4 Things Every Good Cat Burglar Knows about Online Security for Business

Bank fraud. It’s real. It’s pernicious. It could happen to you. You probably know a few tips and tricks to protect your business while banking online, but do you have a thorough understanding of how online bank fraud works? Do you really know how to prevent criminal attempts and what to do if your accounts are hacked?   

Our Cash Management experts are committed to helping you protect your business’s private information, ensuring that you practice safe and secure online banking. What’s the best way to prevent theft?

Who better to ask, we thought, than a thief? Below, we share 4 secrets about online security that we learned from, believe it or not, a cat burglar.          

1. Pull on a ski mask

Slinky, feline, swift—cat burglars come like a whisper in the night. They descend on wires from the ceiling, slip past the dozing guard, perform dazzling acrobatic feats around the laser labyrinth, and cut a hole through 4-inch thick, bulletproof glass to finally lay their hands on their sparkling prize.

They always get the big diamond—because they live by the cardinal rule of stealing: never show your face.

When it comes to online security, you, too, should pull on a ski mask. Create “strong” passwords with at least eight characters that include a combination of mixed case letters, numbers, and special characters. They should not be obvious (names, birth dates, etc.) and changed frequently.

When creating usernames, do not use account numbers or social security numbers, and never share username/password information with third-party providers.

2. Case the joint

Any cat burglar worth his salt knows every job must begin with research. They spend days, weeks, even months reconnoitering their next target. Like a cat burglar, make it your job to know every detail. Check your last login time/date every time you log in. Be sure to monitor account balances, transfers, and other account activity frequently (preferably daily) for missing bills or unauthorized purchases.

You can take advantage of system alerts, including balance alerts, transfer alerts, password change alerts, ACH alerts, and wire alerts when viewing your accounts.

Separate accounts for electronic and paper transactions to simplify monitoring and tracking discrepancies, and employ bill pay whenever possible to limit account number dissemination and maintain better recordkeeping.

Don’t let pervasive phishing attempts trip you up. Never open, respond to, or click on a hyperlink in an email from an unknown source. A financial institution, government department, or other agency will never request sensitive account information, account verification, or banking access credentials, such as usernames, passwords, PIN codes, etc., via email. Be wary of emails that do. 

3. Cover your tracks

The diamond, of course, is not worth stealing unless you get away with it. Make it difficult for identity thieves to follow your online footprints:

• Don't use public, unsecure, or unattended computers for online banking.
• Never use public network access (e.g. Wifi available at Starbucks, airports, etc.) for online banking sessions.
• Never conduct banking transactions while multiple browsers are open on your computer.
• Don’t use automatic log-in features or save passwords on your computer.
• Always log out!
• Clear the browser cache before using online banking in order to eliminate copies of web pages that have been stored on the hard drive.
• Register your computer to avoid having to re-enter authentication information with each login. 

For your business’s administrative users:

• Limit administrative rights on users’ workstations to help prevent the inadvertent downloading of malware or other viruses.
• Dedicate and limit the number of computers used to perform online banking transactions. These computers should not allow Internet browsing or email exchange.
• Delete online user IDs as part of the exit procedure when employees leave your company.
• Assign dual system administrators for online cash management services.
• Use multiple approvals for monetary transactions and require separate entry and approval users.
• Establish transaction dollar limits for employees who initiate and approve online payments, such as ACH batches, wire transfers, and account transfers.
• Employ multi-layered authentication protocols, such as security tokens, biometric recognition, and Out-of-band authentication—which requires identity verification through a second channel (e.g. phone, text, or email)— when there is any deviation from your normal processing environment (e.g. upgrades, location, computer settings, etc.).

Because wireless networks can provide an unintended open door to your business network, we recommend that they be disabled. If a wireless network is absolutely necessary, however, be sure to secure it with a complex password, WPA/WEP encryption, and MAC filtering. Disable remote administration of the wireless network hardware and broadcast of the network SSID.     

4. Get a lookout-getaway

Every good cat burglar needs a lookout-getaway: foot on the gas pedal, ready to sound the alarm if the guard grumbles himself awake or the police come whizzing around the corner.

Use anti-virus and spyware detection software as your own lookout, and ensure that your computers are updated regularly with the latest versions and patches. Select, at minimum, a medium level of security for your browsers. Also, install a dedicated, actively managed firewall, which reduces the chance for unauthorized access to your network and computers.             

When the thieves are hot on your trail, your financial institution can act as your getaway. Report unusual or suspicious account activity immediately so your financial institution can guide you through the steps necessary to curtail potential losses and protect sensitive financial information.

When it comes to online banking fraud prevention, mimic the agility, cunningness, and adaptability of a cat burglar. After all, the best way to protect yourself from a thief is to learn from one. 

For more information about online bank fraud and best practices, contact your local financial institution.