Business Security | Protecting Your Business from Fraud
Cyber security and fraud prevention is a team effort.
As much as most of us count on digital convenience, it carries the potential for others to access our financial and other information with criminal intent. To counter this, banks are always on high alert when it comes to cyber security.
At Banner Bank, we invest millions annually in technology, monitoring and training to protect our clients’ data. As a business owner, you also play an important role in protecting your company’s vital information.
Tips to create powerful passwords
- Use a mix of upper and lowercase letters, numbers and special characters. Many experts recommend using passwords 10 or more characters in length.
- Avoid obvious names, dates and phrases. Examples include initials, birthdates, children’s names, pets’ names, last names, your alma mater, the current year, and anything that could be mined from your social media sites.
- Change them regularly; build requirements and reminders into your systems.
- Memorize passwords and avoid writing them down. This may seem obvious, but too often a “found password” provides a criminal’s entry point.
8 digital factors your business should adopt:
The following are actions your business can take to heighten security with regard to technology and your systems management and protocols.
Use a dedicated computer for your online banking.
Then, take it a step further by restricting access to all but a handful of sites needed to interact with the bank and manage your finances. Ensuring that your online banking computer can’t be used to visit random websites closes potential access points for cyber criminals and goes a long way in protecting your business.
You can do this using custom firewall rules and host files, or services like Open DNS. The dedicated system works only if you access just your bank’s site from locked-down, dedicated machines. Making exceptions—even occasionally—undermines the whole approach.
Patch software in a timely manner.
Cyber criminals look for ways to exploit system weaknesses using viruses and malware, so it’s important to install all the regular patches and updates pushed out by your operating system provider and software vendors. If you’re not receiving notices, be proactive: mark your calendar with reminders to routinely visit their websites to check for updates and patches.
Protect computers and networks.
Install security and antivirus software that protects against malware, or malicious software, which can access computer systems without your consent.
Back up important systems and data.
Regularly backing up the data on your computers should be part of every company’s cyber management routine.
Consider all devices.
Mobile devices such as smart phones and tablets can be security challenges, especially if they hold confidential information or can access your company’s network. Allowing employees to access your company’s online banking functions using their personal devices, while convenient, adds risk. If you’re going to allow it, be stingy about who and why, and insist those devices have security passwords or thumbprint access.
Use security alert features.
At Banner, you can set up a variety of alerts in your online business banking that can indicate unauthorized activity or the need for further investigation. These include alerts for transactions above a specified amount or when your balance falls below a certain level.
Implement Positive Pay services.
Available through our Treasury Management team, these tools help you identify, review and halt ACH and check transactions that may be fraudulent.
Implement dual control procedures and use of security tokens.
Having one person initiate high-value transactions, such as ACH and wire transactions, and a different employee confirm and transmit them deters fraudulent activity. You can enforce dual controls using Banner’s Online Business Banking platform. We also offer security tokens allowing you to enter a unique code to approve and transmit ACH and wire transactions.
Best practices to enhance your company's cyber security:
The employee role is essential in protecting your business from fraud and cyber crime
Control access to data and computers, and create unique user accounts for each employee who has access.
Limiting access or use of business computers to a small group of authorized individuals is one of the simplest, most powerful ways to heighten security.
Facilitate security practices and training for employees.
Implement policies for your team on topics such as appropriate internet use, and set consequences for violations. Update and repeat training to remind long-term employees and include new members of your team.
Require strong login IDs and passwords.
This is essential for all employees and anyone else connecting to your network and online accounts via computer and mobile device. See the information above for passwords tips.
Ensure that your employees know to never share login IDs and passwords.
Similarly, team members should never use the same login credentials for your online business banking that they use to log into any other website or social media such as Facebook, LinkedIn and Twitter. Cyber criminals use these platforms to gather data.
Remind colleagues to avoid using system features that save login IDs and passwords.
The small amount of time a person might save logging in is simply not worth the risk.
Educate all team members to avoid public Wi-Fi when accessing your online banking.
Public Wi-Fi is not sufficiently secure—it’s just too risky.
Make sure you, your employees, consultants or vendors who must access your network do so using a secure connection.
The importance of avoiding public Wi-Fi when accessing your online banking cannot be emphasized enough.
Train team members about the dangers of suspicious emails asking them to click on a link, open an attachment or provide account information.
Remind associates that cyber thieves use a variety of tricks and scams to obtain information and system access.
Have employees validate email requests to wire funds.
Cyber criminals have become adept at creating requests for funds that appear to come from inside the company, including from the CFO or CEO. Let team members know it’s smart to question such requests without replying directly to the email. Diligent companies create a process for validating requests, and foster a culture that encourages it.