Fraud Prevention and Your Organization
As our world continues to be more accessible than ever before, the speed and convenience can come with a risk of fraud. Scammers have become increasingly complex, and it’s important to remain vigilant and cautious when it comes to your organization.
The National Bank of Indianapolis will never call, email or send a text message asking for a client’s online password, PIN number or social security number.
What can you do to help protect your organization from fraud?
Find out what online security protections your bank offers and use them.
Financial institutions have made fundamental shifts in how they help protect clients from cybercrime. The tools available are easy to use and cost effective. For example, consider using a filter for electronic payment transactions, such as ACH Debit Block. This filter allows you to specify which companies are authorized to post debits to your account and block those that are not authorized.
Two-Factor Authentication is the preferred method for any sign on that will allow it.
The extra layer of protection makes logging in more secure.
Refrain from using weak/easily guessed passwords.
Passphrases are more secure than passwords. The difference is passphrases are generally longer and more complex than passwords. Studies have shown that this increases overall security since most password cracking tools break down around 10 characters. So, the longer the passphrase, the more secure.
Limit permissions on websites.
Many websites prompt users to allow notifications and other permissions. Limiting these, as much as possible, can help control third-party access to personal information.
Proper disposal of physical documents and safeguard your paper checks.
This will ensure that fraudsters cannot go dumpster diving to obtain sensitive information.
Be aware of email scams.
Business-email compromise continues to be a growing threat to businesses of every size. Through detailed research, criminals obtain information and build profiles of senior executives, specifically of the CEO and CFO. These emails, known as business-email compromise (BEC), appear to be sent by the senior executive and request an urgent payment for a specific purpose.
This scam often happens when the CEO or CFO is out of the office, making it difficult for your employees to verify the legitimacy of the request. Designate one employee and one executive to request and approve wire transfers and always verify the legitimacy of the request.
Be leery of third-party emails.
Hover your cursor over links to verify the URL that the link is directing you to go. Many times, the link displayed will take you to a fraudulent link. Search separately for the actual URL. Even if you think you know the sender, verify the message is legitimate.
Never respond to a request for sensitive information through an unsecured email or text message.
Learn to spot warning signs, such as urgency, threatening language and poor grammar. Fraudulent requests may look professional but pay attention for misspellings or badly formatted content.
If you receive a request via text message, call the phone number you have on record for the sender and verify the request. Do not respond directly to the text without verifying its legitimacy.
If your organization does not already have a policy on internet usage, create one.
Employees should not be using their work emails for personal activities. If you use online banking services, designate one computer only for this purpose.
Firewall technologies are designed to prevent unauthorized access and should be kept current. Heed all security software warnings on links and attachments and do not download if advised not to.
Back up, back up, back up!
Computer viruses, ransomware and malware are less threatening if you back up your work daily. If your data is compromised, you can go back and retrieve updated files with minimal loss of information. Cloud storage is recommended, but regardless, files should be stored in a separate location.
Consider using air-gapped backup services.
These backups are not accessible from an external connection, like the internet. Air-gapped backups provide integrity of the backup, so if someone gets into a system, they cannot infect the backup.
If your system happens to be infected, the timeframe of the infection is important. An advanced persistent threat can be in your system for some time, which could infect your backups. Knowing when your system was infected and keeping backups for a specific timeframe can ensure the integrity.
Understand your liability.
It is a common misconception that if you are the victim of fraud, your bank will cover the cost. The Electronic Funds Transfer Act of 1978 (Regulation E) establishes the rights and liabilities of consumers only and does not apply to businesses.
Even though financial institutions are taking major steps to decrease your chances of being a victim of fraud, no institution can completely protect your accounts. Criminals are now focusing on the weakest link in the chain: your business practices. Educate your employees on the types of fraud and the steps you can take to protect your money.
Having the proper securities in place within your organization can significantly reduce your risk of being victimized. The cost of investing in fraud prevention measures will be considerably less than the cost of a committed fraud.
Learn more tips and how The National Bank of Indianapolis maintains the highest standards of security and privacy at https://www.nbofi.com/fraud-and-security-center.