Secure the machine that connects to your bank

Secure the machine that connects to your bank

There have been many articles over the past year about hackers using “Automated Clearing House” fraud to steal money from small and medium sized businesses. The basic premise is that a hacker will compromise the machine that handles bank transactions for your company and steal money directly from your business account.

ACH Fraud digram

This graphic is from “Fraud Advisory for Businesses: Corporate Account Take Over” created as part of a joint effort between the United States Secret Service, the Federal Bureau of Investigation, the Internet Crime Complaint Center (IC3) and the Financial Services Information Sharing and Analysis Center (FS?ISAC).

This document has some great recommendations, and everyone involved with corporate online bank transactions should check it out.

I would distill the advice down to one key step:  Designate a secure machine to do bank transactions that isn’t used for anything else. Don’t use this machine to browse the internet, check e-mail, or open any documents  not necessary to complete transactions.  When we talk about a secure machine, it should of course have all updates, anti-virus, etc.   It would also be preferable to have this machine on an isolated network.  Putting it behind a simple broadband router would provide a lot of benefit for little cost.   Even internal networks should be considered suspect in this sort of situation.

Here is another article for further reading: