You’ve heard of the security breaches of large companies like TJX, which resulted in stolen data of tens of millions of credit and debit cards, along with millions of dollars paid to the Federal Trade Commission, credit card companies, banks and consumers. Perhaps you thought such a security breach could never happen to your company. After all, you’re just a local, small, mom-and-pop-type of business, right?
If that was true in the past, it certainly isn’t true any longer. Data thieves now include unassuming small businesses on their list of victims.
While Bank of Amerian Fork is taking all of the necessary measures to protect your online banking and account information, it does little good if you are not just as vigilant.
In honor of National Cyber Security Awareness Month this October, have your small business make a commitment to keeping its online financial information safe. Our team of e-banking experts have provided a list of tips to help you do this.
Establish dual control. Work with your bank to establish “dual control” over your account. Dual control requires approval from two individuals before any transactions, including check payments, wire transfers, funds transfers, payroll files and ACH payments, can be made. For example, one employee would authorize the creation of the payment file and a second employee would be responsible for authorizing the release of the file. This way, a hacker would need to breach two computer accounts in order to commit a fraudulent transaction.
Customize user controls: We have the ability to customize individual user controls, such as limiting certain users to certain types of transactions or allowing online banking access only during certain business hours or from certain IP addresses. Ask us how to employ these protections.
Use Positive Pay. Use our “Positive Pay” service that matches the account number, check number and dollar amount of each check presented for payment against a list of checks previously authorized and issued by your company. This ensures checks written by businesses are cashed by the correct parties and for the correct amounts, effectively thwarting the efforts of thieves who would alter checks for fraudulent purposes.
Get alerts. Set up customized email alerts that will let you know when certain online transactions occur, such as when an account falls below a preset amount or a funds transfer is made. This will provide you with an early warning of any fraudulent activity.
Use multi-factor authentication. Multi-factor authentication is a fancy way of saying that you need more than just a simple username and password to access your account. At Bank of American Fork, online business banking users are provided an ID token that provides a new, unique, numeric password every 30 seconds. If a thief happens to capture the password, they cannot use it outside of that 30-second timeframe.
Create strong passwords. One of the simplest but most effective things you can do to protect your company’s financial information is to use strong passwords. Create passwords using at least an eight-character combination of letters, numbers and symbols. Change these passwords often and avoid using automatic login features that save usernames and passwords.
Prohibit shared log-in info. If you have multiple people logging into your online banking account, ensure they all have their own username and password. If any suspicious activity occurs, this will allow you to see exactly who has done exactly what.
Reconcile accounts daily. Be vigilant in reconciling your business accounts daily. Check credits and withdrawals, and notify us immediately if you see any unexpected activity. Automated Clearing House (ACH) transactions are usually processed the next business day. If you catch a fraudulent transaction at the end of a business day, you may be able to cancel it before any funds are transferred.
Secure systems: Ensure your computers and servers are installed with up-to-date business-grade anti-virus software. Consumer solutions (paid or free) are not sufficient to protect sophisticated business systems. Operating systems (such as Windows XP) as well as software vendors (such as Adobe) typically have critical updates designed to fix vulnerabilities that can lead to compromised computers. Be sure to keep all business software and operating systems up to date.
Have dedicated workstations. The American Bankers Association now recommends that businesses use a dedicated PC for online transactions. A workstation used for online banking should not be used for surfing the web or social networking. In order to hijack your transactions, a criminal must first insert malicious malware onto your company’s computers, which is easier to do if that computer is regularly connected to the Internet or used for email.
Don’t get phished. One of the most common ways perpetrators try to obtain sensitive financial information is though phishing attacks, which is when fraudulent emails lead to fake websites where users are asked to enter sensitive information such as user names, passwords or credit card data. Oftentimes, both the emails and the websites appear to be legit. Don’t fall for this scam! Bank of American Fork will never ask for your sensitive information via email. If in doubt, call the company to verify the authenticity of the email. Be sure to train your employees on how to recognize and avoid getting phished.