Online Security Tips
Online banking offers customers an enormously convenient way to monitor their accounts and conduct financial transactions. But it can also expose users to an increased risk of fraud. Financial “cybercrime” is an increasingly prevalent problem around the world, and it results in millions of dollars in business losses each year in the United States alone.
The good news is that there are many steps users can take to significantly reduce the chance of being victimized by online financial fraud. The information provided below is designed to assist you in implementing sound controls and prevent fraudulent activity from impacting you or your company.
Common Vehicles for Fraud
- “Social engineering” is an attempt to manipulate you into performing actions or divulging confidential information by impersonating a trustworthy entity. Social engineering can occur via email (phishing), text message, phone calls and even web browser pop-up windows.
- “Malware” is malicious software that gets installed on your computer without your consent through email attachments, links within emails, infected documents, and visits to compromised websites or social media sites. Once there, it can record keystrokes, re-direct your browser, display fake websites or perform transactions even without displaying web pages to the user, all in an effort to impersonate your business in online banking transactions.
Your User ID, Password and Security Questions
- Do not allow your browser or other password tool to store and automatically populate your password on your banking websites. Passwords stored in tools that automatically populate fields on websites could allow a malicious user to recover your password.
- Use complex passwords consisting of upper- and lower-case letters, numbers and special characters; do not use names and special dates that may be known or determined by others.
- Do not write down or share your password or security questions with anyone.
- Use distinct passwords for each application or website you access. This will help mitigate the potential for all of the systems you access from becoming compromised if the password for a single site or application is disclosed.
- Protect your answers to security questions. Select questions and provide answers that are easy for you to remember, but hard for others to guess. Avoid choosing questions for which the answer can be discerned via social networking sites or public websites like Facebook and LinkedIn.
- Avoid using the same questions on other sites that you utilize to protect your online banking account. Please note: we will never ask you to provide answers to your security questions via email, phone, text message, etc.
Securing Your Computer
- Install and maintain antivirus and firewall software on all computers and mobile devices.
- Ensure your antivirus software is updated on a regular basis. Most antivirus software can be configured to automatically update on a weekly or daily basis – and even more frequently.
- Run anti-virus software in active or real-time scanning mode. This allows the software to actively scan all incoming messages, files or websites being accessed to identify and prevent malicious content from running on your computer.
- Run a full or comprehensive antivirus scan on a regular basis. Full or comprehensive scans may detect viruses or other malware that are missed by real-time scanning.
- Set your computer to automatically install operating system and software updates and patches. A fully updated and patched system is less susceptible to becoming infected with malware.
- Take note of unusual behavior, slowness, pop-up windows, etc. or other unexpected changes. If these are noted, have a comprehensive scan run against the computer with fully updated antivirus software. Do not access sensitive systems, websites or other applications until the computer has been verified to be safe.
- Do not access your computer with an Administrator (Admin) or Power User level account for daily use. Computers being run with general user level permissions are less susceptible to becoming infected with viruses, Trojans or other malware.
- Set your web browser to a higher level of security.
Securing Your Mobile Device
- Make sure your smart phone, tablet and other mobile devices are password protected.
- Download antivirus protection for your phone, tablet, e-reader or any other device that has mobile access to the Internet.
- Do not root or jailbreak your mobile device to get around limitations set by your carrier or device manufacturer. Rooting or jailbreaking your mobile device can remove protections built into the device to defend against mobile threats.
- Beware of everything you download onto your device, including applications. Only use reputable application markets. Verify the permissions the application requests to ensure they are appropriate for what the application is meant to do.
- Do not use public computers to access your online banking account or other sites that have sensitive information.
- Never disclose via text message, phone call or email your personal or financial information, including account numbers, passwords, Social Security number or birth date.
- Do not click on links or open attachments in emails, text messages, etc. from unknown sources or from known sources if the message contains odd, demanding or other language that could indicate the message has been falsified.
- Be wary of odd, strangely worded or unexpected emails from friends and acquaintances. This may indicate that their email has been compromised.
- Do not share confidential information through email, websites, social media, phone calls, etc.
- Implement web filtering (content filtering) to block access to websites known or suspected of being compromised or spreading malware.
- Educate employees of your business about the risks posed by phishing and malware, how they are spread and what to do if you suspect malicious activity. Repeat this message often so it remains top of mind.
Online Banking Security
- Establish dedicated computers for accessing online banking. These computers should not be utilized for accessing email or non-banking websites.
- Do not use public computers to access your online banking account.
- Avoid accessing your bank accounts at Internet cafes or from public Wi-Fi hotspots.
- Reconcile your financial transactions on a daily basis.
- Use separate computers to initiate and authorize transactions.
If you suspect your company is the victim of fraud or attempted fraud, act fast:
- Immediately notify all banks you do business with. They will help you assess the situation and take appropriate action, which may include placing holds and flags on your accounts to help detect future fraud attempts.
- Accounting department: 1-800-824-9198
- Disable user credentials on the account where the fraud occurred and for those users whose credentials may have been compromised.
- Perform a comprehensive antivirus scan on all computers (corporate and personal) that are used to access corporate information or banking sites.
- Identify gaps in your internal controls, and address them immediately.
- FTC.gov: Information from the Federal Trade Commission (FTC) to help you avoid identity theft and learn what to do if your identity is stolen. Select the “Consumer Protection” tab then the “Consumer Information” sub tab to access the most relevant materials.
- OnlineOnGuard.gov : Federal Trade Commission site provides practical tips to help you be on guard against Internet fraud, secure your computer, and protect your personal information.
- US-CERT.gov: United States Computer Emergency Readiness Team site provides information related to current activity or scams as well as publications on how to secure your computer.
- FDIC.gov: Tips from the FDIC about how to protect yourself from identity theft and fraud.