General Guidelines

  • Do not use public or other unsecured computers.
  • Review account balances and detail transactions on a daily basis to confirm payment and other transaction data and immediately report any suspicious transactions to your Client Advisor.
  • View transfer history available through the account activity information.
  • Whenever possible, make electronic payments instead of checks to limit the account number being exposed and to obtain better electronic record keeping.
  • Whenever possible, register your computer to avoid having to re-enter challenge questions and other authentication information with each login.
  • Never conduct banking transactions while multiple browsers are open on your computer.
  • If feasible use a system dedicated to performing transactions. Not used for other personal use such as email or web browsing.


How to Avoid Being a Victim

  • Never leave a computer unattended with personal or financial information displayed
  • Never wire money to unknown individuals
  • Never give out your personal information unless you initiated the contact
  • Always verify whom you are doing business with
  • Shred all documents containing sensitive and personal information
  • Safeguard your social security number
  • Monitor your credit report once every 12 months from annualcreditreport.com. You are entitled to a free credit report from each of the 3 credit reporting agencies (Equifax, Experian, and TransUnion)
  • Use direct deposit whenever possible
  • Register for the “Do Not Call Registry” - www.donotcall.gov


User ID and Password Guidelines

  • Create a “strong” password with at least 8 characters that includes a combination of mixed case letters, numbers, and special characters.
  • Change your password frequently.
  • Never share username and password information.
  • Avoid using an automatic login feature that saves usernames and passwords
  • Use multifactor authentication methods whenever possible.


Tips to Avoid Phishing, Spyware and Malware

  • Do not open any e-mails from unknown sources. Be suspicious of e-mails purporting to be from a financial institution, government department, or other agency requesting account information, account verification, or banking access credentials such as usernames, passwords, or PIN codes.
  • Opening file attachments or clicking on web links in suspicious e-mails could expose your system to malicious code that could hijack your computer.
  • Never respond to a suspicious e-mail or click on any hyperlink embedded in a suspicious e-mail. Call the purported source if you are unsure who sent an e-mail
  • If an e-mail claims to be from your bank seems suspicious, check with your Client Advisor to verify the email.
  • Install anti-virus, end point protection and spyware detection software on all computer systems. Free software may not provide protection against the latest threats compared with an industry standard product.
  • Update all of your computers regularly with the latest versions and patches of both anti-virus and anti-spyware software.
  • Ensure computers are patched regularly, particularly operating system and key application with security patches.
  • Install a dedicated, actively managed firewall for connection to the Internet. A firewall limits the potential for unauthorized access to your network and computers.
  • Check your settings and select, at least, a medium level of security for your browsers.
  • Repeatedly being asked to enter your password is sign of potentially harmful activity.
  • Being asked challenge questions if your computer was previously registered is a sign of potentially harmful activity.


Risk Assessments and Controls

  • Conduct risk assessments of the systems to identify and strengthen controls to detect and prevent fraud attempts.
  • Conduct risk evaluations of your information systems and internal processes to identify if additional controls are necessary or need to strengthen existing controls.


Protect your business and employees

  • Secure your workplace and access to your paper files by non-employees (i.e. trash)
  • Grant access rights to your information on a need-to-know basis
  • Develop a process to review access to systems when a user changes job function and update access to reflect user’s new job function.
  • Develop a process to immediately revoke access to accounts after employee termination
  • Conduct systems access review regularly
  • Regularly educate employees, vendors, temps, and customers on cyber security issues, external dangers, internal controls, and to protect information and systems. Put it in writing – ensure understanding and compliance
  • Segregate duties within accounting department
  • Conduct surprise audits
  • Rotate banking duties among staff to prevent collusion
  • Do not embed signatures in emails or put executive email addresses on your website
  • Research Cyber Insurance for your business


Additional Resources

Leverage the information in this guide as well as additional reliable sources to build an effective and proactive cybersecurity strategy: