Threat is increasing for small enterprises; shunning the hard drive
[caption id="attachment_21457" align="alignright" width="324" caption="Mike Crowther protects his Engine Dynamics online accounts with Eric Burns' Secured for Banking service"][/caption]
ROHNERT PARK – Entrepreneur Eric Burns has come up with a solution for a problem a lot of businesses don't know they have. And finding out the hard way can be very, very expensive.
Secured for Banking, a low-cost subscription service, takes online banking transactions off a vulnerable hard drive, where sophisticated hackers are increasingly targeting commercial accounts.
"Most people don't realize that banks don't guarantee commercial accounts as they do personal accounts," said Mr. Burns.
"Banks take the position that they really have no control over their clients' home computer systems," said Mr. Burns. "And most small businesses and non-profits don't have sophisticated firewalls or dual authorization systems in place."
Federal laws don't require banks to reimburse customers whose business accounts have been hacked. According to the FBI, the last two years have seen about $40 million stolen from online commercial accounts.
Small to midsize businesses, nonprofits and schools are especially vulnerable to bank Trojans, malware programs that hop onto a user from a website or e-mail, follow keystrokes back to the user’s hard drive and from there get into their bank accounts.
Wire transfers are most often targeted, although some bank Trojans can extract money from an account while it's in use by restoring the original balance on the screen.
Bank Trojans have become so numerous and so cunning that the FBI and the American Banking Association issued an alert at the beginning of the year advising businesses to use only a dedicated PC for online commercial banking.
"It's a problem that's being played out in the courts," said Brad Hunter, senior vice president of electronic banking for Exchange Bank in Santa Rosa.
The most high profile court case in the North Bay was filed in April in Marin County Superior Court. In the suit against Bank of Marin, Novato Sanitary District is seeking nearly $182,000 that was not recovered from a of $514,000 cyber theft last year.
The Secured for Banking service supplies users with a quarterly CD containing the secured URLs of their particular banks. Transactions are made using the operating system on the dedicated CD, not on the hard drive.
According to Mr. Hunter, the solution sounds like a good one for a non-technical person of a business too small for dual authorization.
"It's a challenge for banks. We don't want to get too far into our customer's computers, but we realize business accounts need more protection and I expect to see some standards evolve."
Exchange Bank is getting ready to roll out – free of charge to customers – a security-boosting system developed by an Israeli software company called Trusteer.
The software adds pieces that block application programming interfaces to prevent malware from finding a foothold. The company boasts it has developed hundreds of these API blockers.
Mike Crowther, owner of Engine Dynamics in Petaluma, avoided online banking for years for fear of hackers.