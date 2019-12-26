The Internet provides an opportunity to conduct business electronically – but it also introduces a significant amount of risk. Its use can expose businesses and customers to an increased risk of fraud and identity theft. Financial cybercrime is an increasingly prevalent problem around the world. It results in millions of dollars in business losses each year in the United States alone.
The good news is that there are many steps people can take to significantly reduce the chance of being victimized by online fraud. The information is provided as suggestions designed to assist people in implementing sound controls – and to reduce the likelihood that fraudulent activity will impact businesses.
Online-banking security paramount
- Establish dedicated computers for accessing online banking. Those computers should not be utilized for accessing email or non-banking websites.
- Do not use public computers to access online banking accounts.
- Avoid accessing bank accounts from public Wi-Fi hotspots.
- Reconcile financial transactions on a daily basis.
- Use separate computers to initiate and authorize transactions.
- User IDs, passwords and security questions
- Do not allow a browser or other password tools to store and automatically populate passwords on banking websites. Passwords stored in tools that automatically populate fields on websites could allow a malicious user to recover those passwords.
- Use complex passwords consisting of upper- and lower-case letters, numbers and special characters; do not use names and special dates that may be known or determined by others.
- Do not write down or share passwords or security questions with anyone.
- Use distinct passwords for each application or website accessed. That will help mitigate the potential for all the systems accessed from becoming compromised if the password for a single site or application is disclosed.
- Protect answers to security questions. Select questions and provide answers that are easy to remember, but difficult for others to guess. Avoid choosing questions for which the answer can be discerned via social-networking sites or public websites such as Facebook and LinkedIn.
- Avoid using the same questions on other sites that are utilized to protect online banking accounts. Most banks will never ask anyone to provide answers to security questions via email, phone, text message, etc.
Secure computers at all times
- Install and maintain antivirus and firewall software on all computers and mobile devices.
- Ensure the antivirus software is updated on a regular basis. Most antivirus software can be configured to automatically update on a weekly or daily basis – or even more frequently.
- Run anti-virus software in active or real-time scanning mode. That allows the software to actively scan all incoming messages, files or websites being accessed to identify and prevent malicious content from running on a computer.
- Run a full or comprehensive antivirus scan on a regular basis. Full or comprehensive scans may detect viruses or other malware that is missed by real-time scanning.
- Set the computer to automatically install operating-system and software updates and patches. A fully updated and patched system is less susceptible to becoming infected with malware.
- Take note of unusual behavior, slowness, pop-up windows or other unexpected changes. If those are noted, have a comprehensive scan run against the computer with fully updated antivirus software. Do not access sensitive systems, websites or other applications until the computer has been verified to be safe.
- Do not access the computer with an administrator-level – admin – or power-level account for daily use. Computers being run with general user-level permissions are less susceptible to becoming infected with viruses, Trojans or other malware.
- Set web browsers to increased levels of security.
Secure mobile devices
- Be sure smart phones, tablets and other mobile devices are password-protected.
- Download antivirus protection for phone, tablet, e-reader or any other device that has mobile access to the Internet.
- Do not “root” or “jailbreak” a mobile device to avoid limitations set by a carrier or device manufacturer. Rooting or jailbreaking a mobile device can remove the protections built into the device to defend against mobile threats.
- Beware of everything downloaded onto a device, including applications. Only use reputable application markets. Verify the permissions the application requests to ensure they are appropriate for what the application is meant to do.
Internet security critical
- Do not use public computers to access online banking accounts or other sites that have sensitive information.
- Never disclose via text message, phone call or email any personal or financial information – including account numbers, passwords, Social Security numbers or birth dates.
- Do not click on links or open attachments in emails, text messages, etc. from unknown sources.
- Be wary of odd, strangely worded or unexpected emails from friends and acquaintances. That may indicate that their emails have been compromised.
- Do not share confidential information through email, websites, social media, phone calls, etc.
- Implement web filtering – content filtering – to block access to websites known or suspected of being compromised or spreading malware.
- Educate employees about the risks posed by phishing and malware, how they are spread and what to do if anyone suspects malicious activity. Repeat that message often so it remains top of mind.
