"I am general manager of the recently established British
division of a small Canadian wholesale company. My task is to set up the
infrastructure for the British operation, including finance. Our bankers have
offered an internet-based e-banking service that saves me a lot of
administration time but I am worried about how secure it will be".
"Is online banking reliable for a small business and what extra controls
would you recommend to ensure the risk to the company’s funds are
minimized" Keith Falconer, Director of Forensic Services, says:
Internet banking can offer many benefits, but unless controls are properly
considered it can provide an easy mechanism for unscrupulous people, both within
and outside an organization, to divert company funds. It is
important to ensure that controls on access to the e-banking system am put in
place, with appropriate transaction limits. Everyone who is
using the system should have their own log, in de, tails. Having too few log-in
details can often lead to staff using each other’s. Not only does this destroy
any audit trail (审计跟踪), it also leads to the loss of the individual information
in a company. Password selection is also important. Each user
must choose an appropriate password, and one which is not vulnerable to attack
by a hacker. One method is to choose a memorable word but replace certain
letters with numbers and punctuation marks. For example, "password" could become
"p@55w0rd". There have been reports of "key-logging" software
being used by criminals record the keystrokes on a terminal in order to discover
the password. Network security, therefore, is essential before implementing
e-banking; a strong firewall should be in place to protect your system from
external attacks; security updates should be applied promptly; and the system
should be swept for viruses and spy-ware regularly One final
area to be aware of is the "phishing" scam (网络钓鱼), whereby an account holder
receives an e-mail claiming to be from the bank asking them to confirm or update
details. The account holder is redirected to a fake site and the details entered
are subsequently used to rob the account. All individuals with
access privileges to your e-banking system should be made aware of this. Your
bank will never send you an e-mail asking you to confirm your details, and you
should never respond to an e-mail purporting to be from your bank. Normal e-mail
is an unsecured system; your bank will establish a secure method of
communicating with you from behind the protection of your log-in. What is necessary before applying e-banking