Corporate account takeover is the business equivalent of personal identity theft. Cyber criminals, backed by professional criminal organizations, are targeting businesses to obtain access to their online banking credentials or remote control of their computers. These hackers will then drain the compromised bank accounts, funneling the funds through mules that quickly redirect the monies overseas into hackers' accounts.
As a business owner, it is your responsibility to understand how to take proactive steps to avoid, or at least minimize the threat of a Corporate Account Takeover.
BankTennessee recommends the following security procedures related to avoiding corporate account takeover risk:
- Use an access device that is dedicated solely to browsing to legitimate, known financial websites to conduct legitimate financial business. No other activity should be conducted on the dedicated device, including accessing email.
- Use a host-based firewall protection.
- Ensure that anti-virus/spyware software is installed, functional, and is updated with the most current version.
- Use the latest version of web browser with 'pop up' blockers enabled.
- Keep versions of operating systems, security software, and applications up-to-date and patched.
- Consider purchasing cyber liability insurance.
- Review your banking transactions daily.
- Do not batch approve transactions; be sure to review and approve each item individually.
- Use dual controls for high risk transactions such as wires, ACH, loan disbursements and external transfers. Have one user create the transaction; have a second user approve the disbursement from a different computer. This will reduce the risk of internal fraud, while at the same time making it more difficult for outside programs to find both usernames and passwords.
- Use your Administrator access only to create a log-in account to use exclusively when creating access rights and assigning roles to Authorized Persons, and a separate log-in account for use of the Services. This is to further reduce the risk of unauthorized access to the Administrator authority. Keep the Administrator password and token secure under dual control at all times.
- Establish transaction dollar limits for employees who initiate and approve online payments such as ACH, wire transactions and transfers.
Contact your Information Technology provider to determine the best way to safeguard the security of your computers and networks.