As a business owner, you have many responsibilities. Perhaps one of your most important responsibilities is keeping the personal and financial information of your business, your customers, and your employees secure. Here are some considerations unique to you as a business:
- Verify use of a secure session (https not http) in the browser for all online banking.
- Avoid using automatic log-in features that save usernames and passwords for online banking.
- Never leave a computer unattended while using any online banking or investing service.
- Never access bank, brokerage or other financial services information at internet cafes, public libraries, etc. Unauthorized software may have been installed to trap account number and sign on information leaving you vulnerable to possible fraud.
- Be suspicious of e-mails purporting to be from a financial institution, government department or other agency requesting account information, account verification or banking access credentials such as usernames, passwords, PIN codes and similar information. Opening file attachments or clicking on Web links in suspicious emails could expose your system to malicious code that could hijack your computer.
- Install commercial anti-virus and desktop firewall software on all computer systems. Free software may not provide protection against the latest threats compared with an industry standard product.
- Ensure virus protection and security software are updated regularly, and consider installing spyware detection programs.
- Install a dedicated, actively managed firewall, especially if you have a broadband or dedicated connection to the Internet, such as DSL or cable. A firewall limits the potential for unauthorized access to a network and computers.
- Make certain computers are patched regularly, particularly operating systems and key applications with security patches. It may be possible to sign up for automatic updates for the operating system and many applications.
- Change passwords a few times each year.
- Never share username and password information for online services with third-party providers.
- When possible, for businesses that transact high value or large numbers of online transactions, it is recommended that all commercial online banking activities be carried out from a stand-alone, hardened and completely locked down computer system from which e-mail and Web browsing are not possible.
- Limit administrative rights on users’ workstations to help prevent the inadvertent downloading of malware or other viruses.
- Conduct reconciliation of all banking transactions on a daily basis.
- Initiate ACH and wire transfer payments under dual control, with a transaction originator and a separate transaction authorizer.