Online Banking Security for Business Banking Clients
Deter. Detect. Defend.
Blackhawk Bank is dedicated to helping you keep your online banking services safe and secure. Education is key to your understanding of the safeguards that must be employed to help you mitigate your risk for fraudulent activity when banking online. Commercial Banking Services are not protected in the same way as personal banking accounts. Consumer protection regulations allow for significant protections of the consumer but the Uniform Commercial Code, which governs business banking services, provides no such protections. This is a true statement for commercial banking services at Blackhawk Bank and every commercial bank in the nation.
Linked here is an informative brochure entitled Mitigating Corporate Account Takeover. Learn what it is, how it works, and what you can do to keep your business safe.
Blackhawk Bank utilizes state of the art encryption software, multi-factor authentication tools and secure email to help protect you against fraudulent activity. All individuals processing ACH files/batches must have their own Cash Management sign-on, password, and Secure Token. In addition, we urge you to use the following precautions and engage the necessary safeguards.
What You Should Do:
The FBI and the American Bankers Association are warning small business owners to use a dedicated computer for online banking ONLY. Use a separate computer for email, surfing the Internet and online shopping. This is the best way to prevent malicious software from infecting the computer and makes it much harder to manipulate electronic transfers.
If you choose not to follow the dedicated computer recommendation:
- Avoid Spyware. The best way to protect your computer from spyware is to install an anti-spyware program that monitors the activity of software on your computer. Like a virus scanner, anti-spyware software detects and attempts to remove malicious applications from your computer. Spyware infects computers when the user interacts with a malicious resource on the Internet.
- Use software that scans for viruses.
Note: There are a number of malicious programs that purport to be anti-virus and anti-spyware applications. When installing anti-virus and anti-spyware be sure they are legal licensed versions of the software.
The following rules will help keep your computer safe:
- Do not respond to unsolicited (spam) email.
- Do not click on a link within an unsolicited email.
- Be cautious of email claiming to contain pictures in attached files as the files may contain viruses. Only open attachments from known senders. Virus-scan the attachments if possible.
- Contact the actual business that supposedly sent the email to verify if the email is legitimate.
- Avoid visiting Web sites that contain questionable content, including sites that offer illegal music, movie and software downloads.
- Pay attention to the Google Results page. Google identifies sites that may contain malicious content. Avoid clicking links that have been identified as such.
- To protect your privacy and help prevent unauthorized use of online banking you should always ‘Exit’ secure web sites to completely log-out. Do not simply click the X to close your Internet session.
- Monitor your accounts and review your transactions daily. Should you see suspicious activity, report it immediately.
- Use encryption software on laptop computers.
- Familiarize yourself with the Security Settings on your PC.
- Educate your employees about the risks and consequences.
Tips for Creating and Using Safe Passwords:
In addition to the suggestions offered above, follow these guidelines for creating and using strong passwords:
- Use BOTH upper and lower-case letters.
- Place numbers and punctuation marks randomly in your password.
- Make your password long and complex, so it is hard to crack. Between 8 to 20 characters long is recommended.
- Use one or more of these special characters: +_%@!$&*~
- To help you easily remember your password, consider using a phrase or a song title as a password. For example, “Somewhere Over the Rainbow” becomes “Sw0tR8nBO” or “Smells
- Like Teen Spirit” becomes “sMll10nspT.”
- Make your password easy to type quickly. This will make it harder for someone looking over your shoulder to steal it.
Using Your Password Safely:
- Create different passwords for different accounts and applications. That way, if one account is breached, your other accounts won’t be put at risk too.
- Never use your NetTeller password for online shopping sites or free email-mail accounts (Hotmail, Yahoo!, Gmail).
- Change your passwords regularly, about every six months.
- Don’t share your password with anyone else. Once it’s out of your control, so is your security.
- Never enable the “Save Password” option, even if prompted to do so. Pre-saved passwords make it easy for anyone else using your computer to access your accounts.
- Never walk away from a shared computer without logging off. This will ensure no other users can access your accounts.
- Don’t use sample passwords given on different Web sites, including the samples listed above.
How Passwords Are Stolen:
When you are creating a strong password, it can help to know the tactics hackers use to steal them. Here are some of the most frequently used techniques:
- Guessing. Programs designed to guess a user’s password are common. They often use personal information found online—such as names, birth dates, names of friends or significant others, pet names or license plate numbers—as a starting point. These programs can even search for a word spelled backwards.
TIP: It’s best to steer clear of any personally identifying information when creating a password.
- Dictionary-based attacks. Programs and software also exist that run every word in a dictionary or word list against a user name in hopes of finding a perfect match.
TIP: Staying away from actual words, even in a foreign language, is recommended.
- “Brute Force” attacks. By trying every conceivable combination of key strokes in tandem with a user name, brute force attacks often discover the correct password. Programs can execute a brute force attack very quickly.
TIP: The best way to beat such an attack is with a long, complex password that uses upper and lower case letters, numbers, special characters and punctuation marks.
- Phishing. Phishing scams usually try to hook you with an urgent IM or email message designed to alarm or excite you into responding. These messages often appear to be from a friend, bank or other legitimate source directing you to phony Web sites designed to trick you into providing personal information, such as your user name and password.
TIP: Best advice is don’t click a link in any suspicious emails, and don’t provide your information unless you trust the source.
- Shoulder surfing. Passwords are not always stolen online. A hacker who is lurking around in a computer lab, G or library may be there for the express purpose of watching you enter your user name and password into a computer.
TIP: Try to enter your passwords quickly, without looking at the keyboard, as a defense against this type of theft.