When you think of threats to your small business, you may consider competitors or individuals trying to steal your ideas, lack of customers, or poor economic conditions. You worry about how your product or service will do, or if you’ll make or have enough money to get through the year. One specific area of concern that you probably don’t consider is online bank fraud. In this modern day and age, the masked bank robber has gone out of fashion; the hacker is the new “it” criminal. And guess what? Your small business is the victim.
Ravix Group provides outsourced accounting for startups to help you identify and fix vulnerabilities regarding your human and digital resources. With the right accounting leadership, you can fill in the holes cybercriminals can exploit to get to your money.
Can Fractional Accounting Services Prevent Bank Fraud?
More and more small businesses are falling prey to ingenious hackers and cybercriminals who deplete their commercial accounts, with no way to regain the stolen money. Just one fraudulent interaction can completely decimate a company that took years to build. The small business is especially vulnerable because they don’t have the protection of a full scale I.T. department, nor do they have the advanced firewalls, sophisticated malware protection and cyber defenses that bigger businesses can afford to implement.
It commonly happens that in an effort to conserve funds, employees in small business environments are given inappropriate access to bank accounts and are not educated in the potential dangers of online banking fraud. Hackers specifically target small businesses with large commercial bank accounts for these specific reasons.
By embracing outsourced controller services, you can bring in an objective third party to assess the risks and train your staff on how to avoid phishing, smishing, and other ruthless tactics employed by hackers.
How Do Cybercriminals Hack Into Your Small Business Accounts?
Cybercriminals usually use three primary methods for their online banking fraud:
- Social engineering: This refers to the manipulation of account holders/users through the impersonation of a trustworthy source, like a bank, via electronic communication, usually asking for confidential information. These can take the form of emails, “phishing,” or text messages, “smishing.” Be aware of nonsensical greetings, a strange sense of urgency, abnormally sized or distorted logos, improper grammar, or incorrect links.
- Malware: This is when “malicious” software is installed on your computer without your knowledge or consent. This software can record keystrokes, redirect your internet browser or even impersonate you in online banking transactions. Malware can be installed through various means:
- Infected email attachments/documents
- Corrupt links
- Documents
- Videos or photos posted on websites (especially social media sites)
- Corrupt search engine results
- Combination of social engineering and malware: In these cases, social engineering is usually used to fool users in order to infect the computer with malware. For example, an account holder will receive a “phishing” email with a link attached. When they are fooled by the initial email and click the link, the computer is then infected by malware.
Your Bank Doesn’t Have to Refund Bank Fraud Losses
Many business owners incorrectly assume that the protection that applies to a personal bank account is the same for business accounts. If money is fraudulently taken from your personal account, the banks will work with you to regain that money, with no loss to you if caught in a reasonable amount of time. Unfortunately, unless the business account owners have specific fraud insurance that covers this kind of illegal activity, they must bear the brunt of the losses and take full responsibility. Usually, fraud insurance only covers employee embezzlement.
Once the money is gone, there is usually no way to get it back. This realization usually causes the business owner a great amount of anger directed at the bank. However, banks actually have no legal responsibility to reimburse businesses for fraudulent losses since federal regulations do not apply to commercial accounts.
Companies that have tried to sue their banks over this have consistently lost; this fraud is seen as the fault of the company and their lack of security precautions. Larger banks like Wells Fargo and Bank of America have more advanced pattern-recognition and monitoring systems. Banks should have automated capabilities to detect irregular or fraudulent activity in accounts, but because these systems are highly expensive, many smaller banks still rely on manual procedures. Despite the banks’ security precautions, or lack thereof, it always comes down to the individual business.
Depressing, right?
How Can You Protect Your Small Business Bank Account?
Fortunately, there are easy steps to take to protect your small business from this kind of fraud. These measures should always be taken — or you risk losing everything!
- Do not give out bank access information. Do not give out any login information or passwords, IDs, token codes or token numbers. If you receive an email, phone call or text message asking for this information, do not respond. Let your financial organization know immediately if this happens.
- Implement controls. Have qualified professionals document your accounting policies and procedures. Online payments, ACH, wire transfers and foreign exchanges should have “dual custody.” Reconcile your bank accounts monthly and always lock up your checks. Fractional CFO services providers, such as Ravix Group, can provide the leadership needed to oversee this process.
- Strengthen cybersecurity. One the most important steps to take, regularly update your antivirus/antispyware software and make sure that you have strong firewalls installed. If you are not savvy in this area and cannot afford a fulltime I.T. employee, spend the money on a high quality consultant that can help you with proper installation. Ensure that your servers and systems are updated with all vendor-recommended revisions.
- Educate your employees about the potential risks. Any employees with access to the company bank accounts should be instructed to never give out bank information to outside sources. They should be warned of “phishing” and “smishing” scams and given strict instructions on what to do if this happens.
- Dedicate one computer for online banking. This computer should not be used to browse the internet (especially social media sites) or have emails sent from it. This may seem excessive, but in the long run, the cost of a computer is nothing compared to the cost of losing your company.
- Monitor your bank account every day, multiple times a day. This includes holidays and weekends. Unfortunately, small business bank accounts are often not monitored closely enough or are supervised by an unfit employee. Cybercriminals move very quickly. They understand the timeliness of what they are doing, and they know how to work the system to their advantage. If you see anything suspicious, contact your bank immediately. If you wait, massive amounts of money can be transferred out in a very short amount of time. Often, you won’t be able to recover those funds.
- Only use trusted websites. Block access to any websites that carries a potential risk to your business or is not relevant to the business’ needs. If your computer warns you that a site may not be safe, do not visit the site.
- Use your bank’s notification or alert services. This is a service that most larger banks have – you can be alerted via text or email of any electronic debits or transfers. If activity occurs that you did not authorize, you will be notified immediately and can then take the necessary action.
Many small business owners think that this won’t happen to them because they believe they have taken reasonable precautions. Unfortunately, the number of cyber-attacks against small business bank accounts is rising. Before it’s too late, take these steps to protect your small business from suffering monetary losses or closing down.
If you need outsourced accounting and bookkeeping services to help you set up the proper controls, Ravix Group can help.
Ravix Group offers the best outsourced accounting services for early-stage companies in San Francisco. Contact us online or call (408) 216-0656 today to set up an appointment to discuss how your small business can avoid certain death at the hands of bank fraudsters.