8 Tips for Keeping Your Accounting Client Data Safe
Willie Sutton, a U.S. bank robber for more than 40 years, reportedly said that the reason he robbed banks was that it was “where the money was.” These days, one can say a similar statement about computers and online banking; they are targeted because that’s where we interact with our money these days.
In the near future our cell phones and other mobile devices may end up being another means to pay for items, but as we put all of these transactions online, are we doing anything to ensure our systems are as secure as it could be? Are we demanding our banking institutions do all they can to ensure our transactions are safe and secure?
The next time you go online and check your business banking account, consider this: Unlike fraudulent transactions on your credit card, the bank has no responsibility to replace the funds taken from your account. There is no FDIC insurance and no maximum loss of $50 per transaction. If someone wipes out your business checking or savings account, short of legal or police action, the bank is not responsible. The FDIC insurance that you think may provide protection only provides protection from the bank going out of business. If someone fraudulently takes money out of your account, there is no built-in protection from this.
Consider how we go online and check our bank accounts. Typically, it’s on the very same computer that has surfed to any number of websites, Facebook pages and receives any number of phishing emails. If your family member just went to an infected website that planted a keylogger on the computer, do you think it’s wise to use the same computer for your online banking transactions?
Online tip #1 – Dedicate a computer to be used for business purposes only. Do not let anyone in the firm use it for social website postings, random surfing or to open potentially phishing emails.
Keeping one computer dedicated to business means you can ensure that one machine does not stumble on random websites that were injected with infections. Think this is an extreme idea? Take the recent case of 500,000 WordPress-based websites that were used to infect Apple computer users. These sites were injected with malicious code many times, unknowingly by the WordPress site owners. WordPress, while being one of the major blogging and website platforms, suffers from a community coding model where someone’s miscoded plug-in may be an attack vector to gain access into the website. The website owner, as well as the plug-in owners’ website, has no idea of this sort of attack vector. Merely random browsing these days can infect your computer with browser-borne attacks.
Online tip #2 – Never open banking emails. Many successful attacks start with a phishing email.
Phishing is a funny name for a serious subject. Phishing is the act of sending an email to someone and tricking the person into opening up the email. The email can then be a method to infect that computer or trick the person into handing over a username and password to the other party. Even if you are POSITIVE that your bank sent you an email, I would highly recommend that you do not open up an email that looks like it came from your financial institution. Many computer criminals are targeting small businesses using specific phishing attacks to gain access to systems.
Online tip #3 – Check your bank balances for unauthorized transactions.
While many banks these days have very excellent fraud review techniques for credit and debit cards, they may not have the same techniques in place for online transfers. As a result, make it a point to reconcile bank balances on a regular basis and review the transactions clearing your bank. As you probably know and advise your clients, using the tools inside of QuickBooks is quite easy to do. Many banks now provide electronic services that connect your QuickBooks’ transactions to your banking institution. You can then download to your computer the bank statement transactions on a regular basis to ensure all transactions in the account were done by you. Do not wait until the end of the month to review your transactions; do it on a regular basis. In this case, going more online will actually allow you to be more secure.
Online tip #4 – Protect your Windows’ systems when they go online.
The computer you use to go online and do your very important business banking and accounting transactions should not be the most out-of-date and unprotected computer you own. Ensure that you have an up-to-date operating system and browser to do online banking. On a system that you dedicate for online banking, install an alternative browser like Chrome and ensure it is up to date. Make sure your antivirus is up to date and not the original one that shipped with the personal computer; it is probably months or even years out of date. Maintain the updates on that system by setting your computer to automatically download and install updates, as well as ensure your computer is opted into Microsoft Update for Windows machines. For Windows, click on the Start button, then Control Panel, then System and Security. Click on Turn Automatic Updates On or Off and then ensure that Give me updates for Microsoft products is selected. This will ensure you have updates for Windows as well as other Office patches.
Online tip #5 – Ensure everything else is up to date.
In addition to Windows updates, there are third-party programs such as Java, QuickTime, Flash, Adobe Acrobat and Reader that need updates as well because these programs have been used in past attacks. I recommend a free tool called Secunia PSI that will scan your computer and offer updates for a majority of third-party programs that are used in online attacks. Using this tool will help ensure your system is as up to date as it can be.
Online tip #6 – Consider a security suite that monitors more than just viruses.
While I’m not a fan of firewalls that alert you constantly to outbound connections from your machine, you may want to install a firewall on a computer you use for online banking. On a normal computer, they typically perform too much alerting, reacting to any sort of connection a website may have on your system. However, on a computer dedicated to online banking, you may wish to review outward connections to ensure that only those you authorize are the ones connecting.
Online tip #7 – Don’t just connect to any wireless access point.
The next time you are sitting in an airport, turn on your personal computer and scan for wireless access points, STOP and think about what you are doing. Do you have any sort of assurance from the provider of the service in the airport that the connection you just used to get online truly is the actual wireless access provided by the airport and not a rogue access point? Do you have any assurance that their connectivity is secured? Wouldn’t it be better to use the wireless access point to merely provide you access so you can then VPN or tunnel back to a secured connection and use that location to do any sort of banking transaction? Or, better yet, why not wait until you get back to a more secure connection before performing any sensitive transactions?
Online tip #8 – Don’t assume that another platform will be more secure.
Too many computer users believe that if they use a non-Microsoft platform, their system will be much more secure. A recent malware attack that led to Apple releasing a tool to remove the malware from systems shows us that the days of fewer attacks on alternative systems are coming to an end. As we move to electronic payment systems on mobile platforms, thinking that operating in a non-Microsoft environment, alone, will ensure you are safer, is fast becoming a myth. Ensure that any system you use, from mobile phones to laptops to tablet devices, are up to date with their security systems.
Adding a dash more paranoia to your online banking habits will ensure that you don’t get a rude awakening one day to find your computer accounts cleaned out. It has happened to other small businesses. It could happen to you. Be diligent, vigilant and always on guard.