Online criminals who siphon money from a business's account can ruin the business.
That's why business owners should put proper safeguards in place, experts on cybercrime say.
Between March 2010 and April 2011, small businesses lost about $11 million nationwide to cybercrime, while the nation as a whole loses an average of about $117 billion per year due to cybercriminals, according to officials from NBT Bank, who gave a seminar Wednesday at the Holiday Inn in Johnstown to promote awareness of cybercrime,
The Leader-Herald/Mike Zummo
James Terry, senior vice president of NBT Bank, gives a seminar Wednesday at the Holiday Inn in Johnstown regarding cybercrime.
The Leader-Herald/Mike Zummo
James Terry, senior vice president and director of operational risk and financial crime management, and Terra Carnrike-Granata, NBT's information security officer, have been giving seminars on cybercrime protection for the past two years.
Terry said keeping track of the new threats is the biggest challenge of his job because they always are evolving
"The risk never changes," he said. "It's always the person sitting at a computer that's clicking on a fake link."
Nine points of protection
Here are nine ways businesses can help protect themselves from cybercrime:
1. Banking PC: Conduct all personal and business-related banking activities from a stand-alone computer that has limited access to email and web browsing.
2. Dual Control: Initiate electronic transactions (such as payroll and wire transfers) under dual control, with a transaction originator and a separate transaction authorizer.
3. Daily Review: Reconcile all banking transactions daily and look for any unusual activity.
4. Beware of Phishing: Don't access websites from links in emails. Beware of emails offering a prize or discount and then ask you to enter a user ID and password. Many of these spoof emails are characterized by poor spelling and grammar.
5. Fresh Passwords: Change your passwords every 45 to 60 days.
6. Online Security: Frequently update antivirus and antispyware software.
7. Email Safely: Never include personal or sensitive data in response to an email.
8. Trust But Verify: Be suspicious of emails pretending to be from a legitimate institution requesting your access credentials (such as usernames, passwords, PINS, etc.).
9. When in doubt, call your bank.
Source: NBT Bank
The biggest risk mentioned at Wednesday's seminar was a trojan named Zeus, which is used to steal banking information from unsuspecting users by either logging the user's keystrokes once the computer is infected or form-grabbing, which is intercepting information typed into a browser before it is sent across the Internet.
One of the riskiest places, Terry said, is Facebook, which has 800 million users. Spam and friend requests from unknown people are common for many users.
"If Facebook were a country, it would be the world's third largest," he said.
Carnrike-Granata said there are three steps in most cybercrimes. The first is the virus, which is spread by either phishing emails or drive-by downloads - downloads that happen without the computer user's knowledge.
She said that can happen when a user runs the mouse over the computer screen and an ad is difficult to close. The virus can be downloaded in the background.
Phishing emails, she said, are emails that look real enough to fool a user into clicking on a fake link that will download the virus into a computer and set up cybercriminals to steal information.
"You don't realize you've become a victim until it's already happened," Carnrike-Granata said.
To keep from becoming a victim, she advised the crowd to never click on an email, but to copy and paste the link into the browser's address field.
Another way viruses can get into a computer, she said, is through "scareware." For example, a program can come up on a computer screen saying the computer has viruses on it, frightening a user into buying a program with the virus programmed into it.
"Know what your antivirus program is," she said.
The seminar offered nine steps to preventing cybercrime, such as having a separate computer for banking, reviewing your account daily, changing passwords and keeping your antivirus program updated.
Terry said when he asked if anyone had heard of the Zeus virus at a seminar two years ago, no one raised their hand. Wednesday, about half the people in the room raised their hands.
"The biggest thing is promoting awareness in the community," he said. "We partner with law enforcement, government and even other banks. As long as the public gets the message, that's the most important thing."
Mike Zummo is the business editor. He can be reached at email@example.com.