Protect Your Business in Today’s Computer Environment
With computer systems and the internet a vital part of today’s business world, it is imperative that you assess your computer environment to avoid becoming a victim of fraud and theft. Criminals have moved to the computer world to gain access to confidential information, commit fraudulent transactions and misuse personal information to commit identity theft. There are many resources available to gain knowledge of steps you can implement to mitigate the risk of information theft, fraudulent transactions and keep your environment safe. This guide provides information as to how cyber crime occurs, suggestions you should highly consider implementing, tools we have available to assist you, and additional resources for reference.
What Criminals Do:
Send spam email- unsolicited email from sources that have your email address; these types of spam email can contain embedded links or programs that can launch viruses and malware programs designed to crash your system, delete files, enable hackers to access your system or steal valuable, confidential information
Send Phishing email- unsolicited email from sources that have your email address; these types of phishing email try and trick the recipient into providing a user ID, social security number, credit card number, etc. They look as if they are from an official source, but are an attempt to extract confidential information.
Place links on social networks like Facebook, LinkedIn, etc.- when navigating these sites, messages and pages can be created with links embedded that can launch malware and viruses designed to crash your system, delete files, enable hackers to access your system or steal valuable, confidential information
Once malware (malicious software) or viruses are present:
- Embedded malware and viruses- once a computer is infected, these malicious programs can launch many different schemes. One type of malware program can block access to the actual Bank web site and redirect the user to a phony site developed to look just like the actual bank site. When the user attempts to log on, the criminal can intercept the login information from the phony site (including token information) and then access the actual bank site to log in as the user. The criminal is now logged on to the actual site as the user; additional attempts to log on by the actual user at the phony site will provide the criminal with an additional token number to possibly release a wire or ACH transfer from the business account.
- Keystroke programs- these types of malware programs can memorize user’s keystrokes and provide a criminal with information entered by the user via the keyboard to gain access to a web site with log in information (thus the reason for a security token to present a new set of numbers every 30 seconds)
What Your Business Can Do:
- Install anti-virus, anti-malware, anti-spyware software- acquire business specific anti-virus software as personal or free software may not protect you fully. Assure they are updated routinely once implemented
- Update computers regularly- perform regular updates for Windows, browsers such as Internet Explorer, Safari, Google Chrome and vital computer programs to assure all recent patches/updates are applied
- Maintain Dedicated Firewall for Network- keep intruders out with strict access rules to your network. For wireless networks, disable remote administration of the wireless hardware
- Establish a medium level of security on internet browsers- access browser settings to determine that browser settings are minimally at a “medium” level
- Establish a dedicated computer for Financial Transactions- if feasible, use a dedicated PC strictly for bank web site access and transactions or restrict PCs that will access financial web sites (no web browsing, email or social sites)
- Back up data files routinely- if needed due to a malicious virus, your data can be fully restored with routine back up files
- Protect devices that access the internet- security options are available for smart phones and tablet devices to limit risk exposure
- Train employees on internet security- review attached document with employees to educate them on different techniques used by criminals to perpetrate fraud. Establish policies on what actions employees can perform on the PC they use
- Remove access for employees no longer employed- if an employee is no longer with your company, have their log in credentials removed from access
What You and Your Employees Can Do:
- Don’t open/reply to unsolicited emails/unknown sources- malware and viruses are embedded within these phony emails; do not open or click on links within the email. Banks, government agencies, etc WILL NEVER send you an email requesting input of confidential information or data. When in doubt, contact them by phone
- Do not access banking sites from public or unsecured computers/internet networks- keep in mind that these networks and PCs are out of your control and any security established
- Never leave an internet banking session unattended
- Notify management or systems personnel immediately if PC functions strangely
- Assure confidential information is stored in secure folders and locations within network- STRESS how important it is to protect data for your company AND your clients
- Protect your IDs and passwords; Do not share IDs and passwords
- Only enter confidential data on encrypted web sites
- Always click “log out” within web sites you’ve logged into with an ID/password
- Do not use “automatic log in” or “remember me” options to bank web site
- Make a habit of checking the “last log in” date/time at top of the dashboard screen
- If the usual log in process suddenly changes from the ordinary, extended delay is encountered after entering credentials or if presented with a new screen to re-enter all information, DO NOT CONTINUE and DO NOT have another user attempt access from the same station. Contact eCorp support at American Chartered to report.
What The First National Bank of Ottawa Can Assist With:
- Set up dual approval for external funds transfers- require two separate users whenever possible, one to initiate /one to approve, for the release of all external wires, ACH transfers and ACH File Uploads. Dual approval can also be implemented to confirm set up of employee and template information
- Set Dollar limits based on expected transactions- dollar limits can be established on Wire/ACH transfers and ACH File uploads; set reasonable limits based on expected transaction estimates (if never wiring more than $10,000, your administrator can place a wire transfer limit of $10,000 for the company or specific user
- Use Alerts to notify users of activity- We have a variety of Alerts available for notifications to your email address, dash board online and phone via text message to alert you of transactions posting, transfers requiring approval, changes to user profiles, etc. Utilize them as a tool for notification; if an alert action is out of the ordinary, contact the bank immediately
- Log in daily to review transactions posting to accounts- it is critical to notify the Bank immediately should you see suspicious activity listed in your account transactions. Time is of the essence in disputing fraudulent activity
- Inquire about additional fraud prevention tools such as Positive Pay, and ACH Positive Pay- the bank can provide additional services that can enhance security related to checks and ACH items clearing. Speak to your banking representative about these offerings
- Review Invalid Log In reports periodically under Administrator tab- this tool can assist in reviewing invalid log in attempts and from specific IP addresses
Feel free to contact a Treasury Management consultant for assistance with these additional tools at 814.434.0044 or email@example.com.
Additional Resources Available:
Information on Internet security and best practices can be also found at:
FDIC: How to Guard Against Internet Thieves and Electronic Scams:
US Department of Justice: What Are Identity Theft and Identity Fraud?
Federal Trade Commission:
National Cyber Security Alliance: