- Do not use public or other unsecured computers.
- Review account balances and detail transactions on a daily basis to confirm payment and other transaction data and immediately report any suspicious transactions to your Client Advisor.
- View transfer history available through the account activity information.
- Whenever possible, make electronic payments instead of checks to limit the account number being exposed and to obtain better electronic record keeping.
- Whenever possible, register your computer to avoid having to re-enter challenge questions and other authentication information with each login.
- Never conduct banking transactions while multiple browsers are open on your computer.
- If feasible use a system dedicated to performing transactions. Not used for other personal use such as email or web browsing.
How to Avoid Being a Victim
- Never leave a computer unattended with personal or financial information displayed
- Never wire money to unknown individuals
- Never give out your personal information unless you initiated the contact
- Always verify whom you are doing business with
- Shred all documents containing sensitive and personal information
- Safeguard your social security number
- Monitor your credit report once every 12 months from annualcreditreport.com. You are entitled to a free credit report from each of the 3 credit reporting agencies (Equifax, Experian, and TransUnion)
- Use direct deposit whenever possible
- Register for the “Do Not Call Registry” - www.donotcall.gov
User ID and Password Guidelines
- Create a “strong” password with at least 8 characters that includes a combination of mixed case letters, numbers, and special characters.
- Change your password frequently.
- Never share username and password information.
- Avoid using an automatic login feature that saves usernames and passwords
- Use multifactor authentication methods whenever possible.
Tips to Avoid Phishing, Spyware and Malware
- Do not open any e-mails from unknown sources. Be suspicious of e-mails purporting to be from a financial institution, government department, or other agency requesting account information, account verification, or banking access credentials such as usernames, passwords, or PIN codes.
- Opening file attachments or clicking on web links in suspicious e-mails could expose your system to malicious code that could hijack your computer.
- Never respond to a suspicious e-mail or click on any hyperlink embedded in a suspicious e-mail. Call the purported source if you are unsure who sent an e-mail
- If an e-mail claims to be from your bank seems suspicious, check with your Client Advisor to verify the email.
- Install anti-virus, end point protection and spyware detection software on all computer systems. Free software may not provide protection against the latest threats compared with an industry standard product.
- Update all of your computers regularly with the latest versions and patches of both anti-virus and anti-spyware software.
- Ensure computers are patched regularly, particularly operating system and key application with security patches.
- Install a dedicated, actively managed firewall for connection to the Internet. A firewall limits the potential for unauthorized access to your network and computers.
- Check your settings and select, at least, a medium level of security for your browsers.
- Repeatedly being asked to enter your password is sign of potentially harmful activity.
- Being asked challenge questions if your computer was previously registered is a sign of potentially harmful activity.
Risk Assessments and Controls
- Conduct risk assessments of the systems to identify and strengthen controls to detect and prevent fraud attempts.
- Conduct risk evaluations of your information systems and internal processes to identify if additional controls are necessary or need to strengthen existing controls.
Protect your business and employees
- Secure your workplace and access to your paper files by non-employees (i.e. trash)
- Grant access rights to your information on a need-to-know basis
- Develop a process to review access to systems when a user changes job function and update access to reflect user’s new job function.
- Develop a process to immediately revoke access to accounts after employee termination
- Conduct systems access review regularly
- Regularly educate employees, vendors, temps, and customers on cyber security issues, external dangers, internal controls, and to protect information and systems. Put it in writing – ensure understanding and compliance
- Segregate duties within accounting department
- Conduct surprise audits
- Rotate banking duties among staff to prevent collusion
- Do not embed signatures in emails or put executive email addresses on your website
- Research Cyber Insurance for your business
Leverage the information in this guide as well as additional reliable sources to build an effective and proactive cybersecurity strategy: