Malware and Online Fraud—The Biggest Risk May Be Your Reputation

  • May 21, 2015


  • Malware threats, cyberattacks, and online data breaches are becoming more sophisticated and more damaging, requiring companies to continually update technology and online security protocols.
  • Malware includes various malicious applications that are surreptitiously installed on a computer, smartphone or tablet, and are designed to secretly extract sensitive data or interfere with critical business operations.
  • Vigilance against malware and online threats requires coordinating employee training and updated software tools.

The 2015 AFP Risk Survey found that 34 percent of companies surveyed had been subjected to a cyberattack in the last 18 months. In the face of increasingly sophisticated attacks, companies need to be more diligent about protecting their company funds, intellectual property, and nonpublic customer information. Ignoring the problem could impact a company's bottom line through lost customers, lost sales, and cleanup costs and leave the company open to litigation from customers and authorities.

Malware on the rise

More than 60,000 cyberincidents were reported by federal agencies in 2013, up from 10,000 in 20061. The average cost of a data breach increased 15 percent to $3.5 million in 2014, according to the Ponemon Institute. The most effective way to protect your company is to take steps to secure the corporate Internet connection, the network behind the firewall, and individual employee computers from malware. Some types of malware, such as adware, are more a nuisance than harmful. Others, such as spyware, can be ticking time bombs. To reduce the threat of theft or loss, companies should institute clear policies governing online security and provide training for employees.

Methods of gaining access

Cybercriminals and malware developers employ clever means to get employees to unknowingly download malware. Once installed, malware can be difficult to identify and remove. Here are some common access methods used by cybercriminals:

Access method Prevention strategies
Inbound email
  • Beware of infected inbound mail. The most common customized malware delivery method is through a phishing or spear-phishing attack.
  • Regularly remind employees to avoid clicking on links from unknown senders or in messages that appear suspicious.
  • Regularly remind employees to avoid opening emails or file attachments from messages that have filtered into the Spam or Junk folder.
Trojan horse
  • Keep your antivirus software up to date to help detect Trojan horses.
  • Download and install software from the original sources. 
  • Watch out for copycat software or look-alike software in online stores.
Peer-to-peer network bundles
  • Avoid using peer-to-peer networks Require employees to use secure networks and monitor network usage.
  • If appropriate, monitor security protocols used by affiliates and partners and hold them to your standard.


Types of risks

A single employee opening a malicious email can have broad damaging consequences for your company. The malware could download a remote access tool that secretly records a user's activity and keystrokes. The potential for negative events include: 

  • Theft of company funds: Cybercriminals gain banking and other account credentials and passwords through malware, allowing them to steal and transfer funds to offshore accounts. 
  • Theft of nonpublic customer information: Data theft is as damaging to a company as a monetary loss, due to the loss of customer goodwill and potential fines and penalties. Target Corporation is expected to face a multi-billion dollar fine as a result of the 2013 data breach impacting 56 million customers.  
  • Damage to company reputation: In a recent survey, 51 percent of treasurers cited reputational risk as the most severe result of theft2. Cybercriminals – individuals and malevolent organizations – are known to "wipe and release," destroying corporate data stored on networks and releasing unfavorable information to the public. It can severely damage individual or company reputations, such as happened during the attack against Sony Pictures in 2014.
  • Risk of denial of service or cyberattack: Some malware are designed to take control of a computer to complete certain tasks and then spread to infect the entire company network. The processing power of so-called zombie computers can direct a denial of service attack, which cripples business operations.

Layered security is the best protection

The strongest approach to online security combines software tools, employee education, threat containment, and network monitoring to reduce risk. Together, they complement each other to create "layered security" for your organization. Here's a brief look at some best technology practices for companies today.

Best practice Technology quick tips

Prevent account compromise or hacking on online banking systems

  • Secure and change passwords regularly
  • Require dual approvals for payments
  • Enable out of band authentication
  • Install software, like IBM Trusteer Rapport

Protect against data loss

  • Secure your computers servers, and network
  • Back up your data regularly to ensure that, if lost, you can recover your information

Establish strong network protections and technical controls 


  • Use endpoint protection
  • Follow network security best-practices based on industry standards
  • Avoid single points of failure or overloading network segments
  • Monitor and alert on suspicious activity


Employee education and training also play an essential role in securing critical systems and data. Companies should provide all employees with clear, practical guidance on how to protect themselves and the company against online threats.

Getting started

Combating malware and online threats requires employee attention and the appropriate software tools. Protecting systems and networks through a layered approach to security provides greater peace of mind and increases the likelihood of achieving business objectives.


Contact us

Have questions on how to develop or enhance your company's fraud prevention plan? We are here to help. Contact your Silicon Valley Bank Relationship Manager or Global Treasury and Payments Advisor to start a conversation about fraud prevention. Visit the Fraud Prevention Center for additional information and best practices on protecting your company.


1Source: Government Accountability Office
2AFP 2015 Risk Survey

This material is provided for informational purposes only.