Business Security
Corporate Account Takeover is a type of business identity theft where cyber thieves take control of a business’ bank account. The cyber thieves defraud the business by stealing employee usernames, passwords and other valid credentials to gain access to business through the businesses many software systems. Cyber thieves then can initiate fraudulent wire and ACH transactions to accounts controlled by the thieves. Thieves then perform fraudulent transfer transactions by creating and adding fake employee names to transfer payroll or fake business names to create wire transfers. They also gain access to systems to steal sensitive information.
The best way to protect against CATO is a strong partner with your bank. Having a good understanding of the security set in place within your own business and the measures the bank has set in place through the systems a business utilizes. These established safeguards on accounts can help the bank identify and prevent unauthorized access to business funds. Each cyber crime is unique, so losses may not be covered by the bank’s insurance.
Consider these tips to ensure your business is well prepared:
- Develop a security plan. Each business should evaluate its Corporate Account Takeover risk profile and develop a security plan that includes sound business practices.
- Protect your online environment. Protect your cyber environment just as you would your cash. Use appropriate tools to prevent and deter unauthorized access to your network and make sure you keep them up to date. Use token technology that creates unique one-time passcodes in combination with a username and password. Encrypt sensitive data and use complex passwords and change passwords regularly.
- Create a secure financial environment. Dedicate one computer exclusively for online banking. This computer should not be connected to the business network, have email capability, or connect to the Internet for any purpose other than online banking.
- Partner with the bank to prevent unauthorized transactions. Several processes can protect you from cyber thieves obtaining sensitive information and unauthorized transactions. Our services offer call backs to businesses, out of wallet security passwords and questions, reduced limits on debit and credit card transactions, token devices for online authentication, multi-person approval processes, token authentication of ACH batch and wire creation and alterations and ACH batch limits to help protect you from fraud.
- Pay attention to suspicious activity and react quickly. Watch for unexplained account or network activity, pop ups, and suspicious emails. If detected, immediately contact your financial institution, stop all online activity and remove any systems that may have been compromised. Keep records of what happened. Contact key employees within your business, even after hours, by having up to date phone contact information.
- Understand your responsibilities and liabilities. The account agreement with your bank will detail what commercially reasonable security measures are required in your business. You need to understand and implement the security safeguards in the agreement. Keep browser and system updates current. If you don't, you could be liable for losses resulting from a takeover.
- Educate all employees. Help staff understand theft by cybercrimes so they are aware that even one infected computer can lead to an account takeover. An employee whose computer becomes infected can infect the entire network. For example, if an employee takes a laptop home and accidentally downloads malware, criminals could gain access to the business's entire network when the employee connects again at work. All employees, even those with no financial responsibilities, should be educated about these threats.
Stay informed about defenses to Corporate Account Takeover. Since cyber threats change rapidly, it's imperative that you stay informed about evolving threats and adjust your security measures accordingly. Your business and your employees are the first line of defense against Corporate Account Takeover. Since cyber threats change rapidly, it is important to stay informed about evolving threat and adjust your security measures accordingly.
You probably own an electronic device that you use to conduct various transactions online. While these devices interest hackers and other criminals, you are the biggest threat to it if you have not taken enough measures to make it secure. The best thing you can do to secure your devices is to enable automatic lock screens.
Here are some tips to secure your devices:
- Turn on automatic system software updates. When manufacturers know there is a software vulnerability, they will usually push out a software update to patch the vulnerability.
- Avoid downloading apps from untrusted sources
- Discard any apps you no longer use
- Review and set privacy options for apps
Proper Disposal of Devices
Mobile devices store information about you - more than you can probably imagine - and when you just throw it away, you expose your data to hackers.
Before you dispose of electronic do the following:
- Back up all the data, you may need it at a later date
- Erase all information on the device - deleted information can still be recovered using tools available online
- The best way to clear everything is to use the factory reset function on your device
Email Safety
The moment you send an email, you can no longer control it. It can be shared on social media or forwarded to others.
You can improve email security by:
- Avoid sending personal emails on work computers as they can be monitored by the employer
- Find out about your employer's email policy before sending personal emails from your work computer.
- If you have to send sensitive information, send it securely
- Do not share your email password