Corporate Account Security
Fraudsters are becoming increasingly sophisticated at exploiting vulnerabilities to commit fraud. At Think we work diligently to protect your information, but it is crucial that you play a role in preventing unauthorized access to your credentials as well.
Business Security Recommendations
Layered System Security:
Use the right tools to prevent and deter unauthorized access to your network. Periodically review these tools to ensure they are up-to-date. Examples include:
- Security suites
- Anti-botnet, anti-malware, and antispyware programs
- Encryption of laptops, hard drives, VPN's or other communications channels
- Education of all computer users
Online Banking Safety:
- Create a secure financial environment by dedicating one computer exclusively for online banking and cash management activity. This computer should not be connected to the business network, have e-mail capability, or connect to the internet for any purpose other than online banking.
- Do not allow workstations used for online banking to be used for general web browsing or social networking.
- Verify use of a secure session (https) in the browser for all online banking.
- Do not conduct any online banking activity from free Wi-Fi hot spots like airports or internet cafes.
- Cease all online banking activity if the online banking application "looks" different than usual. Do not continue and contact the financial institution immediately.
- Educate all computer users on cyber crimes so everyone understands that even one infected computer can lead to an account takeover.
- Always ask, "Does this e-mail or phone call make sense?"
- Educate all employees to think critically about each e-mail and phone call received. Advise employees to: not open suspicious e-mails or e-mails from unknown persons, be particularly suspicious of e-mails or calls purporting to be from a financial institution, government agency or other organization requesting account information, account verification or banking access credentials.
- Remember the analogy: An unsecure computer is the same as an unlocked house. If you fail to lock your house, then you have a significant chance of losing your valuables.
- Establish user accounts for every computer and limit administrative rights.
- Establish user accounts for every online banking and cash management user.
- Employ "user" settings to avoid accidentally downloading a credential-stealing program.
- Require all employees to use strong passwords and change their passwords frequently.
- Promptly deactivate or remove access rights from employees that no longer require access. (Example: inactive, transferred or terminated employees)
- Take full advantage of options offered by financial institutions to reduce the risk of a large payment being initiated fraudulently. (Example: ACH File or wire transfer file limits)
- Consider initiating files or wire transfers under dual control, with assigned responsibility for transaction origination and authorization.
- Reconcile accounts online daily; at a minimum, review pending or recently sent ACH Files and wire transfers.
- Take advantage of appropriate account security services offered by your financial institution.
- Require all employees to keep their log-in information secure.
Report Suspicious Activity:
- Monitor and report suspicious activity. Ongoing monitoring and timely reporting of suspicious activity are crucial to deterring or recovering from fraud. A business should report anything unusual to the financial institution, such as log-ins at strange times of day, new user accounts, unauthorized transfers, etc. so the financial institution can immediately block the account and monitor activity.
Reference: National Automated Clearing House Association, 2011