For beauty business news, beauty store owners turn to Beauty Store Business. Beauty business trends, beauty business profiles and more!
Issue link: http://beautystorebusiness.epubxp.com/i/107814
SECURE SYSTEMS Why won't banks protect business accounts? One reason is legislative: Only consumers are protected by the Federal Electronic Funds Transfer Act, also known as "Regulation E." If timely notice is given by the victimized consumer, almost all of the stolen money is reimbursed. And here's another reason: Banks expect business owners to perform due diligence. "In the area of cybersecurity, banks expect businesses to possess a level of expertise higher than that of consumers," says McDermott. "For example, businesses are expected to maintain protection against malware and to train employees to avoid Internet sites where they can pick up viruses." A cyber attack most often begins when a hacker installs a rogue program on the computer of a targeted business. Called "malware," this program captures usernames and passwords for the company's online bank accounts. From there, it's easy for the hacker to access the account and wire funds to other financial institutions. And here's the really bad news: Computers give little indication they are infected with malware. Programs designed to detect rogue programs are often unable to identify the code written to hack financial data. "Once on your system, sophisticated malware may keep itself patched faster than your antivirus software updates itself," says Krebs. As a result, the only way to really cure a sick computer is to reinstall the operating system. What to do? Even small businesses without IT staffs can take basic security steps. "Make sure your computers have virus protection and the appropriate firewalls," suggests McDermott. "From the business practice standpoint, if you send out ACH [Automated Clearing House] transactions, set up a system of dual control so that one person initiates the transaction and a second person approves it before the bank accepts it. And look at accounts on a daily basis to spot unauthorized transactions quickly." Some experts suggest dedicating one computer solely to the task of online banking. Keep infections off the computer by prohibiting its use for email or for Web surfing other than bank-related sites. "Strip down the computer to whatever 56 March 2013 | beautystorebusiness.com software you need and nothing else," says Krebs. "And keep it up-to-date with the latest patches every day; don't fall behind. This applies to all your computers." Hackers constantly write new programs that exploit vulnerabilities in software such as the Windows operating system, Java and the Adobe Acrobat reader of PDF files. One final thing: Install the most up-to-date computer operating system because each iteration provides better security. "According to recent reports, 43% of the market is still on Windows XP," says Stephen Sims, senior instructor at Bethesda, Maryland-based SANS Institute (sans.org), a security training organization "We all have to move off these outdated operating systems to take advantage of the much better security features of modern releases." DEVELOP AND KEEP GOOD HABITS Modern operating systems with their native security features can do only so much. Employees must be trained on good computing habits. Here are some of the best. • Avoid email attachments. "Three out of four malware attacks come from emails with links that are clicked on by recipients," says Krebs. "If the browser is not fully patched, one click can do it: The computer is infected and there is no warning." • Surf safely. Undisciplined surfing can also be dangerous, points out Krebs. "Visit certain Web pages with a browser that is not fully patched and you can get infected by code in an ad banner or elsewhere on the page." • Bank securely. When visiting your bank's website, use a bookmark that points to the institution's secure "https" page. In other words, go directly to "https://www.bankname.com." In contrast, going to "www.bankname.com" can allow attackers to exploit your unencrypted connection, making your data easier to capture. • Review bank statements. Monitor your monthly bank statement closely for unexplained financial activity. "Many attacks involve scraping small amounts from many accounts versus large amounts from a few accounts," notes Sims.