Cyber security: Online theft can be devastating
Imagine one morning going online to check your association’s finances and discovering there is nothing in any of the accounts. After you check and recheck and check again that maybe you’re just not doing something right, you finally call the bank: indeed, the association’s coffers have been cleaned out.
Panic gives way to realization: your association has become a victim of cyber theft, which grows as fast as technology develops.
Everyone - staff, leaders, members – ask, “How could this have happened?” Great question, because with vigilance and easily installed protections, the threat of cyber theft can be minimized.
But first, as with commercial businesses, associations need to know that if the theft is the association’s fault, there is little hope for an organization to recoup its losses from the banks under current regulations, according to Greg Schratwieser, CEO of ICI, a bank and credit union advisory firm. This is why it is important for associations to install security within their offices, as well as work with their banks to ensure the organization is protected.
He advises installing security software on all office computers. Invest in software such as Norton virus protectors, but there is even more thorough software now available at a reasonable cost that can detect and remove Trojan horses.
“If an association is banking online and they have a Trojan horse on one or more of their PCs, they can be completely cleaned out,” Schratwieser said. And while cyber thieves are usually after money, for associations there is the added concern of keeping membership information secure.
Other best practices for staff that Schratwieser offers:
- use caution when opening attachments in e-mails
- install security software updates
- keep personal information to a minimum on Facebook and other social media
- switch off work computers at night
- close other applications when conducting financial transactions.
Schratwieser and Access National Bank online banking expert Kimberly Clifford both believe educating staff is key. “Associations need to know about the threats, how they spread and what actions they can take to prevent or minimize the negative impact of cyber threats. We continually educate our customers through e-mail, statement stuffers, and messaging on the login page regarding the latest threats,” Clifford said. Other pointers she offers:
- Always log out. If you log into a website make it a practice to log out especially if using a shared or public computer, as they have an increased risk for spyware, viruses and other malicious criminal activities.
- Think before you click. Even if an e-mail appears to be legitimate from a known source be cautious when clicking on links within e-mails. Social networking sites, such as Linkedin and Facebook, are targeted by spammers, who send fraudulent e-mail requests with links that, when clicked on, download malicious software to steal online banking credentials. Whenever you get reminder e-mails from social networking sites, ignore the link and go directly to the site.
- Passwords. Use unique passwords to access online banking websites, they should be different form passwords used to access other websites.
- Don’t leave your “tabs napping.” Tabbed browsing makes it easy to navigate to several websites at a time without having to open new browser windows. This is a great convenience but make it a practice to close all tabs when they are not being used to eliminate the potential for downloading malicious software. And close all tabs when accessing online banking or other secure websites.
- Remove administrative computer rights. For businesses, this limits your employees’ ability to upload and download, thus diminishing the chance of unauthorized software downloading onto the computer.
Like Access, banks should also work with their association clients to establish a system of controls for funds transferring to help mitigate risks, Clifford said.
Details: www.accessnationalbank.com, greg@ici-consulting.com.
