Business FAQs: Online Security

Your data security plan should consist of five key actions:

1. Take Stock. Know what Company and employee personal information you have in your files and in your computer
2. Scale Down.  Keep only what you need for your business.
3. Lock It.  Protect the information in your care.
4. Pitch It.  Properly dispose of what you no longer need.
5. Plan.  Create a plan to respond to security incidents.

Use layered system security. Create layers of firewalls, anti-malware software and encryption. There is regulatory guidance available in addition to evaluating the risks specific to your business and infrastructure. One layer of security might not be enough. Install robust anti-malware programs on every workstation and laptop. Keep them updated.

Not if it can be helped. Best practices include the ability to manage the security of online banking with a single, dedicated computer used exclusively for online banking and cash management. This computer should not be connected to your business network, should not receive any email messages, and should not be used for any online purpose except banking. Be sure to consider how this approach impacts business continuity planning.

Educate your employees about cybercrimes, especially phishing (fraud and theft by phone or email). Phishing attacks lead the way in successful compromises. Make sure your employees understand that just one infected computer can lead to an account takeover. Make them very conscious of the risk and teach them to ask the question “Does this email or phone call make sense?” before they open attachments or provide information.

Block access to unnecessary or high-risk websites. Prevent access to any website that features adult entertainment, online gaming, social networking, known malicious sites, and personal email. All such sites can inject files into your network. Other steps you can take include:

Establish a separate user account for every employee accessing financial information and limit administrative rights.  Many malware programs require administrative rights to the workstations and network in order to steal credentials.  If your user permissions for online banking include administrative rights, don’t use those credentials for day-to-day processing.

Use cash management approval tools to create dual control for payments. Requiring two people to issue a payment – one to set up the transaction and a second to approve the transaction – doubles the chances of stopping a criminal (before your account is drained).

Review or reconcile accounts online daily. You can also configure alerts based on dollar amounts or other critical criteria. The sooner you find suspicious transactions, the sooner a theft can be investigated.

Financial institutions protect your accounts with advanced technology and layers of security. At CAP COM, we also have a team of trained cyber and fraud security personnel on staff who monitor our physical and online channels for signs of fraud or unauthorized access. Periodic one-time passcodes delivered via text or phone provide enhanced protection.

Create a password that uses a complex combination of letters, numbers and special characters (i.e. #, !, @, etc) and change it every 90 days. Refrain from using public Wi-Fi for your banking needs.

Set the phone to require a password to power on the handset or awake it from sleep mode. If it is lost or stolen, any confidential information stored on the device will be more difficult to access.

Whether you’re using the web or mobile client, don’t let it automatically log you into company bank accounts. If you do and your phone is lost or stolen, someone will have access to your money.

Don’t save your password, account number, PIN, answer to secret question or other such information on the mobile device.

Download and install antivirus software for your mobile device, according to the manufacturer’s recommendations.

Install operating system updates for your devices as they become available. They often include security updates.

Before you upgrade or recycle your device, delete all personal/business details.

This is confidential information that should be kept private. If you do share your account login or card number, you could become responsible for unauthorized activity. If another party needs to be able to perform transactions in your account, contact us to discuss the best method.

Avoid sending personal information, including account details, via email. Although your information is encrypted in transit, how and why is the recipient using and storing this info?

A cookie is a small file that is sent from a website you visited to your device. The cookie remembers your preferences the next time you visit. Cookies themselves aren’t harmful, but they carry personal data. That makes them a potential target for hackers if you’re signed into a public Wi-Fi like at a coffee shop or bookstore. We recommend you review your computer settings periodically and clean up unnecessary data, including cookies.

This can happen if a family member is using a new device to log in for the first time and you’re listed as the primary point of contact. Notifications can also be generated when scammers with your online banking information attempt to log in. Contact us and we’ll research the cause.

Let your financial institution know immediately. If someone has your CAP COM information, we can update your account for protection. Create new usernames and passwords, not just at CAP COM, but across all your online profiles (banking, social media). It might be a good idea to have your computer examined by a professional to rule out viruses.

Digital wallets such as Apple Pay and Google Pay offer built-in security features like PIN and fingerprint authorizations and encrypted card numbers or tokens. These layers of protections are more robust than your physical card. Learn more. 

A corporate account takeover is a form of identity theft in which criminals gain access to a business’s systems and perform fraudulent financial transactions. By using stolen credentials or posing as an account holder, the attacker gains unauthorized access to an account – then initiates fraudulent payments, authorizes wire transfers, steals sensitive data, etc. The attacks usually go unnoticed at first. Any malware introduced into your systems can go undetected for weeks or months. 

Protecting business email systems is extremely important because many of these attacks involve hijacking email accounts. Prior correspondences with financial institutions are gleaned for information. Those details are used to make transaction requests look legitimate.

Hang up. The Internal Revenue Service (IRS) communicates in writing.

Identity theft is the illegal use of someone else's personal information (such as a Social Security number), especially in order to obtain money or credit.  

When your identity is stolen the scammers will try to use that information to open accounts or loans in your name. Placing a warning or freeze on your credit file can help limit the damage. Explore the pros and cons of credit freezes and thaws. 

Contact your financial institution immediately. If your account is at CAP COM, we can research the item to help determine if it’s legitimate and offer guidance on disputes and other actions you can take.

Contact your financial institution immediately. If your account is at CAP COM, give us a call and explain what happened. We can walk you through next steps, whether it involves changing account information or protecting your personal information. Be sure to contact all impacted parties and financial providers. Follow-up is often necessary over several months and multiple phone calls. We’re here to help you through this ordeal.  

Fund transfer services are simply that. Since companies like Venmo don’t own the product or handle the delivery, these disputes are routinely denied by VISA®. Be aware that using these services to transfer money to someone you don’t know could be part of a scam.