Security Beyond the Network
Your bank accounts are at risk! IT Security goes beyond protecting your Organizations network from outside threats. Business owners need to look beyond the internal network at all their assets especially their financial assets. Financial institutions do a great job of protecting their network from outside threats and insuring the assets of their clients, but your money is still exposed. I wanted to share with you today the three threats our financial institution implemented for us to protect our bank accounts from unauthorized access.
Check Fraud – Unauthorized ACH Transfers – Hacked Login
Problem: Check Fraud: As Check Fraud has become increasingly easier to commit with access to check printers via amazon, anyone can print checks. But how do they get access to your bank account number, routing numbers, etc… Easy when you think about. Every check you write and send out has all the information these forgers need. That person processing your Electric Bill payment or your Cleaning Service payment can quickly take the information needed right off your check. They only need your bank account number, routing number, and Company Name. With that info, they can print their own check impersonating you. They just add their name and the dollar amount. Yes, it’s that easy. Scary huh? So, what can you do to protect yourself?
Solution: Positive Check Pay: Positive Check Pay is a system offered by most financial instructions eliminating this threat effectively. Every check cycle here at Sundog, we upload the check number, the payee, and the dollar amount to our bank. As checks come into the bank, they match them up to the list we submitted and if there is a match, the check gets paid. But if there is not a match, the processing stops and the bank reaches out to us directly asking for approval to process the check. Without our approval, the check does not get processed. Criminal foiled!
Problem: Unauthorized ACH Transfers: ACH stands for “Automated Clearing House”. Paying electronically has become more and more common as organizations continue becoming more efficient in the way they operate. The process of writing checks, mailing them out, and waiting days to have them processed is time consuming. These days, we send and receive payments via ACH on a daily basis. Many of our vendors retrieve their payment electronically directly out of our account streamlining the Accounts Payable process on our end. Eliminating the time sink of sending a check out to them for every invoice has been fantastic on our end. And now, many of our clients pay us via ACH as well. Through our financial institution, we can submit withdrawals directly out of our client accounts via a simple web interface streamlining our Accounts Receivable process too. But if it is that easy, how can you protect your bank account from someone you did not authorize?
Solution: ACH Blocks and Filters: Much like the Positive Check Pay features, we have informed our Financial Institution which organizations we have allowed to process payments via ACH. And, we have included a dollar amount range each institution is Authorized to withdrawal protecting us from a mistake on our vendors end when they fumble finger and add an additional zero. Now, when an ACH transaction comes through the bank that violates our approved list or listed amount, the bank notifies us instantly and will deny the transaction without our approval.
Problem: Hacked Login: We all know we are supposed to have complex passwords these days and that we are supposed to change them, but most of us are not that diligent. Time goes by quick and keeping track of all the different passwords needed these days is difficult. No excuse though, but it is common. Plus, we all have employees that have access to our online bank accounts as well and how well are they changing their online account passwords? The reality is that online accounts do get hacked by a variety of ways allowing the hacker to transfer your hard earned dollars right out of your account. Ouch! So, what can you possible do to eliminate this threat?
Solution: Multifactor Authentication: Multifactor Authentication (MFA) requires more than one form of authentication to complete the login process. But what does that mean? There are two common and easy to use forms of MFA that greatly increase security. The first being setting up text notifications when logging on. This form of MFA will send you a text message after submitting your username and password with a series of digits required to complete the login process. That way, if a hacker did have your username and password, they could not get into your account unless they had your cell phone as well. The second form of MFA is via an app on your smartphone. Microsoft, Symantec, and Google all offer Authentication Apps you can download on your phone. With this type of MFA setup, when you go to log into your online account, you will need your username, password, and 6 digit code from your app. This code usually changes every 60 seconds so you have to be quick. Like text notifications, a hacker cannot gain access to your account now with only your username and password.
I hope this information was helpful. Enabling these additional security measures on our bank accounts has really helped me sleep better at night. As the world becomes more and more digital, the threats will continue to increase as well. But don’t worry, the pros far outweigh the cons. You just can’t choose to ignore it. Embracing technology opens up so many more opportunities in efficiencies, in flexibility, and in profit.