Does your farm hedge crops with a brokerage company or make transfers of money via the Internet? If so, your biggest risk might not be the market going against you. Rather, it might come from overseas. Organized crime syndicates in Russia and Eastern Europe have begun to raid bank accounts of U.S. businesses in a sophisticated and targeted online hacking scheme. The threat is real and growing.
If your farm uses online banking such as payroll account transfers, wire transfers or ACH transactions, you are a target.
How They Steal. In the past, cyber criminals attempted to get ahold of financial and credit card information by sending out mass emails. The new attacks pinpoint specific businesses and professionals. Here’s how it works:
1. Criminals research the farm. They use Google and other web tools to learn details such as names and emails of key managers. They might even call the farm and get additional information from your receptionist.
2. Armed with this information, they compose an email. It is addressed to a specific employee and contains just enough detailed information to trick them into opening a link. For example, they might email a manager with instructions to open a link about a supplier. The link opens to a Web page that looks real, leading the recipient to keep it open for a minute or so. During that time, malicious software (malware) loads onto the computer.
3. Once loaded, the malware begins to spread. It travels from computer to computer on your network until it recognizes a user who is making online banking transactions. The malware records keystrokes and sends them back to the hacker. Now the criminal knows the specific keystrokes required to make an online banking transaction. Equipped with the correct identification numbers and password, the hacker simply logs into your online bank account and directs an ACH transaction to an offshore account, effectively cleaning you out. The criminals have successfully penetrated your defenses.
Few Protections Exist. Whether the business owner or the bank is financially responsible for such attacks is in dispute. Banks typically deem these attacks to be the fault of the business, arguing hackers compromised the company’s computer system, not the bank’s. Lawsuits are ongoing on the issue. Meanwhile, it appears attempts to get banks to pay will be a long and possibly fruitless legal battle.
Insurance coverage depends on individual policies. Adequate insurance often is not in place, and many businesses are simply out the money with no recourse.
Safety Steps Essential. Reduce these risks by teaching employees to recognize and report suspicious emails and websites. This dramatically reduces the chances of the malware being planted.
Next, a strong firewall can help prevent malware movement. Protective software and stronger banking security measures can reduce malware’s effectiveness.
Finally, maintain an open dialogue with financial providers, especially your bank. Communicate to make sure enhanced security measures are in place. Multi-factor authentication and ACH white listing, if available from your bank, can be effective. Also communicate with your insurance company to ensure you are financially protected if this type of theft occurs.
If your farm banks online, take steps to prevent attacks. If you can minimize the risk using your in-house team, get started today. If you need outside help, call on payment fraud protection professionals.
Many farmers assume they are too small to be at risk for these attacks. You are never too small. If you perform any of these tasks over the Internet, it is not too late to start protecting yourself.