Today, a network of cunning, organized criminals are engaging in cyber crime, netting billions from unsuspecting businesses. The threats are global in nature, very sophisticated and often difficult to prosecute. The term is “Corporate Account Takeover” and as a business owner you should be very aware of your company’s vulnerabilities and take the necessary steps to mitigate this threat.
What is Corporate Account Takeover (CAT)?
Corporate account takeover is the business equivalent of personal identity theft. Small to midsized businesses are the main target of such attacks, however any business can fall victim to these crimes. Corporate account takeover occurs when criminal entities obtain online banking credentials through a variety of tactics in order to drain accounts via ACH or wire transfers. Some common ways that a business’ system may be compromised are:
- Clicking on a link in an email that leads to an infected website
- Visiting legitimate websites, such as social engineering websites, that contain infected documents, videos or photos
- Using a flash drive that was infected by another computer
- Opening an infected email attachment
Sound Business Practices
It is important that business owners take steps to protect sensitive financial information and educate all users about cybercrimes. In an attempt mitigate these threats the following business practices are advised:
- Use appropriate tools to prevent and deter unauthorized access to your network including firewalls, anti-malware and encryption of laptops, hard drives, VPNs or other communication channels.
- Install robust anti-virus and security software for all computer workstations and implement multilayered security technology.
- Apply operating system and application updates regularly (patches).
- Disallow workstations used for online banking to be used for general web browsing and social networking.
- Disallow the conduct of online banking activities from free Wi-Fi hotspots such as airports or internet cafes.
- Educate all employees to think critically about all phone calls and emails received. If an email is suspicious, do not click on the link or open the attachment. Even an email that seems to come from a trusted source can be fraudulent. Watch for suspicious grammar and text that may signal a phishing email.
- Establish users for each employee and limit administrative rights.
- Maintain up-to-date contact information with the Bank.
- Stay informed about cybercrimes. Threats change rapidly and it is important to be aware of current trends in order to ensure your security practices are current.
- Reconcile accounts daily and contact Meridian Bank immediately to report any suspicious activity.
Financial Institution Security Controls
Business customers should take full advantage of options offered by Meridian Bank in order to reduce the risk of fraud. The following controls are recommended for customers who use the ACH or Wire modules through Meridian’s online banking service, NetTeller:
- Security Tokens
- Dual Control
- User Limits
- Email Alerts
- IP Restriction
- Online Access Time Restriction
Contact a Meridian Bank Representative at 866.327.9199 to discuss these free security options.