Security Best Practices
Client best practices and controls for business online banking
Enterprise Bank & Trust recommends that you review your controls annually and perform a risk assessment on a regular, periodic basis.
Account Controls & Recommendations
- Clients should be proactive about learning about account features that may protect their accounts, such as daily transaction limits, security alerts and secure access codes.
- Recommend reconciliation of all banking transactions on a daily basis, preferably at the beginning and the end of each day.
- Recommend customers initiate ACH and wire transfer payments under dual control, with a transaction originator and a separate transaction authorizer, using separate computers.
- Review online banking user IDs and access levels with the bank on a regular basis, ensuring correct additions or deletions, etc.)
- Do not have user IDs that contain sensitive information, such as an account number or Social Security number.
- Create a strong password with at least eight characters that includes a combination of mixed case letters, numbers and special characters.
- Do not share usernames and passwords.
- Change the password a few times each year, perhaps even more than the required amount.
- Clients must familiarize themselves with the institution's account agreement and with the customer's liability for fraud under the agreement.
- Immediately escalate any suspicious transactions to the financial institution, especially ACH or wire transfers. There is a limited recovery window for these transactions, and immediate escalation may prevent further loss.
Internet Controls & Recommendations
- Limit access to bank, brokerage or other financial services information at internet cafes, airports, hotels, public libraries or any other networks that you do not control. Unauthorized software may have been installed to steal account number and sign-on information, leaving the customer vulnerable to possible fraud.
- Online banking users should question the authenticity of suspicious email. Phishing email often appears to be sent financial institutions or agencies, including the IRS, FDIC, NACHA and FBI.
- They may also appear to be from a known source, such as UPS, FedEx, etc. It may request account information or verification of banking credentials. We will not send you an email stating that our website is down, or your credentials have expired. Do not open the email. Opening file attachments or clicking on links could expose the system to malicious code that could hijack your computer. You may forward suspicious-looking emails to: [email protected].
- Use a unique password for each website that you access. Using the same password for Online Banking that you use for other online accounts may put your account at risk if someone is able to capture that password.
- Verify the use of a secure session (for instance, https and not http); in the browser for all online banking, or when submitting or dealing with sensitive information online.
- After using online banking, be sure to log out of the session and close out the internet browser. Never leave a computer unattended while accessing online accounts.
- Watch out for sudden pop-up windows asking for personal information or warning of a virus, or a warning of virus protection that has expired. This is known as “scareware” because it frightens people into providing information, downloading malicious software or paying for removal.
- Pay attention to the toolbars at the top of your screen. Current versions of the most popular internet browsers often will indicate if you are visiting a suspicious website.
- Be careful if you download software onto a cell phone. Software download to a phone has the potential to contain spyware or malicious code, which could allow a hacker access to your online banking application. Before downloading online banking software, check with the financial institution to make sure this option is safe and supported.
- Consider purchasing cyber fraud insurance and session protection technology.
- Subscribe to the FDIC Consumer News. This provides practical guidance on how to become a smarter, safer user of financial services. You can also read prior issues by going to www.FDIC.gov, and in the search engine put “FDIC Consumer News.”
System Controls & Recommendations
- Conduct all online banking activities from a dedicated, hardened and completely locked-down computer. Do not allow access to any email or websites other than the online banking site.
- Remove administrator rights on users' workstations to help prevent the inadvertent installation of malware or viruses.
- Install anti-virus and desktop firewall software on all computer systems. Ensure virus protection and security software are updated regularly. Anti-virus is only secure if it has the most recent signatures and updates.
- Consider a dedicated, actively managed hardware firewall, especially if you have a broadband or dedicated connection to the internet, such as DSL or cable.
- Ensure computers are patched regularly with security patches, especially the operating system and key applications.
- If you outsource IT work, make sure you choose a reputable company and/or qualified technical professional to manage your computer systems and network. The security of all of your company’s data and information is dependent on the capabilities of the IT staff who maintains it.