How to Protect Your Business Against 'Corporate Account Takeover' Cybercrime
A new type of cybercrime threat that is rapidly coming to prominence in the financial sector is the so-called 'corporate account takeover,' also known as commercial payment fraud.
In corporate account takeover crimes, cyber-thieves gain access of a business' bank account, or other financially vulnerable accounts, by stealing valid credentials, such as account names, numbers, and log-in details. The theft of this information may occur through malware, or through social engineering (deceptive communications, such as phishing emails, or phony phone calls).
Other People Are Reading
Instructions
-
-
1
Isolate equipment. Consider using a dedicated computer for online financial transactions. Keep this computer independent of machines used for email, web-surfing, or more general Internet activities.
-
2
Establish dual control protocols. Require one person to sign-in to authorize payments, and a second person to sign-in to actually release payment. This greatly minimizes the chance of a successful account takeover.
Dual control protocol can be used for all financial transactions, or just for transactions above a certain set threshold. It depends on the cost-benefits for your organization of taking this extra security measure.
-
-
3
Use multi-factor sign-ins for user authentication. A combination of log-in steps, such as a user name, password and required keystroke combination, can be an effective measure to increase cyber-security and minimize the threat of cybercrime.
-
4
Terminate access in a timely fashion. When an employee leaves the firm, their log-on privileges for financial transactions should be immediately revoked. It's surprising how many firms fail to take this obvious precaution.
-
5
Keep anti-virus and other security software and procedures up-to-date. This is another obvious step that is all-too-frequently overlooked.
-
1
References
- Photo Credit thief image by jeancliclac from Fotolia.com
