Online Banking for SMBs: Like Playing Russian Roulette
IT Connection Blog by Paula Musich
Summary Bullets:
- Before enabling online banking for payroll or other payments, SMB IT personnel should carefully review the bank’s security procedures and understand what guarantees the bank offers for securing funds against cyber losses.
- SMB IT managers should take special pains to educate the payroll manager on the risks and safe online behavior, and encourage hyper-vigilance in conducting company business online. If possible, a system should be dedicated to online banking, and blocked from accessing any other web sites or email.
Past studies have indicated that small and medium-sized businesses (SMBs) and non-profits are a target for cyber criminals because they don’t have the same level of protection that larger companies do. That is especially true for small and medium-sized banks, because they don’t have the same sophisticated online banking cyber-fraud controls that large banks have. That could be why the SMB/non-profit market has become so attractive to security vendors such as McAfee, which in the last year has made a concerted push to improve its presence and offerings for that market segment. In fact, security for SMBs is pegged to be about a $5.1 billion opportunity. Besides that bull’s eye they’re sporting on their backs, there’s another reason for SMBs and non-profits to be hyper vigilant about protecting their finances: should cyber thieves manage to gain access to their online bank accounts and steal their money, they are legally held responsible for the loss – not the bank. A Tennessee construction company found that out the hard way, according to security blogger Brian Krebs. Cyber thieves using the widely available Zeus Trojan toolkit managed to steal an employee’s user credentials as the user logged on to the firm’s online banking site, redirect the employee to a fake web page that claimed the bank’s site was under maintenance, and hijacked the employee’s online banking session to put through multiple fake payroll payments to a series of money mules. For some unknown reason, the bank failed to call the company for approval before it processed the automated clearing house payments, even though it had done so on a regular basis before the breach. Despite that lapse on the part of the bank, the construction company was left holding the bag. Read more of this post at http://bit.ly/Od4b4P
Media Contact:
Amee Singh
Sr. Director, Marketing Communications
pr@currentanalysis.com
About IT Connection
IT Connection is the premier source of unbiased analysis and assessments of IT equipment and telecom services. IT Connection provides easy-to-access, cost-effective, non-vendor-sponsored research to enterprise IT professionals. The assessments on IT Connection allow you to quickly, easily, and efficiently assess suppliers, access side-by-side product comparisons, determine the best technology solution to fit your needs, and receive real-time updates and analysis on breaking market-changing events. To join our community and interact with your peers and our analysts, visit us at www.currentanalysis.com/ITC.
About Current Analysis
Current Analysis (http://www.currentanalysis.com) has been helping leading telecommunications, information technology and business software companies improve their competitive intelligence, differentiate themselves in the market, and win more business. Current Analysis is the only provider of continuous, in-depth tactical competitive intelligence, analysis, and advice. For more than 15 years, sales teams, product managers, marketing professionals, and executives have relied on Current Analysis as a trusted partner to improve their ability to anticipate and quickly take action on market opportunities and competitive threats. The company serves more than 35,000 professionals at over 1,600 global enterprises.
Tags: