Banking Trojans are back, and they're nasty.
Click on the wrong email, and hackers drain your firm's operating accounts.
Incredibly, many of these attacks even defeat your bank's two-factor authentication.
Here's a great article that explains how banking trojans bypass two-factor authentication.
So what should every business do to protect yourself against banking trojans?
The very best way to avoid banking trojans is 100% effective.
However, it's not very convenient.
The bottom line -- have a computer dedicated JUST to online banking.
Never use it for email, or to browse the web. Never do any other work on it.
Even better: follow the advice of Brian Krebs and run a copy of Linux from a CD. Nothing is ever written to your disk, so there is no risk of infection.
If you don't want to wrestle with Linux, maybe consider a cheap Chromebook for online banking. They're easy to use and, like Linux from a CD, almost impossible to infect with a virus.
Maybe this won't work in your company. If not, there are other things you can do, though they do require a bit of work.
Using a dedicated Linux or Chromebook not for you?
Here's a checklist we use with our clients to make sure their online banking setup is as strong as possible.
Use this to review everyone who can access online banking to make sure you're as safe as possible.
IMPORTANT NOTE: This applies to everyone who CAN access online banking. It doesn't matter if you regularly do or not. If you have an online banking account, you're vulnerable.
If you'd like to read more about various banking Trojans, you can search online for "Panda Banker," Emotet, "URLZone Banker," and Ursnif.
If you'd like help figuring out whether you're vulnerable to banking trojans, please feel free to contact us.