Small Business Susan

Pick up the phone and check

DDoS Attack on Bank Hid $900,000 Cyberheist — Krebs on Security:
http://krebsonsecurity.com/2013/02/ddos-attack-on-bank-hid-900000-cyberheist/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+KrebsOnSecurity+%28Krebs+on+Security%29


“A few thoughts about this attack. If you run a business and suddenly find yourself unable to log in to your commercial account, pick up the phone and call your bank to inquire about any recent money transfer activity. Very often, malware that thieves use to steal banking passwords in these cyberheists will also redirect the victim to an error page that says the bank’s site is down for maintenance. If this happens to you, call your bank and ask them to check your accounts (don’t trust a customer service phone number offered on a “down for maintenance” page; call the number on your bank card or search online for the institution’s customer service number).


Also, get educated about the risks of banking online with a business account, and then take steps to make sure your organization isn’t the next victim. Regulation E limits the liability for consumers who lose money due to unauthorized account activity online (provided they notify their financial institution of the fraudulent activity within 60 days of a statement). Businesses do not enjoy such protections, although a couple of recent court cases brought by cyberheist victims against their banks have gone in favor of the businesses, suggesting that banks may find it increasingly difficult to disavow financial liability in the wake of these attacks going forward.


Finally, consider banking online with a dedicated system. This among several recommendations I include in a short list of other tips that small businesses should consider when banking online.”


==========


I’m installing EMET and Trusteer rapport here at the office.


EMET install info is included in the SMBKitchen tips.  PCI Compliance tips up next.



3 comments ↓

  • #   Richard Kenyon on 02.23.13 at 10:47 am     

    How’s Life? I google for “EMET and Trusteer rapport” and the first find (and others like it) show:
    “EMET (Enhanced Mitigation Experience Toolkit) is currently not compatible with Rapport.
    If Rapport is installed, you will experience difficulties starting your Internet browser.

    We are working with the vendor on resolving this issue.”

    Are you installing the two different products on two different systems?


  • #   bradley on 02.23.13 at 11:14 am     

    No I have it on one system. I don’t enable ROP settings for IE because it has issues with snipping tool. But ROP is enabled for Adobe with no issues.


  • #   bradley on 02.23.13 at 1:29 pm     

    EMET 3.5 btw not EMET 3.0