|
Benefits of Business Banking: Cyber Security Awareness & Prevention*
 Protecting your business from cyber threats is top of mind for business owners. Whether running a large or small business, it is critical that businesses are aware of the threats that exist, implement safeguards to help prevent cyber-attacks, and have plans for how they would handle a cyber-attack should their business face an issue. The FBI's Internet Crime Complaint Center (IC3) received over 350,000 complaints in 2018 with losses exceeding $2.7 billion**. These attacks included business email compromise for fraudulent wire payments, redirecting of payroll, corporate data compromise and other attacks.
Cybersecurity should always be handled with a layered approach. Once your technology group or consultant completes the setup and securing of your business' network, your work shouldn't be considered complete. It's important to utilize all of the security protections and safeguards your software or bank provides you, and to educate your team members, who are your last line of defense.
Most commonly, cybercriminals will begin their attacks by contacting you or a team member through email, phone, or another messaging approach. According to Bill Mundell, VP, Technology Operations Manager at Chelsea Groton Bank, all staff members should be trained to watch out for these attacks, in particular to be mindful of the following:
- Passwords - An easy to guess password is an open door for cybercriminals. It is important when creating your passwords to stay away from the following: words found in a dictionary; family names, birthdays, or pet names; easy to guess passwords such as "Password12345!" or similar; or using the same password for all systems. It's equally important to never share your password. Passwords are recommended to be a minimum of 14 characters.
- Social Engineering – Cybercriminals look to collect small pieces of information which, when combined, enable them to fool someone in your business into potentially providing confidential information or completing a transaction they would not normally do. Therefore, only share information when necessary with trusted parties.
- Phishing - Cybercriminals will use anything or anyone necessary to trick you into clicking a link, opening an attachment or completing a transaction. This may be in the form of an email requiring quick response, requesting secrecy or threatening penalty for inaction. These may appear to come from the business owner or an important customer, and can be in many shapes and sizes. It is important to stop and consider if the request makes sense and if it would normally come from this individual. Calling the party directly using a known number is a safe way to verify. Additional tips for reviewing emails are:
- Even if the name of the person sending the email appears correct, check the email address. Look for misspellings or letter substitutions and compare the email address to a known, good address if possible.
- Are there spelling or grammatical errors in the body of the email?
- Is the email asking you to click on a link? Hover over the link with your mouse to see where it will take you. Often the address may seem correct but will be slightly misspelled such as "Gooogle.com" instead of "Google.com". Whenever possible, go directly to the site by typing the address in your web browser.
- Does the email signature match the company's standard signature?
- Use caution when opening attachments or clicking any links provided. This is the primary method of compromise.
Cybercriminals who successfully hack into confidential business information will frequently use this as a means to transfer funds outside of a business' account to themselves. As a way to combat this theft, Chelsea Groton's Positive Pay Service provides an automated fraud detection solution that helps prevent both check and ACH fraud.
Positive Pay
With Positive Pay, a module within Chelsea Groton's Online Treasury Management System for Business, organizations upload a file of issued checks to the Bank each day that checks are written. As checks are presented for payment, they are matched to the list of uploaded checks to ensure that all items clearing against the account are authorized checks.
"If a check comes through that does not match, the business will be notified. A customer can decide on any exceptions that come through on an individual basis," explained Alexis Kahn, AVP, Business Banking Officer at Chelsea Groton Bank. "In addition, 'ACH Block and Filter' allows a business to set up a list of ACH transactions that are pre-approved to post to an account, thereby helping to prevent unauthorized ACH transactions from clearing. Our goal with this tool is to ensure we're providing customers with an efficient experience when it comes to paying bills, while still safeguarding their hard-earned money against cybercriminals."
The Positive Pay system also features "Account Reconciliation" which gives businesses access to a variety of tools, such as an online full account reconcilement statement, an online account reconcilement file download, and online reconcilement reports.
Interested in learning more about Chelsea Groton's efficient and secure online banking tools to see if they could be the right solution for your business? Contact our Business Banking Department at 860-448-4203 or growthatbusiness@chelseagroton.com.
*The information in this article is meant for general educational use only and does not constitute technical or legal advice or recommendations by Chelsea Groton Bank in any manner. Chelsea Groton Bank does not guarantee following any of the standard guidelines or utilizing any products in this article will fully or partially protect you or your business from cyber-attacks. Cybersecurity, legal and insurance safeguards should be consulted with your professionals and/or consultants in this area. These professionals should be consulted prior to implementing any practice or procedure in this article or otherwise governed in these areas.
**FBI IC3 2018 Internet Crime Report: https://pdf.ic3.gov/2018_IC3Report.pdf
|
