Be vigilant and safeguard your business against online threats.
Businesses are constantly under attack by fraudsters and cyber criminals. From data breaches to corporate account takeover, these crimes cost business owners millions of dollars each year and can have devastating impacts. Here are some specific threats to be on the lookout for, and tips for keeping your Massachusetts or Rhode Island business safe.
Corporate Account Takeover
Corporate Account Takeover (CATO) continues to be a significant threat to businesses. CATO is a type of fraud where thieves gain access to finances and financial information of a business to conduct unauthorized activities, such as stealing sensitive customer information, illegally transferring funds from the business, and creating/adding new fake employees to the payroll.
Steps you can take to help prevent CATO and protect your business:
Educate your employees at least annually about online fraud and how to prevent it. Warn employees about risky online behavior, such as following links on social media websites or in text messages and opening unsolicited emails and email attachments. Show employees examples of suspicious websites and malicious software. New employees should receive this information shortly after joining your company,
Monitor accounts daily and pay particular attention to wire transfers and ACH transfers.
Reconcile accounts daily.
Change passwords at least monthly. Use strong passwords that include a combination of symbols, numbers, and letters. Use a different password for each account, and don’t save passwords to a computer.
Be aware that BankFive will never call, email, or text you or your employees and ask for sensitive information, such as Online Banking credentials.
Instruct employees to never use a public computer or public Wi-Fi network to access your business’s online systems.
Log out of computers when not using them.
Equip all computers with the latest security and anti-virus software.
Ensure that adequate firewalls are in place.
Do not allow employees to use automatic log-in features, such as those that save login IDs and passwords for future use.
Restrict administrative rights to computers.
What to do if your business is victimized by CATO:
Immediately shut down computer systems that may be compromised and disconnect those systems from internet access.
If you suspect your BankFive business account has been a victim of Corporate Account Takeover, contact us immediately at 774-888-6100 and immediately take the following actions:
Disable online access to accounts,
Change online banking passwords,
Request that our security and auditing departments review all recent transactions and electronic authorizations involving the account(s) in question,
Ensure that no one has requested an address change, or re-ordered checks and/or debit cards to be sent to a different address.
Maintain a written chronology of what happened, what was lost, and the steps taken to report the incident to the bank and any other parties, such as authorities and firms that could be impacted. Record the date, time, telephone number, person spoken to, and any other relevant information.
File a report with the police or any other relevant investigative agency regarding the crime. Having a police report on file will help when dealing with the bank, insurance companies, and any other parties who have been notified of the fraudulent activity.
Tips for protecting your company's files and devices:
Update any apps, browsers, and operating systems that your business uses regularly. A good rule of thumb is to set these to update automatically whenever possible
Ensure that your business files are backed up. You can either keep backups offline, on an external hard drive, or stored in the cloud.
Always require passwords for all laptops, smartphones, and tablets that you and your employees use. Ensure that your staff understands the importance of keeping such passwords private, and that they should always avoid leaving their company devices in public areas.
Encrypt company devices and files that contain sensitive information. Also, consider encryption for any device that accesses your network remotely.
Change settings on company smartphones and devices so that they do not automatically connect to public Wi-Fi. Ensure that your employees know the dangers associated with using public Wi-Fi for business purposes.
Whenever possible, have your staff use multi-factor authentication when logging into the systems that your business uses. This type of authentication requires additional steps beyond just a password for access.
Make sure that all company devices have up-to-date antivirus software.
Do not use email to send us confidential or sensitive information such as passwords, account numbers or social security numbers. If you need to provide this type of information, contact us by phone, fax or regular mail. By clicking this link, you will be sent to your preferred email application. Are you sure you want to navigate away from this page?