Hold the presses - something really important has changed. Washington Post security blogger Brian Krebs is now recommending that small and medium sized businesses no longer use Windows for financial transactions.
And here's another source with a similar view - I highly recommend reading the whole article, it's not long.
Why are people making such a radical recommendation? First, there have been quite a number of businesses and government entities, that have been scammed out of hundreds of thousands of dollars. All of these cases - at least so far, have exploited vulnerabilities on Windows.
One of the most publicized cases is Bullitt County, KY.
Here are a few others,
• Downeast Energy, $150,000, September, 2009
• Ferma Corp, $447,000 July, 2009
• Unique Industrial Product Co. $1,200,000 April, 2009
So far, there have not been any reports of businesses who use Linux or Mac OS X for financial transactions having been scammed. The vulnerabilites that have been exploited do not apply to these other operating systems.
My counsel is that businesses should read about these cases - it should take you less than an hour, and then evaluate your own situation.
Consider these questions/recommendations:
1) How similar are your setup and your financial practices to these companies?
2) It's likely a smart move to have a conversation with your bank - what are their practices in situations like this? Many of the affected companies simply had no way to recover the funds lost.
3) Would it make sense to investigate insurance policies for this kind of situation? Perhaps consulting your financial advisors, and/or insurance agent would be in order.
4) Another possibility is to upgrade to Windows 7 on PCs that are used for financial transactions. However, some vulnerabilities have already been discovered in Windows 7.
5) Do you have people on staff that already have knowledge of Mac OS X or Linux? Might it be worth having one or both of these operating systems available? Might you want to train someone on your staff for these alternate systems, so that you can be more flexible?
And, finally, note that Brian Krebs has posted good instructions on how to use a Linux CD, which is free.
Also, in spite of the reputed high cost, a new Mac Mini can be purchased for $599. Such a machine is easily able to do any e-banking a company may need, and one can run Windows on it, too. Just do the banking from OS X.
More to come, as we track this story, and consider other business solutions.