Business Security | Protecting Your Business from Fraud
Protecting your company's information online is a team effort.
As much as most of us count on digital convenience, it carries the potential for others to access our financial and other information with criminal intent. To counter this, Banner Bank is always on high alert when it comes to cyber security and we have the tools to help your business stay alert as well.
Ready to enhance your company's online security? Our team of experts are ready to help.
At Banner Bank, we invest millions annually in technology, monitoring and training to protect your data.
You also play an important role in protecting your company’s vital information. The best way for you and your company to avoid being victimized by cyber crime or online fraud is to learn how to protect yourself and take action by following the simple steps, tips and links we've compiled here.
Tips to create powerful passwords
- Use a mix of upper and lowercase letters, numbers and special characters. Many experts recommend using passwords 12 or more characters in length.
- Avoid obvious names, dates and phrases. Examples include initials, birthdates, children’s names, pets’ names, last names, your alma mater, the current year, and anything that could be mined from your social media sites.
- Change passwords regularly; build requirements and reminders into your systems.
- Memorize passwords and avoid writing them down. This may seem obvious, but too often a “found password” provides a criminal’s entry point.
- Use passphrases to remember long passwords. A passphrase is a sentence rather than a collection of random characters, such as: IloveB0st0nintheSpring!
Digital factors to increase business security:
The following are actions your business can take to heighten security with regard to technology and your systems management and protocols.
Use a dedicated computer for your online banking.
Then, take it a step further by restricting access to all but a handful of sites needed to interact with the bank and manage your finances. Ensuring that your online banking computer can’t be used to visit random websites closes potential access points for cyber criminals and goes a long way in protecting your business. You can do this using custom firewall rules and host files, or services like Open DNS. The dedicated system works only if you access just your bank’s site from locked-down, dedicated machines. Making exceptions—even occasionally—undermines the whole approach.
Patch software in a timely manner.
Cyber criminals look for ways to exploit system weaknesses using viruses and malware, so it’s important to install all the regular patches and updates pushed out by your operating system provider and software vendors. If you’re not receiving notices, be proactive: mark your calendar with reminders to routinely visit their websites to check for updates and patches.
Protect computers and networks.
Install security and antivirus software that protects against malware, or malicious software, which can access computer systems without your consent.
Back up important systems and data.
Regularly backing up the data on your computers should be part of every company’s cyber management routine.
Consider all devices.
Mobile devices such as smart phones and tablets can be security challenges, especially if they hold confidential information or can access your company’s network. Allowing employees to access your company’s online banking functions using their personal devices, while convenient, adds risk. If you’re going to allow it, be stingy about who and why, and insist those devices have security passwords or biometric access, such as thumbprint or facial recognition.
Use security alert features.
At Banner, you can set up a variety of alerts in your online business banking that can indicate unauthorized activity or the need for further investigation. These include alerts for transactions above a specified amount or when your balance falls below a certain level.
Implement Positive Pay services.
Available through our Treasury Management team, these tools help you identify, review and halt ACH and check transactions that may be fraudulent.
Implement dual control procedures, multifactor authentication and use of security tokens.
Having one person initiate high-value transactions, such as ACH and wire transactions, and a different employee confirm and transmit them deters fraudulent activity. You can enforce dual controls like this using Banner’s Business Online Banking platform.
Multifactor authentication is when an online banking user's identity is confirmed first with a password or PIN, then with a secure access code that is sent to the phone or email address of record.
We also support security tokens that allow you to enter a unique code to approve and transmit ACH and wire transactions.
Employee training and practices to increase business security:
The employee role is essential in protecting your business from fraud and cyber crime.
Control access to data and computers, and create unique user accounts for each employee who has access.
Limiting access or use of business computers to a small group of authorized individuals is one of the simplest, most powerful ways to heighten security.
Facilitate security practices and training for employees.
Implement policies for your team on topics such as appropriate internet use, and set consequences for violations. Update and repeat training to remind long-term employees and include new members of your team.
Require strong login IDs and passwords.
This is essential for all employees and anyone else connecting to your network and online accounts via computer and mobile device.
Ensure that your employees know to never share login IDs and passwords.
Similarly, team members should never use the same login credentials for your online business banking that they use to log into any other website or social media such as Facebook, LinkedIn and Twitter. Cyber criminals use these platforms to gather data.
Remind colleagues to avoid using system features that save login IDs and passwords.
The small amount of time a person might save logging in is simply not worth the risk.
Educate all team members—employees, consultants or vendor—to avoid public Wi-Fi when accessing your online banking.
Public Wi-Fi is not sufficiently secure—it’s just too risky.
Train team members about the dangers of suspicious emails asking them to click on a link, open an attachment or provide account information.
Remind associates that cyber thieves use a variety of tricks and scams to obtain information and system access.
Have employees validate email requests to transfer funds or change payment instructions.
Cyber criminals have become adept at creating requests to transfer funds or change payment instructions that appear to come from a legitimate sender. Fraudsters often impersonate senior leaders in an organization, such as the CFO or CEO, but also pose as other employees or vendor representatives. Create a process for validating requests—via voice verification if possible—and foster a culture that encourages it.
Review and reconcile your accounts in online banking in a timely manner.
Doing so with an eye for irregularities is an effective way to detect fraud and mitigate further losses.
More advice and best practices to enhance your company's cyber security:
