Resources > Cyber Security
Stay safe out there
Being in the know is the first step to protecting yourself and your business from cyber fraud. Choice Bank is committed to providing you with up-to-date resources and tips to help you stay informed.
According to the National Small Business Association, forty-three percent of small businesses reported being the victim of a cyber attack. Now, more than ever, it is crucial to take preventative measures to help protect you and your business from cyber fraud. The following are practices and procedures that can be put in place to aid prevention:
Employee Practices and Policies
- Employee actions or inactions create the greatest risk. Train employees on cyber security on an on-going basis.
- Create strong policies around password requirements (length, complexity, and expiration), use of e-mail, and internet usage. Prohibit shared ID’s and passwords.
- Require employees to review and sign an acceptable use statement that outlines your security policies and hold them accountable to these policies.
- Limit administrative rights for your employees so they are unable to download malware or viruses embedded in seemingly harmless applications.
- Assign access to data based on each employee’s need.
- Deploy strong network security including a dedicated and actively managed firewall, anti-virus solutions, anti-malware solutions, and intrusion detection / prevention systems.
- Install operating system and ancillary application patches on a regular basis.
- Seal off sensitive data on the network from third party systems.
- Use encryption solutions as appropriate (e-mail, laptops, thumb drives, cell phones).
- Test and validate the effectiveness of controls.
Online Banking Practices
- Use Online Banking to frequently review account activity.
- Require the use of dual-control for ACH and wire transfer origination.
- Utilize an out of band authentication method to confirm transfer requests (i.e. if a vendor sends you an e-mail including wire instructions, call the vendor back on the phone to confirm the instructions).
- Verify that all online banking sessions are secure.
- Avoid using Automatic Log-In features.
- Do not access Online Banking from a public computer.
- Utilize other cash management services that add additional protection, such as ACH Verify and Check Verify.
- Promptly report suspicious performance (workstation or the web site).
Human error is the weakest link in cyber security and contributes to at least 95% of all security incidents.
Businesses usually become compromised through a “phishing” attack. This attack might be disguised in a fraudulent email that appears to be a credible communication or it might be embedded in a website. When links or attachments in an email or on a website are opened, malware may be installed on the user’s computer. This malware may record keystrokes, capture otherwise secure information, and allow the attacker access to the network. In another type of scheme, the attacker intercepts email communication or “spoofs” employee email addresses, making it appear that an email is being sent legitimately from a co-worker or vendor. In this case, the attackers then use this compromised communication to instruct the employee to wire or transfer money.
To put it in plainly, systems usually become compromised because of something someone does (i.e. employee clicks on an attachment from an unknown source) or something that someone doesn’t do (i.e. failing to set a strong password or failure to patch operating systems and ancillary applications such as Adobe and Java). Having the best firewall on the market isn’t enough to protect you. Every business needs well-informed employees that can understand and identify various threats. Furthermore, it’s equally important they recognize how certain actions or inaction can put the company in a comprised position.
Links to helpful websites:
Stay in the know – we’ll share the latest updates, tips, and news on our blog.
Request Cyber Security Training
1, 2 Source: Cybersecurity Ventures
3 Source: Verizon 2019 Data Breach Investigations Report