Village View Escrow Inc learned the hard way that online banking is not an activity that should be taken lightly by a business. Poor email discipline led to the company’s systems being compromised and sensitive online banking credentials being compromised. The thieves then utilized their network to wire the money across the world causing significant financial loss to the company.
Of particular note is the bank was no friend to the business and also failed in several critical controls including:
1. Not following up on suspicious account security changes
2. Allowing suspicious international wire transfers without validating with the business.
3. Allowing excessive irregular financial transactions to occur.
An important thing to note is the bank is not assuming any of the responsibility for the loss so it is up to you to protect your business if you choose to partake in online banking. Trusting that the bank will protect you can put you out of business!
Company Exposure: Catastrophic financial loss of nearly half a million dollars that threatens the survival of the company
Lessons Learned & Possible Preventive Measures:
1. Online banking for small/mid size businesses is a risky proposition and should not be engaged in without risk mitigation steps. And don’t count on your bank to be your advocate even though they should be on your side.
2. Practice safe email usage and only click on expected documents from known individuals. Scan the attachments prior to launching them on your machine for additional protection.
3. Certain online banking controls that could have helped mitigate the risk include:
- Use of a dedicated PC for online banking that does this and nothing else (no email, no surfing, ever..)
- Get written confirmation that only certain customers should be receiving payments and any international phone calls require verbal approval.
- Configure bank balance and security change notices to go to a mobile device that will give you an additional safeguard if your other systems have been compromised.
Look for additional protection mechanisms in our upcoming online banking security guide.