INTERNET SECURITY
"I am general manager of the recently established British division of a small Canadian wholesale company. My task is to set up the infrastructure for the British operation, including finance. Our bankers have offered an internet-based e-banking service that saves me a lot of administration time but I am worried about how secure it will be.
"Is online banking reliable for a small business and what extra controls would you recommend to ensure the risk to the company's funds are minimised?"
Keith Falconer, Director of Forensic Services at PKF accountants says:
Internet banking can offer many benefits, but unless controls are properly considered it can provide an easy mechanism for unscrupulous people, both within and outside an organisation, to divert company funds.
It is important to ensure that controls on access to the e-banking system are put in place from day one, with appropriate transaction limits.
Everone who is using the system should have their own log-in details. Having too few log-in details can often lead to staff using each other's. Not only does this destroy any audit trail, it also creates a culture where important controls are routinely circumvented.
Password selection is also important. Each user must choose an appropriate password, and one which is not be vulnerable to attack by a hacker. One method is to choose a memorable word but replace certain letters with numbers and punctuation marks. For example, "password" could become "p@55w0rd".
There have been reports of "keylogging" software being used by criminals to record the keystrokes on a terminal in order to discover the password. Network security, therefore, is essential before implementing e-banking; a strong firewall should be in place to protect your systems from external attacks; security updates should be applied promptly; and the system should be swept for viruses and spyware regularly.
One final area to be aware of is the "phishing" scam, whereby an account holder receives an e-mail purporting to be from the bank asking them to confirm or update details. The account holder is redirected to a bogus site and the details entered are subsequently used to loot the account.
All individuals with access privileges to your e-banking system should be made aware of this. Your bank will never send you an e-mail asking you to confirm your details, and you should never respond to an unsolicited e-mail purporting to be from your bank. Normal e-mail is an unsecured system; your bank will establish a secure, encrypted method of communicating with you from behind the protection of your log-in.
CREDIT HISTORY PROBLEMS
