Online banking has been ubiquitous for quite some time—and cybersecurity attacks that target business’ banking information are all too common. Stories of companies large and small that have had their banking data and accounts compromised date back to the beginning of online banking. Are you taking all the necessary steps to protect your company’s banking assets?
- Dedicate a System to Banking Access. Consider designating one non-Windows system (a majority of malware runs on Microsoft Windows) to business bank transactions, with access to only the sites necessary for banking. And don’t allow exceptions, which will undermine the reason for setting aside a banking-only system in the first place.
- Access Online Banking Through Preset Bookmarks. If you cannot designate a banking system, ensure staff use bookmarks rather than clicking email links or typing web addresses. Malware infection via email is a very common attack method, as are look-alike phishing sites that choose URLs similar to banks.
- Keep Systems Updated and Clean. Ensure all patches are installed for the OS as well as all applications. In addition, make sure no unnecessary plugins or programs are installed.
- Don’t Open Unexpected or Suspicious Email Attachments. As mentioned earlier, malware loves to travel via email, and many attacks are launched through infected attachments. And most antivirus won’t catch these attacks right away. As such, employees should be weary of all attachments.
- Require Multiple Sign-offs. For banking transactions, many mistakes and misdeeds can be prevented by requiring more than one person to sign off on banking transactions.
The Best, Best Practice
We’ve said it in nearly every posting, but it can never be said often enough: your company’s security posture is only as strong as your staff’s security knowledge and vigilance. All the technical security implementations are easily overcome with one small employee mistake, such as clicking an email link, mistyping a web address, or falling for a spear-phishing email lure. Investing in cybersecurity training for all employees is the best practice for securing your company.