The threat of account takeover from cyber criminals is growing for both businesses and individuals. This type of fraud can lead to unauthorized transactions, stealing sensitive customer information or holding encrypted data for ransom.

Cyber thieves target individuals through phishing, phone calls, social networks, texting scams and malware.

Business customers are most vulnerable to cyber-crimes just before a holiday, when key employees are on vacation, when a business office is relocating or when new computer equipment is installed. The vast majority of cyber thefts begin with compromising the computers of business account holders.

Central Bank recommends implementing the following security practices for businesses:

• Perform an internal business risk assessment that includes the business processes used to initiate financial transactions.
• Make sure all workstations are using supported operating systems (Windows 7 is no longer supported).
• If mobile devices are used to access confidential information, require password protection, device encryption and security apps.
• Provide internet and email security training for all employees.
• Review account balances and transactions regularly (daily is preferred). Please report any suspicious activity to Central Bank as soon as it is identified.
• Use Positive Pay, a Business Online Banking service, to help identify check and ACH fraud.
• Usernames and passwords for online services should be kept confidential. Passwords should be complex and changed periodically. Avoid using automatic login features that save usernames and passwords.
• Maintain rotational backup copies of business systems offsite and disconnected from the business network when not in use.
• Implement mandatory dual control for ACH and wire transactions. When two users are required to process transactions, the frequency of fraudulent transactions decreases substantially.
• Take advantage of system alerts: balance change, transfers, password change, ACH and Wire.
• Verify computers have updated anti-virus and anti-malware program(s).
• ACH and Wire transaction limits are valuable safeguards for online accounts. Please review these limits at least annually to make sure they are appropriate.
• Remove online user accounts as part of the exit procedure when employees leave the company. Disable user accounts for employees on extended leave.
• Do not click on links in unexpected e-mails or open attachments in unexpected e-mails, even from known senders. Be suspicious of any email asking for personal information including: account numbers, account verification, usernames, passwords or any personal information.
• Log off Online Banking when not in use and do not leave workstations unattended while logged into Online Banking.
• Do not use public or other unsecure computers or network connections (Wi-Fi) to access online services.
• Using a computer dedicated for online transactions can limit the possibility of viruses and malware. A dedicated computer should not be used for standard web browsing or have access to email.

Reach out to your local banker if you have any questions regarding online security. We’re here to help!