Winsett: Staying step ahead of online bank hacks

Winsett: Staying step ahead of online bank hacks

October 21st, 2011 by By Jim Winsett in Business Diary

Q: Is online banking advisable for small business owners?

A: Online banking is a great tool to help small businesses quickly and conveniently track financial information, as well as pay their bills and employees.

However, data thieves are targeting small business owners - and their employees - to get access to their online banking credentials and accounts so that they can make unauthorized money transfers. A small business can protect itself against increased liability on its financial transactions by using strong procedures to secure the credentials they use to access their bank accounts.

When practically everything is done on the Internet, it is extremely important to take the necessary precautions. Not only are your business' financials at risk when you do not secure your banking, but your employee's records may also be compromised.

BBB recommends the following guidelines to help you protect the computers used to access your bank accounts and online access credentials.

- Initiate a "dual control" payment process with your bank and employees. Ensure that all payments are initiated from your bank accounts only after the authorization of two employees. One employee will authorize the creation of the payment file and a second employee will be responsible for authorizing the release of the file. This process should be in place regardless of the type of payment being initiated - including checks, wire transfers, fund transfers, payroll files and ACH payments.

- Have dedicated workstations. If possible, restrict the use of certain workstations and laptops to be utilized solely for online banking and payments. For example, a workstation or laptop used for online banking should not be used for Web browsing or social networking.

- Use robust authentication methods and vendors. Make sure your financial service providers allow for "multifactor authentication." This means that you need more than just a username and password to access your account.

- Update virus protection and security software. Ensure that all anti-spyware, anti-malware, and security software and mechanisms are robust and up-to-date for all computer workstations and laptops used for online banking and payments. Implement a process to periodically confirm they remain up to date. Security patches are often available via automatic updates.

- Reconcile accounts daily. Monitor and reconcile accounts daily against expected credits and withdrawals. If you see any kind of unexpected activity on your account, notify your financial institution immediately.

Get answers to your questions each Friday from Jim Winsett, president and CEO of the Better Business Bureau Inc., which serves Southeast Tennessee and Northwest Georgia. Submit questions to his attention by writing to Business Editor Dave Flessner, Chattanooga Times Free Press, P.O. Box 1447, Chattanooga, TN, 37401-1447, or by e-mailing him at dflessner@