Cyber-attacks against small businesses are growing more sophisticated, says the American Bankers Association, which describes itself as “the voice” for the nation’s $15 trillion banking industry.

Criminals use spoofed emails, malicious software and online social networks to obtain login credentials to businesses’ accounts, transfer funds from the accounts and steal private information, a fraud referred to as “corporate account takeover,” the organization says.

To combat that type of fraud, the ABA—comprised of small, regional, and large banks that collectively employ more than 2 million people—is providing advice to small business owners.

“Our nation’s small businesses remain in the crosshairs of cybercriminals,” says Frank Keating, ABA president and CEO. “A strong partnership with your financial institution is the best way to prevent and protect your business against these attacks.” 

As part of a National Cybersecurity Awareness Month observance, the organization offered some tips to small businesses to help prevent account takeover. They included the following:

•Educate your employees. You and your employees are the first line of defense against corporate account takeover. A strong security program paired with employee education about the warning signs, safe practices, and responses to a suspected takeover are essential to protecting your company and customers.

•Protect your online environment. It’s important to protect your cyber environment just as you would your cash and physical location. Don’t use unprotected Internet connections. Encrypt sensitive data and keep updated virus protections on your computers. Use complex passwords and change them periodically.

•Partner with your bank to prevent unauthorized transactions. Talk to your banker about programs that safeguard you from unauthorized transactions. Positive Pay and other services offer call backs, device authentication, multiperson approval processes, and batch limits that help protect you from fraud.

•Pay attention to suspicious activity and react quickly. Look out for unexplained account or network activity, pop-ups, and suspicious emails. If detected, immediately contact your financial institution, stop all online activity, and remove any systems that might have been compromised. Keep records of what happened.

•Understand your responsibilities and liabilities. The account agreement with your bank will detail what commercially reasonable security measures are required in your business. It’s critical, the association says, that you understand and implement the security safeguards in the agreement. If you don’t, you could be liable for losses resulting from a takeover. Talk to your banker if you have any questions about your responsibilities.

To learn more, see ABA’s Small Business Guide to Corporate Account Takeover at aba.com.