How to keep your online business bank account secure
By ATB Financial 29 June 2020 5 min read
If you have a business with online transactions and banking, you may need to evaluate your cyber security strategy.
During the global pandemic, many enterprises and organizations increased their online presence towards a fully digital experience. The trend accelerated for both federal and provincial governments, which enabled digital deposits and support payments. This move and rising adoption of digital options has provided a window of opportunity for new types of online fraud—which require new methods of protection.
Here are six ways to enhance your business’ online banking security:
1. Two-factor authentication
One of the most effective security measures businesses can employ is two-factor authentication—and it’s easily accessible through your financial institution.
The process, also referred to as 2FA, relies on a user providing something they know (usually a password) and a second factor, either a security token or a biometric factor (like a fingerprint or facial scan). For example, after logging in to your account, you receive a code on your mobile phone that you need to input as a second step to access your account.
As a business or retail customer with ATB, you can turn on two-factor authentication from your desktop. You can also add the biometric factor—a fingerprint or facial recognition login—to your ATB Personal app.
2. Boost your password
Each of your employees should have their own set of unique login credentials, as should each of your business accounts. And none should be shared.
The Canadian Centre for Cyber Security offers the following tips to create a strong password:
- Come up with a phrase and use the first letter from each word to start off. For example, the phrase “My Dog Likes to Go Swimming” becomes mdltgs.
- Then add lower and uppercase letters, numbers and symbols, for Md6&lT4S.
- Make sure it’s at least eight characters long.
To keep things in order, establish the role of IT administrator; a person authorized to create passwords, and to move, modify or delete a user, as required. The administrator can manage these authorizations and accounts in the “Administration” tab of their ATB Online Business account.
3. Keep your personal information personal
Be careful about who you share your information with.
Changing your passwords frequently, not recycling or reusing passwords, having personal challenge questions and being cautious of what you share on social media are all strategies to protect your personal information. Fraud actors are able to obtain data from other accounts, platforms or a data breach and can use this information to try and gain access to several of your other accounts, including your bank account.
If a fraud actor does have access to your password and username, additional layers of protection, such as two-factor authentication can help safeguard your information. For example, fraud actors are more likely to abandon login attempts if the account has personal challenge questions in place such as, “what was the name of your first pet?”
Be sure that if you do use challenge questions, the answers to the challenge questions are not derived from information readily available on your social media platforms. This will make it easier for fraud actors to guess the answers correctly.
Don’t email or text your passwords—and don’t use public WiFi to log in to your accounts. Public WiFi networks are generally less secure because the information that’s being passed between devices is not encrypted. As a result, it’s an easy channel for fraud threat groups to tap into.
4. Get educated about fraud
Fraud protection really boils down to education and proper training for your employees. Be aware of data breaches and communicate them with your team. If their data was part of the breach, they should change any shared user names. There are several websites that can help you determine if your email address may have been obtained through a data breach. A great example is https://haveibeenpwned.com
Our 6 tips on fraud prevention outline the most common online scams and how to prevent them. One of the key ways to prevent fraud is to segregate duties so the person setting up a transaction is different from the person authorizing the transaction. This measure is most effective for business email compromise.
Proper security training teaches employees the importance of protection measures, such as having a strong password. We recommend offering fraud training on an annual basis so that employees can be reminded how to detect red flags and how to report them. Another great way to keep your employees vigilant and up-to-date is by creating an internal page where you can share current fraud trends and resources.
5. Reconcile your accounts on a daily basis
It’s important to reconcile your accounts on a daily basis to make sure nothing is missed. If you have an unauthorized transaction, talk to your financial institution immediately, as this will help them reach out to the right people in a timely manner and attempt to recover your lost funds.
Fraud actors typically move quickly and try to exhaust as much of the funds as they can, which is why it’s so important to take immediate action when something suspicious occurs.
6. Keep your computers and mobile devices up to date
Fraud threat groups are always hard at work to discover any security holes or vulnerabilities in our devices. This is why it’s so important to ensure your devices are updated at all times. These updates often include critical security patches that are discovered on a daily basis.
If you suspect you have malware on your device, or that your network is infected, have a technician run a comprehensive device scan, either in-house or at a shop. Mobile devices and laptops should be scanned once a year, or when a device is returned to you after being used by an employee.
While financial institutions have processes and procedures that keep your money and information safe, the steps listed above will help ensure that you are playing your part in keeping your online banking secure and mitigating any fraud risks. Take this interactive quiz to learn how secure your online banking practices are.
What happens if someone gets into my account?
If you suspect your account is potentially compromised, contact your financial institution immediately. They will temporarily suspend your accounts, reset your credentials and your passwords to protect your funds and personal information. Your financial team will be able to support you through the process and advise of any next steps you should take to mitigate fraud risks.
In the meantime, get that comprehensive device scan to clear any infections on your laptop or mobile device. Find out more about securing your business from cyber criminals in ATB’s Cyber Security Toolkit.