Business Online Security Best Practices
COMMERCIAL ACCOUNTS AND GOVERNMENT ACCOUNTS ARE NOT COVERED UNDER REGULATION E:
In most circumstances you will be responsible for assuming the loss on fraudulent transactions. It is vital that you follow best practices for conducting online transactions.
What you can do:
- Employ all account controls made available by your financial institution. Certain products may allow you to choose from different features and set-up options that can reduce the risk of unauthorized activity. You should make sure you understand the choices you are offered. We urge you to make the choices that are safest in your circumstances, even if there may be some loss of convenience or additional expense. The choices you make can increase or decrease your risk of loss.
- Establish a separate account for the origination of each type of transaction. ACH origination / Wire Transfer etc.
- Only fund those accounts with enough funds to cover the planned transactions on a daily basis.
- Establish dual control over the setup and creation of new user accounts on the system, the setup of new payees on the system, and the initiation of ACH and wire transfer payments.
- Run summary reports of all transactions to ensure they are accurate.
- Review your transactions daily to determine if fraudulent activity has occurred.
- Maintain up-to-date anti-virus on your computer systems at all times.
- Stay up-to-date on patching your operating system, and all third party applications. Vulnerabilities in these applications are utilized by criminals for malicious and fraudulent purposes.
- Maintain an up-to-date spyware detection program and disable pop-ups.
- Install a dedicated firewall and actively manage and monitor it. A firewall limits the potential for unauthorized access to your system.
- Ideally, dedicate a single PC for online financial transactions and prohibit any other form of web surfing on this PC including email.
- Have the firewall specifically restrict access for the workstation to only the IP addresses of the financial institutions’ systems that your company utilizes. This will prevent individuals from surfing the internet on the PC and accidentally downloading malware that may compromise your account credentials.
- Utilize a unique, complex password (upper and lower case letters, numbers, and special characters where available) at least 8 characters long.
- Do not use the same password on multiple websites. When websites are compromised, criminals often try the compromised passwords on other websites due to people frequently using one password across multiple sites.
- Change your passwords frequently.
- Do not utilize dictionary words as part of your passwords.
- Prohibit user name and password sharing.
- Never use automatic login features that save your usernames and passwords.
- Verify you have a secure session with any transactional site by checking the browser line for "https."
- Never leave a computer unattended while logged into a financial transaction site such as your online banking site.
- Never provide your account number or username / password in any written communication. This is especially true of email. We will never ask you to verify or provide any personal or financial information within an email.
- Always use your pre-established links to access web sites. Never click on a link contained in an email.
- Be suspicious of emails requesting account information, account verification or access credentials such as usernames, passwords, PIN codes and similar information. If you are not certain of the source, do not click any links or open any attachments!
- Do not rely on an email for instructions to perform a financial transaction. Always verify by performing a call back via the telephone, text message or other trusted verification method.
- Do not let your employees perform online banking, payroll, or other company financial transactions from their home PC or from Internet cafes, public libraries, etc.
- Clear your browser cache in order to eliminate copies of web pages that have been stored on your hard drive.
Contact Us to report fraud immediately and see our recommendations for Corporate Account Takeover Victims.