Being secure: avoiding small-business identity theft and online banking fraud.Online transactions are easy, convenient and allow us to purchase and obtain items we'd never be able to purchase in the past. They allow us to more easily obtain our tax refunds, as well as transfer funds and process transactions. But as with most things, there's a dark side: What is convenient for us is convenient for attackers.We had several clients during tax season that suffered identity theft. We found out when we went to e-file their tax returns and were informed that one of the taxpayers had apparently already filed their returns. The IRS An abbreviation for the Internal Revenue Service, a federal agency charged with the responsibility of administering and enforcing internal revenue laws. indicated that identity then is massively increasing. We were told to file an affidavit of identity theft, Form 14039, and to contact one of the three credit bureau agencies to begin tracking and monitoring the credit history of the taxpayer. We obtained a report of Social Security earnings to confirm the amounts paid in the past are accurate. Clients impacted by identity theft will receive a PIN number from the IRS. which must be included on future tax returns that are filed. We're also seeing an increase in online banking fraud, especially among small businesses. Brian Krebs Brian Krebs is an American journalist, born in 1972, in Alabama. His father worked in the intelligence industry, and his mother was a homemaker. Krebs attended Fairfax High School, in Fairfax, Virginia, and then George Mason University, where he received a degree in , a former Washington Post journalist, has been tracking many online banking frauds and has watched as small businesses have had their bank accounts wiped clean by fraudsters who were able to obtain the credentials for the accounts. Think a fraudulent withdrawal of funds to your commercial or business banking account is limited to $50, like a fraudulent credit card transaction? Think you are protected by FDIC FDIC See: Federal Deposit Insurance Corporation FDIC See Federal Deposit Insurance Corporation (FDIC). : insurance? Think again. FDIC: insurance does not protect our bank account from fraudulent withdrawals. Von have no protection other than attempting to obtain the funds from the criminals that withdrew the funds. In many eases these criminals are located overseas and it would be difficult, if not impossible, to prosecute. Do you do everything you can to protect your online banking? Do you dedicate a computer for online banking and only use this computer for sensitive transactions? Do you ensure that you do not open entail from this computer? Keep in mind that criminals have used targeted phishing entails and java and browser exploits to plant keyloggers on computers. [ILLUSTRATION OMITTED] Consider the following tips to help you get started on a more secure online road. Dedication Dedicate it computer to be used for business purposes to ensure that you won't pick up a keylogger from random web surfing Refers to jumping from page to page on the Web. Just as in "TV channel surfing," where one clicks the remote to go from channel to channel, the hyperlink on Web pages makes it easy to jump from one page to another. 'fake the recent case of 500.000 Wordpress-based websites that were used to infect Apple computer users recently. These sites were injected with malicious code many times--unknowingly--by the Wordpress site owners. Wordpress, while being one of the major Wagging and website platforms, suffers from a community coding model where someone's miscoded plug-in may be an attack vector to gain access into the website. The website owner as well as the plug-in owner has no idea of this sort of attack vector. Junk the Email Never open unexpected banking entails. Many successful attacks start with phishing--the act of sending an email to someone and tricking the person into opening the email or attachment, which then infects that computer or tricks the perm fit into handing over a user name and password to the other party Cyber criminals are targeting small businesses using specific phishing attacks to gain access to systems. Keep Your Balance Regularly check your bank balances It unauthorized transactions and reconcile You bank balances. Do not wait until the end id the month to review your transactions. In this ease going online more sill actually allow you to be more secure. Check with your bank, too, if it offers additional protection, such as maximum limits on transfers that can be made. Clean Windows Protect your Windows systems when they go online. The computer you use to go online and do your business banking and accounting transactions should not be the most out-of-date and unprotected computer you own. Ensure that you have an up-to-date operating system and an up-to-date browser to do online banking. On a system that you dedicate for online banking, install an alternative browser like Chrome and ensure it's up to date. Ensure that your antivirus is up to date and not the original one that shipped with the computer. which could now be months or years out of date. Maintain the updates on that system by setting your computer to automatically download and install updates, as well as by ensuring your computer is opted into Microsoft update for Windows machines. For Windows click on the Start Button> Control Panel> System and Security. Click on Turn Automatic Updates On or Off and then ensure that Give Me Updates for Microsoft products is selected. his will ensure you have updates for Windows, as well as other Office patches. Newer is Better Ensure everything else is up to date. There are third-party program, such as Java. Quicklime quicklime: see calcium oxide. , Flash, Adobe Acrobat and Reader, that need updates and these programs have been used in past attacks. I recommend a free tool called Secunia PSI that will scan your computer and offer updates for a majority of the third-party programs used in online attacks. Keep Your Cool with a Firewall Consider a security suite that monitors for more than just viruses. While I'm Mil a Ian of firewalls that constantly alert you, to outbound connections from your machine and give off confusing alerts, you may wish to install one on a computer that you use for online banking. On a normal computer they typically perform too much alerting--reacting to any sort of connection a website may have on your system. But on a continuer dedicated to online banking, you may wish to be reviewing outward connections to ensure that only those You authorize are the ones connecting. Wary of Wireless Be cautious when connecting to wireless access points. How many times have you connected to a wireless connection in a hotel or an airport and not taken the time to ensure the connection is the actual wireless access provided by the airport and not a rogue access point (1) A wireless access point (AP) installed by an employee without the consent of the IT department. Without the proper security configuration, users have exposed their company's network to the outside world. ? Do you have any assurance that the connectivity is secured? 'Wouldn't it be better to use the wireless access point to merely provide von access so you can then VPN (Virtual Private Network) A private network that is configured within a public network (a carrier's network or the Internet) in order to take advantage of the economies of scale and management facilities of large networks. or tunnel back to a secured connection and use that location to do any sort of banking transaction? Or better yet, wait until you get back to a more secure connection before performing any sensitive transactions? Stable Platform Don't assume that another platform will be more secure. Too many computer users believe a non-Microsoft platform will be more secure. A recent malware attack that led to Apple releasing a tool to remove the malware from systems shows us that the days of fewer attacks on alternative systems are coming, to an end. As we move to electronic payment systems on mobile platforms, and toward More USC An abbreviation for U.S. Code. of non-Microsoft platforms, thinking that this alone will ensure you are safer is last becoming a myth. Check that the security systems on your devices, from mobile phones to laptops to tablet devices, are updated. More and more of our clients could thee these online threats. And more and more of us CPAs could suffer these same online security issues. Be diligent, vigilant and always on guard. BY Susan E. Bradley, CPA (Computer Press Association, Landing, NJ) An earlier membership organization founded in 1983 that promoted excellence in computer journalism. Its annual awards honored outstanding examples in print, broadcast and electronic media. The CPA disbanded in 2000. Susan E. Bradley, CPA, CITP (Certified Information Technology Professional) A specialty credential awarded by the AICPA to its CPA members who excel in the provision of technology-related business services. , MCP (1) See Microsoft certification. (2) (MultiChip Package) A chip package that contains two or more chips. It is essentially a multichip module (MCM) that uses a laminated, printed-circuit-board-like substrate (MCM-L) rather than ceramic (MCM-C). , GSEC GSEC GIAC Security Essentials Certification (computer security certification designation) GSEC Geophysical Survey and Exploration Contract GSEC Generalized Switch-And-Examine Combining is a partner with Tamiyasu, Smith, Horn and Braun. You can reach her at sbradley@tshb.com. |
|
||||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion