Does your business wire funds in or out of the US? Do you think that you’re safe because you’re using a wire transfer service? Think again.
In a very interesting article, Panda Security conducted an in-depth study of multi-service businesses aimed at helping immigrants transfer funds internationally and found that there are some serious security holes. I think that this is pretty important because the security practices that are in use by most of these businesses are pitifully inadequate.
It is estimated that $126 billion is transferred every year at over 60,000 businesses like this and many of these businesses and their back end providers lack acceptable security measures. Panda Security’s multi-year assessment focused on the
greater Los Angeles, Calif. and Las Vegas, Nev. regions and encompassed an
observation of over 300 locations and approximately 1500 computers,
representing an estimated 0.45 percent of all multiservice businesses
nationwide. Panda Security was granted access at each site and conducted
assessments, interviews with the business owners, and an investigation of the
network security measures in place within each operation.
There are 2 lessons here:
1. If you generate wire transfers like this then track every one and make sure that the process is secure.
2. If you run one of these businesses, please start addressing network and end point security.
In fact, if you run any business, please start (or hopefully continue) addressing network and end point security.
At least 30 percent of
the 1500 computers directly observed had outdated antivirus software and an
alarming 60 percent were actively infected. In addition, many businesses had a total lack of security policy in place. It should go without saying that malware on a computer used to transfer funds is a bad thing. An infected machine could allow an attacker to monitor wire transfers and then someone to a location to physically intercept the funds by claiming the transfer with a fake ID. Given that no one is protecting these computers, this would be an extremely easy thing to do.