Business Internet Security Tips
We value your online safety and security. That's why we want to make sure that you are aware of best practices when conducting business online.
Before you begin, evaluate the risks associated with banking online based on your business and the types of transactions you intend to perform. For example, if you enroll for external ACH or Wire transactions you may assume more risk than if you simply view balances and transfer funds between your internal accounts. For your convenience, we have included information compiled by the Federal Bureau of Investigation (FBI) that explains methods to protect your business accounts, tactics used by cyber criminals to obtain access to your accounts, and how to detect if your business has been targeted by hackers.
Here are a few things to keep in mind when you are performing business transactions on the web:
Account Control Best Practices-
- Reconcile and review all banking transactions on a daily basis, especially near the end of the day.
- Perform all ACH and Wire Transfers under dual control- have one transaction originator and a separate transaction authorizer to ensure maximum control.
Computer System Best Practices-
- If possible, conduct all online banking activities from a stand-alone, hardened and completely locked down computer system. This is particularly important if you transact high value or large numbers of online transactions. This computer should not be used for email, social networking or web browsing.
- Opening emails, opening attachments or clicking on links embedded in suspicious emails could expose your system to viruses and malware that could hijack your computer and your online account access.
- Be cautious when opening emails, especially when they appear to be from a financial institution, government department or other agency. Consider adjusting your email settings so that you do not automatically download images.
- Never share usernames, passwords, PIN codes or similar information.
- Install a dedicated, actively managed firewall, especially if you have a broadband or dedicated connection to the Internet, such as DSL or cable. A firewall limits the potential for unauthorized access to a network and computers.
- Limit administrative rights on users' workstations to help prevent the inadvertent downloading of malware or other viruses.
- Install commercial anti-virus and desktop firewall software on all computer systems. Free software may not provide protection against the latest threats compared with an industry standard product.
- Ensure virus/spyware protection and security software are updated regularly and frequently.
- On a regular basis update all computer software and operating systems to protect against new security bugs (patch management practices). Perform network scanning to discover overlooked bugs and security vulnerabilities.
- Adopt advanced security measures by working with consultants or dedicated IT staff. Utilize resources available through trade organizations and agencies that specialize in helping businesses such as the BBB, SBA, FTC, NIST, IC3 and NACHA.
- Clear the browser cache before and after an Online Banking session. This helps eliminate copies of web pages that have been stored on the hard drive.
Online Best Practices-
- Provide continuous education and communication to employees using online banking systems. This will help to ensure they understand the security risks related to their duties.
- Create a strong password with at least 10 characters that include a combination of mixed case letters, numbers and special characters and change that password regularly. Passwords should not be stored on the device used to access online banking.
- Your company administrator should consider having two sets of login credentials. One should be used strictly for administrative purposes (adding new users, resetting passwords, etc.), and the other should be used for everyday transactions (viewing account activity, paying bills, etc.).
- Use tokens for online transactions to provide an additional layer of authentication.
- Use dual-control when setting up new users. This will help ensure that the appropriate users are being added to the system.
- Prohibit the use of "shared" usernames and passwords for online banking systems.
- Do not use the same password for multiple sites.
- Remind your staff to NEVER share login information with third-party providers. TowneBank will never ask you to provide your login information.
- Verify the use of a secure session. Make sure your browser says 'https' and not 'http' for all Online Banking sessions. Do not ignore security warning messages or bypass them without fully understanding their meaning. Contact the bank with any questions.
- Encourage your staff NOT to take advantage of automatic login features. It is best to type in your User ID and Password each time you login, instead of using systems that pre-populate the login fields.
- Never leave a computer unattended while using Online Banking. For most systems, you can adjust the timeout feature to something that is appropriate for the type of work that you are conducting online.
- Never access Online Banking, or any other financial services at Internet cafes, public libraries, or other untrusted public networks. Unauthorized software may have been installed on these public machines, and could be trapping account information without your knowledge.
If you ever feel that your Online Banking information has been compromised, please contact your Hometown Banker.