Cybersecurity Tips for Your Business

Cyber Security

Reducing the Risk of Corporate Account Takeover or CATO

Corporate Account Takeover is a form of business identity theft where cyber thieves gain control of a business’s bank account by stealing employee passwords and other valid credentials. Thieves can then initiate fraudulent ACH transactions.

The bank has procedures in place to help protect, detect and respond to corporate account takeover and fraudulent activity. It is important and necessary for you and your employees to follow established security practices. Following are security practices you can implement to reduce the risk of theft through CATO:

1. Provide continuous communication and education to employees using online banking systems. Providing enhanced security awareness training will help ensure employees understand the security risk related to their duties;
2. Update anti-virus and anti-malware programs frequently;
3. Update, on a regular basis, all computer software to protect against new security vulnerabilities (patch management practices);
4. Communicate to employees that passwords should be strong and should not be stored on the device used to access online banking;
5. Adhere to dual control procedures;
6. Use separate devices to originate and transmit ACH instructions;
7. Transmit wire transfer and ACH instructions via a dedicated and isolated device;
8. Practice ongoing account monitoring and reconciliation, especially near the end of the day;
9. Adopt advanced security measures by working with consultants or dedicated IT staff; and
10. Utilize resources provided by trade organizations and agencies that specialize in helping small businesses. A list is provided below.

Warning signs that your business accounts may be part of a breach;

1. Provide continuous communication and education to employees using online banking systems. Providing enhanced security awareness training will help ensure employees understand the security risk related to their duties;
2. Inability to log into online banking (thieves could be blocking customer access so the customer won’t see the theft until the criminals have control of the money);
3. Dramatic loss of computer speed;
4. Changes in the way things appear on the screen;
5. Computer locks up so the user is unable to perform any functions;
6. Unexpected rebooting or restarting of the computer;
7. Unexpected request for a one- time password (or token) in the middle of an online session;
8. Unusual pop-up messages, especially a message in the middle of a session that says the connection to the bank system is not working (system unavailable, down for maintenance, etc.);
9. New or unexpected toolbars and/or icons;
10. You are not able to shut down nor restart your computer;
11. Changes in login credentials; and,
12. Distributed Denial of Service of Attacks (DDoS) i.e. flooding of your email accounts.

Business Resources You May Access:

• The Small Business Administration’s (SBA) Website on Cyber Security
• The Federal Trade Commission’s (FTC) Website on Data Breach Response: A Guide for Business
• The Better Business Bureau’s Website on Data Security Made Simpler

For questions regarding corporate account takeover, call 304-772-3034.