How to Protect Your Business Against 'Corporate Account Takeover' Cybercrime
- 1). Isolate equipment. Consider using a dedicated computer for online financial transactions. Keep this computer independent of machines used for email, web-surfing, or more general Internet activities.
- 2). Establish dual control protocols. Require one person to sign-in to authorize payments, and a second person to sign-in to actually release payment. This greatly minimizes the chance of a successful account takeover.
Dual control protocol can be used for all financial transactions, or just for transactions above a certain set threshold. It depends on the cost-benefits for your organization of taking this extra security measure. - 3). Use multi-factor sign-ins for user authentication. A combination of log-in steps, such as a user name, password and required keystroke combination, can be an effective measure to increase cyber-security and minimize the threat of cybercrime.
- 4). Terminate access in a timely fashion. When an employee leaves the firm, their log-on privileges for financial transactions should be immediately revoked. It's surprising how many firms fail to take this obvious precaution.
- 5). Keep anti-virus and other security software and procedures up-to-date. This is another obvious step that is all-too-frequently overlooked.
Source...