Basic online security practices for corporate online banking customers

Texas Regional Bank is committed to helping our customers protect their data and their money. Below is a list of suggested online security practices that the business can implement to reduce the risks of theft.

Most cyber thefts begin with the thieves compromising the computer(s) of the business account holders. Perpetrators often monitor your email messages and other activities for days or weeks prior to committing the crime. Your business is most vulnerable just before a holiday when key employees are on vacation. Another risk period is on a day the business office is relocating or installing new computer equipment. Your employees may be distracted and think a problem conducting online banking is due to a new network or equipment. To help protect your business, it is important and necessary for your employees to follow established security practices. Basic practices to implement include:

• Provide continuous communication and education to employees using online banking systems. Providing enhanced security awareness training will help ensure employees understand the security risks related to their duties;
• Update anti-virus and anti-malware programs frequently;
• Update, on a regular basis, all computer software to protect against new security vulnerabilities (patch management practices);
• Communicate to employees that passwords should be strong and should not be stored on the device used to access online banking;
• Adhere to dual control procedures;
• Use separate devices to originate and transmit wire/ACH instructions;
• Transmit wire transfer and ACH instructions via a dedicated and isolated device;
• Practice ongoing account monitoring and reconciliation, especially near the end of the day;
• Adopt advanced security measures by working with consultants or dedicated IT staff; and
• Utilize resources provided by trade organizations and agencies that specialize in helping small businesses. (RESOURCES ARE INCLUDED AT THE BOTTOM OF THE PAGE)

Warning signs of potentially compromised computer systems

Being vigilant to the activity on your account can help you to detect anomalies or potential fraud prior to or early into an electronic robbery.

The following warning signs may be visible and alert you that your system/network may have been compromised:

• Inability to log into online banking (thieves could be blocking customer access so you won’t see the theft until the criminals have control of the money);
• Dramatic loss of computer speed;
• Changes in the way things appear on the screen;
• Computer locks up so the user is unable to perform any functions;
• Unexpected rebooting or restarting of the computer;
• Unexpected request for a one-time password (or token) in the middle of an online session;
• Unusual pop-up messages, especially a message in the middle of a session that says the connection to the bank system is not working (system unavailable, down for maintenance, etc.);
• New or unexpected toolbars and/or icons; and
• Inability to shut down or restart the computer.

Responding to incidents of compromised computer systems

Even if you follow all protection guidelines, you may find yourself with a compromised computer. It is important to prepare ahead of time to be able to respond to this compromise in a quick and efficient manner. The ability to respond quickly will increase your ability to recover most, if not all, of your important data.

The following steps may help you recover if your computer system has been compromised:

• Disconnect from the Internet immediately;
• Contact an IT professional (have this information available ahead of time);
• Consider a full system restore (this removes ALL information so be cautious);
• Notify the proper authorities, file a police report;
• Report online crime and fraud to the United States Secret Service Electronic Crimes Task Force or the Internet Crime Complaint Center;
• Report identity theft and consumer fraud to the Federal Trade Commission;
• Recover important information from your backups (have your IT professional setup your backups prior to and after system compromises);

Resources for Business Account Holders

• The Better Business Bureau’s website on Data Security Made Simpler
• The Small Business Administration’s (SBA) website on Protecting and Securing Customer Information
• The Federal Trade Commission’s (FTC) business guide for Protecting Personal Information
• The National Institute of Standards and Technology’s (NIST) Fundamentals of Information Security for Small Businesses
• The jointly issued “Fraud Advisory for Businesses: Corporate Account Takeover” from the U.S. Secret Service, FBI, IC3, and FS-ISAC available on the IC3 website
• NACHA – The Electronic Payments Association’s website has numerous articles regarding Corporate Account Takeover for both financial institutions and banking customers
• United States Secret Service Electronic Crimes Task Force
• Internet Crime Complaint Center (IC3)
• Federal Trade Commission