I hope you read the whole article, but I wanted to highlight a few items of particular interest:
- First, "the FBI are advising small and midsize businesses that conduct financial transactions over the Internet to dedicate a separate PC used exclusively for online banking." A nice start, but security has a significant "human" component and individually targeted "spear phishing" techniques create an initial compromise. Train your employees what to avoid and block all non-business activity on work networks and PCs.
- This should scare you: "Gartner's Litan tells acquaintances who run small businesses to switch from commercial online accounts to an individual consumer account. That's because consumer-protection laws require banks to fully reimburse individual account holders who report fraudulent activity in a timely manner. However, banks have taken to invoking the Uniform Commercial Code—a standardized set of business rules that have been adopted by most states—when dealing with fraud affecting business account holders. Article 4A of the UCC has been interpreted to absolve a bank of liability in cases where an agreed-upon security procedure is in place and a theft occurs that can be traced to a compromised PC controlled by the business customer". Small business owner, beware. As stated in teh article, "many cases end in civil disputes in which small businesses often lose".
- So is Internet banking "safe"? It is, assuming that account holders continually secure their PCs against cyber-intrusions.