Cyber Security Best Practices
Reduce your risk
Adopting best practices for cyber security.
Most cyber crime today is enabled by human error – trusting instructions that are sent electronically, or being taken in by complex scams in which criminals pose as clients, vendors, employees, executives, or other professionals in order to gain access to financial assets.
We recommend adopting and maintaining a set of best practices to protect against cyber crime.
Modify behaviors to reduce the likelihood of cyber crime.
- Follow safe password practices: change passwords regularly; keep them private; avoid passwords with personal significance; punctuate passwords with numbers and special characters, and use random keyboard patterns.
- Do not reply if you get an email or pop-up message that asks for personal or financial information. Legitimate companies and government agencies do not ask for this information via email. Always be wary of any message that asks for your personal information or messages that refer you to a web page asking for these details.
- Never enter your password after following a link in an email you don’t trust. It is always better to go directly to the site using a trusted bookmark.
- Never send your password via email.
- Only sign into your account when you are 100% certain you are on the real site.
- Be cautious about opening attachments or downloading files from unfamiliar sources. These files can contain viruses or other software that can weaken your computer’s security.
- Don’t give unauthorized individuals access to your business computers – especially critical for laptops that employees may take home.
- Do not trust anything you receive via email, even if it’s coming from someone you know and trust. Always call to verify. Especially ACH and wire instructions.
- If a vendor or customer changes their billing account, call them to verify the change. Too often, hackers are posing as a customer or vendor and the email isn’t actually coming from who you think it’s coming from.
Install software layers that can help protect data, transactional security and assets.
- Keep your computer operating system software up to date.
- Install IBM® Security Trusteer Rapport® and run it on your browser every time you log into online banking. Click here for more information, or for a free download.
- Install anti-virus software and anti-spyware software on every computer in your business. Some phishing emails can contain software that can harm your computer or track your activities on the Internet without your knowledge. Anti-virus software can help protect you from inadvertently accepting such unwanted files.
- Install a firewall on your personal computer or business’ internal network. A firewall helps make you invisible on the Internet and blocks all communications from unauthorized sources. It is especially important to run a firewall if you have a broadband connection.
- Secure your business’ WiFi networks and passwords
- Be aware of workstation red flags:
- Slow or sluggish performance
- Computer takes abnormally long time to start up
- Your browser's home page has changed
- New icons and shortcuts appear on your screen
- Advertisement windows start popping up and often cannot be closed
Establish business practices that can help prevent fraud.
- Educate all of your employees about the risks of clicking on links in emails and sharing business information via phone or email with people they don't know or trust.
- Set up protocols for dual control on wires and ACH transactions, so that transactions can’t happen without two approvers. This way if a fraudster initiates a transaction, you or another designated signer can stop it before the transaction goes out.
- Back up sensitive data like customer information on a daily or weekly basis.
- Create separate user accounts for every employee, and only grant administrative privileges to trusted staff.
- Only provide employees with access to the data systems they need to do their jobs.
- Do not allow employees to install software without permission.
- Change passwords every three months.