’s as simple as an attacker intercepting your login credentials or credit card information or directing you to a fraudulent website that can steal those sensitive information.
- Man in the Browser attacks function the same way as Man in the Middle attacks but in more sophisticated ways. These attacks can intercept your transactions and modify the details such as the payee and amount of money to be transferred.
Best practices for securing your corporate accounts
The above attack methods are only the most common means by which cyber criminals commit fraud and their methods will only evolve and grow ever more sophisticated as they learn news ways of phishing and pharming information. However, it’s just not practical for businesses to completely let go of online banking which remains to be a highly valuable tool in this fast-paced business landscape. Use these best practices in order to secure your online banking:
- Dedicate a computer for online transactions. If possible, use only a single, well-maintained machine for all your company’s online transactions. This machine should have the highest restrictions, meaning sites other than what is required to carry out the financial transactions should be screened by your firewall rules or by the IT system. This computer should also be regularly maintained and swept for malware.
- Implement multi-layer transaction controls. Online banking platforms for enterprises typically allow varying levels of security to be granted to authorized users. Make sure that these only go to the necessary employees. At the same time, create a system that requires two people to authorize or approve a transaction. This fundamental technique will not only lessen the risks of your organisation falling prey to cyber fraud, it also protects you from employee fraud.
- Comply with your bank’s minimum security requirements. Typically, this means installing and maintaining anti-virus programs as well as ensuring that your operating system remain up-to-date with the latest security patches. Ensure that the browser you use to access your online banking platform are equipped with the right encryption tools.
- Train your employees. You might have secure systems in place but if the people behind these systems are not aware of security risks, all of it will be for naught. Fight against social engineering attacks by equipping yourself and your employees with the means to fend of social engineering and phishing attacks. Put up reminders around your office such as warning against opening unsolicited URLs, never giving out their personal and company information, and always logging out of sites and systems. It’s also important to regularly invite experts to give cybersecurity talks. If you don’t have an IT personnel equipped to do so, you can always invite industry experts or consultants. What’s important is to educate and equip your employees.
- Consider outsourcing. Outsourcing certain tasks can tangentially increase security for your company. How? Security breaches oftentimes happen due to human error — employees seeking shortcuts thinking it might make them more efficient. Help your employees, especially those handling sensitive security and finance tasks, focus on their chief duties by outsourcing non-core tasks to experts, cutting the risks of shortcuts and slip-ups for a fraction of the cost.