Does your Business Use Online Banking? You Might be Vulnerable to a New Attack!
In 2017, cybercrime was the most common crime in the UK with 4.7 instances occurring in England and Wales alone. These figures are only getting higher and you are now 30 times more likely to be robbed online than you are to experience a physical burglary.
These risks, unsurprisingly, extend to commercial online banking systems. Industry professionals have recently discovered a disastrous form of malware that targets these systems. This malware can detect the online banking system being used and runs automated scripts in the background while the user logs into their account. It can change existing account numbers and sort codes of payees in attempts to disperse scheduled outgoing payments into fraudulent accounts. It is specifically used to target commercial online banking systems, like the ones you may use at your organisation.
Industry experts believe this malware can operate in the following types of digital environments
- When online banking is accessed on a PC via a web browser
- When a template feature is used to make bulk changes to the payment details of information of beneficiaries
- When two-factor authentication is not required for downloading or uploading the payment beneficiaries’ template or payment files
However, there are precautions you can take to protect your organisation’s privacy and financial security from this malware:
Communicate with your banking service — If your online banking system meets each of the three pieces of criteria for this malware to operate, it’s crucial to contact your bank immediately to discuss your protection options. In addition, even if your banking system doesn’t meet the listed criteria, make sure your banking system uses two-factor authentication during key transactional processes.
Update your staff members — Seeing as your employees likely use the same devices that access your organisation’s online banking systems, ensure that all staff members are routinely trained on cyber-security best practices. This includes detecting phishing scams, periodically updating passwords and limiting access to sites that aren’t work-related, such as online shopping or social media.
Consider changing your processes — If possible, switch to using certain devices with the sole purpose of conducting online banking. Make sure these devices operate on a secure internet server—possibly a different provider than what the rest of your business uses to ensure business continuity. Lastly, ensure that these devices implement maximum cyber-security measures and are routinely updated. This includes processes such as system updates, safety firewalls and anti-malware scanning. Periodically test your devices to be sure they can detect and avoid an attack.
To find out more about cybersecurity and cyber insurance, request a quote through our website or call us on 0330 1240730!