Processing Your Payment

Please do not leave this page until complete. This can take a few moments.

Sponsored by: Webster Five
September 25, 2020

COVID-19 Environment Ripe for Fraud Attacks on Small Businesses

It is an unfortunate reality that cybercriminals will take advantage of difficult situations in an attempt to defraud businesses, and the COVID-19 pandemic is no exception. COVID-19 has created an environment that is ripe for fraud as billions of dollars in government aid and loans are distributed to businesses across the country, and many business owners are distracted with doing their best to keep their businesses afloat. The pandemic has drastically increased the number of transactions taking place online, and the sheer volume of these transactions has been a stress test for even the most robust digital banking systems. Business transactions are often the largest and most complex of these and even with careful monitoring and fraud protections in place, many businesses remain at risk. Remote workers accessing company systems from home networks create additional vulnerability, so it is more critical than ever to take steps to ensure your business accounts are kept safe. 

The Paycheck Protection Program (PPP), unsurpassed in scope and scale for the Small Business Administration (SBA), was rolled out in record time and many small businesses have looked to use these government funds as a lifeline. The potential for cybercriminals to defraud these businesses and attempt to obtain some of the funds provided by the SBA has increased exponentially, especially as a large number of employees work remotely. Now is the time for small businesses to review best practices for preventing fraud and evaluate what their banking institutions have in place to protect themselves.

There has been a significant rise in incidents of wire fraud over the past several years, and small businesses are a prime target. Wire fraud often starts as an email phishing scam sent to a business and introduces malware that tracks messages, specifically searching for finance-related communications. Once cybercriminals obtain the names of regular business payees, they work to either intercept legitimate transactions and redirect them or create fraudulent ones. Businesses should consistently remind employees to not open suspicious emails, especially if the email includes an attachment. In the ideal environment, businesses will have a designated work station to conduct transactions that is used only for that purpose. This station should not be connected to email or be used for internet browsing. 

It’s also a best practice for small businesses to evaluate the fraud protection services their financial institutions have in place. For example, Webster Five has a wire verification system that stops wire fraud in real time. Small businesses might want to consider opening a separate account for incoming wires so they do not provide a business account number that could leave significant funds vulnerable to cybercriminals looking to gain access to these funds.

Proactivity and vigilance are key for identifying and preventing fraud. Additional best practices to protect your small business include:

  • Enable Multi-Factor Authentication (MFA) for access to email outside your organization.
  • Be current with Operating Systems (OS) patches and updates. 
  • Keep all software up to date with your vendors’ latest releases.
  • Consider using an isolated/dedicated PC for high-volume/dollar amount internet banking transactions.
  • Install and maintain anti-malware software. Ensure that updates are configured to the manufacturer’s best practices and regular scans are scheduled.
  • Install and maintain a web filter to help protect against malicious websites.
  • Configure and maintain a firewall that will allow only services that are required for business purposes.
  • Communicate to all employees that strong passwords should be used and not stored on computers that are used for banking transactions.
  • Remove employee access promptly upon their leaving the company.
  • Remove local administrative rights from users’ computers to help prevent the installation of malware. 
  • Reference the Consumer Financial Protection Bureau’s website and other reputable online resources to stay up to date on the latest scams and how to avoid them. 
  • Become familiar with the applicability of laws and regulations to business owners to safeguard information.
  • Consider adding cyber security insurance to your company.
  • Consider using secure email to communicate sensitive information.

In 2018, 33 percent of organizations were subject to ACH debit fraud, and 20 percent were subject to ACH credit fraud, according to the Association for Financial Professionals’ Payments Fraud and Control Survey. Many financial institutions have ACH fraud protection for their customers, and it’s important to take advantage of it when available. To authenticate ACH transactions, Webster Five offers Check and ACH Positive Pay Services as well as ACH Filters and Blocks. When a non-issued check or unauthorized ACH transaction hits the account, the business is alerted to make a pay/no pay decision. Learn more about these services on our website

The COVID-19 pandemic has shown that many businesses can be extremely effective with a remote workforce, but there are still many fraud-related risks in the current environment. The work-from-home culture has gained strong footing that will continue long after the pandemic has passed. Unfortunately, businesses could be more vulnerable as employees transact business from outside the usual walls of the organization. Secure systems, along with vigilance, education and proactivity across all areas of your business and the financial institutions you rely upon must be maintained and consistently evaluated to mitigate risk. 

For additional resources to keep your small business protected from fraud and cybercriminals, visit Webster Five’s Safety and Security page

Jane Cullen, Vice President, Business Services Manager, Webster Five