Business Online Security Best Practices
COMMERCIAL ACCOUNTS AND GOVERNMENT ACCOUNTS ARE NOT COVERED UNDER REGULATION E:
In most circumstances you will be responsible for assuming the loss on fraudulent transactions. It is vital that you follow best practices for conducting online transactions.
What you can do:
- Employ all account controls made available by your financial institution. Certain products may allow you to choose from different features and set-up options that can reduce the risk of unauthorized activity. You should make sure you understand the choices you are offered. We urge you to make the choices that are safest in your circumstances, even if there may be some loss of convenience or additional expense. The choices you make can increase or decrease your risk of loss.
- Establish a separate account for the origination of each type of transaction. ACH origination / Wire Transfer etc.
- Only fund those accounts with enough funds to cover the planned transactions daily.
- Establish dual control over the setup and creation of new user accounts on the system, the setup of new payees on the system, and the initiation of ACH and wire transfer payments.
- Run summary reports of all transactions to ensure they are accurate.
- Review your transactions daily to determine if fraudulent activity has occurred.
- Always maintain up-to-date anti-virus on your computer systems.
- Stay up-to-date on patching your operating system, and all third-party applications. Vulnerabilities in these applications are utilized by criminals for malicious and fraudulent purposes.
- Maintain an up-to-date spyware detection program and disable pop-ups.
- Dedicate a single PC for online financial transactions and prohibit any other form of web surfing on this PC including email.
- Install a dedicated firewall and actively manage and monitor it. A firewall limits the potential for unauthorized access to your system. Set the firewall to restrict access for the workstation to only the IP addresses of the financial institutions’ systems. This will prevent accidental web surfing that can lead to the download of malware.
- Create complex passwords (upper and lower case, numbers, and special characters) that are least 8 characters long. Change your passwords frequently and ensure that you are not using the same password on multiple websites.
- Never use automatic login features that save your usernames and passwords.
- Verify you have a secure session with any transactional site by checking the browser line for "https."
- Never leave a computer unattended while logged into a financial transaction site such as your online banking site.
- Never provide your account number or username / password in any written communication. This is especially true of email. We will never ask you to verify or provide any personal or financial information within an email.
- Always use your pre-established links to access web sites. Never click on a link contained in an email.
- Do not rely on an email for instructions to perform a financial transaction. Always verify by performing a call back via the telephone, text message or other trusted verification method.
- Do not let your employees perform online banking, payroll, or other company financial transactions from their home PC or from Internet cafes, public libraries, etc.
- Clear your browser cache to eliminate copies of web pages that have been stored on your hard drive.