Hackers and scammers are trying really hard to ruin your day. Is your business safe?
With cybercrimes on the rise, Atlantic Union Bank’s VP of Fraud, Fraud Manager, Sarah Fierst, shares some tips and tricks to help thwart a potential attack.
How long have you’ve been at Atlantic Union Bank?
I’ve been Atlantic Union Bank over 7 years. I’ve been in the industry for 10 years.
What are some common types of cybercrimes and fraud that target businesses?
Business Email Compromise is the main one. That’s when a vender or CEO’s email account gets hacked or spoofed. A hacker can see any correspondence and engineer an attack on their contacts.
For example, posing as a vendor they might ask the business to update their payment info or transfer them money. When a CEO’s or business owner’s account is compromised, a hacker might ask an employee to transfer to a fake account. The employee, thinking they are doing good, does it right away not knowing that their boss’s account was hacked. It’s fraud and could also potentially be money laundering. Surprisingly enough, writing counterfeit checks is another one. We’ve seen a rise in them recently.
What are five things small- to medium-size business can do to protect themselves from a cyber attack?
- Dual control is one of the best options, especially for business online banking. If your business computer gets compromised and a hacker goes in and creates a fake batch of ACHs and there’s a second user that needs to sign in to authorize it – in addition to the main user – you’ll hopefully discover the hack. It adds an extra layer of security.
- Use one computer in the office for online banking. Nothing else. No internet searches. No email. No downloads. No games. Banking, that’s it.
- Educate your employees on fraud. People are the weakest link. Employers need to train their employees on what NOT to do. Familiarize them with the types of online frauds, like Business Email Compromise for example. Teach them to be aware of the red flags.
- Scrutinize your emails. Know who you are talking to. When we see spoofing, it’s barely noticeable unless you look closely. For example: if I emailed you, would you know that my name is spelled with an “H” at the end instead of an “A?” Look closely at emails. Or, Atlantic Union Bank spelled with two “I”s in Union. If you looked closely, you’d see the misspelling. If you’re on your smart phone, its particularly hard to notice. And if you respond? You’re emailing a hacker. Follow up with a phone call to your vendor or bank, if you’re suspicious.
- Effective cyber insurance is good idea. You need to find an agent who accurately explains what you’re covered for though. Read the fine print and ask questions.
What’s the first thing a business owner or CEO should do if they suspect a financial security breach?
Contact your bank immediately.
Does Atlantic Union Bank offer Positive Pay and ACH Block to our clients?
We do. They’re very common and can help mitigate fraud. We also have Teller Positive Pay, which is specifically helpful for counterfeit business checks.
How do you, and business owners, stay up to date on trends?
I read everything. I’m part of the Association of Certified Fraud Examiners. I also have a contact at the FBI I talk with directly who keeps me up to date. If he thinks something might be a risk for the bank – for example, one of our ATMs may be targeted for some reason – he lets me know.
As a business owner, keep the Federal Trade Commission and FBI Cyber Security websites in your favorites. They’re both updated frequently with the latest information on fraud trends. Krebs on Security is also a great resource for cyber threat news. It’s a good idea to check in with these sites once a week or so.