ONLINE BANKING SECURITY TIPS FOR OUR BUSINESS CLIENTS



Similar documents
Business Internet Banking / Cash Management Fraud Prevention Best Practices

Business ebanking Fraud Prevention Best Practices

Best Practices Guide to Electronic Banking

Payment Fraud and Risk Management

The information contained in this session may contain privileged and confidential information. This presentation is for information purposes only.

Electronic Fraud Awareness Advisory

Remote Deposit Quick Start Guide

Business Online Banking & Bill Pay Guide to Getting Started

Protecting your business from fraud

Your security is our priority

Safe Practices for Online Banking

Corporate Account Takeover & Information Security Awareness. Customer Training

Infocomm Sec rity is incomplete without U Be aware,

Online Banking Customer Awareness and Education Program

CBI s Corporate Internet Banking Inquiry Services gives you the ability to view account details and transactions anytime, anywhere.

Frequently Asked Questions

Retail/Consumer Client. Internet Banking Awareness and Education Program

Deter, Detect, Defend

Personal Online Banking & Bill Pay. Guide to Getting Started

Information Security Awareness

Don t Fall Victim to Cybercrime:

TRAINING FOR AMERICAN MOMENTUM BANK CLIENTS. Corporate Account Takeover & Information Security Awareness

Online Cash Manager Security Guide

PC Security and Maintenance

PROTECT YOUR COMPUTER AND YOUR PRIVACY!

Corporate Account Take Over (CATO) Guide

Secure and Safe Computing Primer Examples of Desktop and Laptop standards and guidelines

Online Security Awareness - UAE Exchange - Foreign Exchange Send Money UAE Exchange

M&T Web InfoPLU$ GETTING STARTED GUIDE

Cyber Security Awareness

Learn to protect yourself from Identity Theft. First National Bank can help.

Advice about online security

Online Security Information. Tips for staying safe online

Basic ebusiness Banking User Guide

Cyber Security Awareness

Enhanced Security for Online Banking

Why is a strong password important?

Safeguarding Your information and accounts

Identity Theft Protection

Online Cash Management Security: Beyond the User Login

High Speed Internet - User Guide. Welcome to. your world.

Fraud Detection and Prevention. Timothy P. Minahan Vice President Government Banking TD Bank

Hang Seng HSBCnet Security. May 2016

& INTERNET FRAUD

A Guide to Information Technology Security in Trinity College Dublin

Business Online Banking Quick Users Guide

Spam, Spyware, Malware and You! Don't give up just yet! Presented by: Mervin Istace Provincial Library Saskatchewan Learning

Preventing Corporate Account Takeover Fraud

Encrypted Users Guide. Revised 6/8/2015

Why you need. McAfee. Multi Acess PARTNER SERVICES

Information Security. Louis Morgan, CISSP Information Security Officer

BCS IT User Syllabus IT Security for Users Level 2. Version 1.0

Migration Manual (For Outlook 2010)

Migration Manual (For Outlook Express 6)

ONLINE ACCESS ONLINE ACCESS FAQS FAQS

Tax-Related Identity Theft: IRS Efforts to Assist Victims and Combat IDT Fraud

Introduction. PCI DSS Overview

Cyber Essentials Scheme

NATIONAL CYBER SECURITY AWARENESS MONTH

NETWORK AND CERTIFICATE SYSTEM SECURITY REQUIREMENTS

- Spam Spam Firewall How Does the Spam Firewall Work? Getting Started username Create New Password

10 Quick Tips to Mobile Security

1. Any requesting personal information, or asking you to verify an account, is usually a scam... even if it looks authentic.

Tips for Banking Online Safely

Desktop and Laptop Security Policy

Protect Yourself. Who is asking? What information are they asking for? Why do they need it?

ITSC Training Courses Student IT Competence Programme SIIS1 Information Security

Welcome to HomeTown Bank s Secure ! User Guide

KUMC Spam Firewall: Barracuda Instructions

Internet basics 2.3 Protecting your computer

Protection from Fraud and Identity Theft

Guidelines for Account Management and Effective Usage

Malware & Botnets. Botnets

Common Cyber Threats. Common cyber threats include:

Chapter 11 Manage Computing Securely, Safely and Ethically. Discovering Computers Your Interactive Guide to the Digital World

Protecting Yourself from Identity Theft

Barracuda Spam Firewall User s Guide

BE SAFE ONLINE: Lesson Plan

3 day Workshop on Cyber Security & Ethical Hacking

Business Online Banking Client Setup Form

Introduction to WSU

How To Protect Yourself Online

Using the Barracuda Spam Firewall to Filter Your s

Welcome to the Protecting Your Identity. Training Module

Transcription:

$ ONLINE BANKING SECURITY TIPS FOR OUR BUSINESS CLIENTS Boston Private Bank & Trust Company takes great care to safeguard the security of your Online Banking transactions. In addition to our robust security frame-work, we believe you play a critical role in helping to secure your Online Banking experience. For our Business Online Banking Clients, we have developed a standard set of security controls to help mitigate the risk of online fraud. In addition to our standard security controls described below, this document also outlines recommended security tips that you can use to help mitigate the risk of online fraud. These tips fall into two important categories that you need to focus on to help protect you from criminal fraud effective Online Business Banking security practices and technology practices to help secure your computing environment. BOSTON PRIVATE BANK STANDARD SECURITY CONTROLS FOR BUSINESS CLIENTS For business accounts, we have established the following standard Online Banking security controls: Client Validation,Verification and Login Before clients can use Online Banking, they must enroll. Once you are approved, you will be notified of your Access ID and initial Passcode. The initial passcode is good for one-time use after which you must create a new passcode in addition to selecting and answering three security challenge questions. If you are a client who has access to cash management functions (ACH/Wire), you will be sent a hardware token as well. The hardware token is a small device that fits on a key ring which generates a random security code by pressing the button on the face of the token (35 seconds display time). Your initial login will require you to either enter a token security code or a one-time security code generated via email at the time of login. Dual-factor Authentication at Login The Online Banking environment stores login and session statistics for all Online Banking clients. This information allows us to build a pre-login and post-login profile for each client, which can then identify unusual transactions or behavior based on the client s profile. Any activity that deviates from the client s historical profile is scored from 0 to 10 based on the differences in behavior. A high score of 10 at login indicates the highest difference in behavior. Having a high score can trigger the dual-factor authentication at login as described below. (continued on next page) BostonPrivateBank.com BOSTON SAN FRANCISCO LOS ANGELES

Dual factor authentication adds an extra layer of security by taking something the user knows (Access ID and passcode) and combining it with an additional form of authentication such as the security challenge questions, a one-time PIN, or the hardware token. If your score at login is high as noted above, in addition to Access ID and passcode, Clients without access to cash management functions (ACH/Wire) have the option of correctly answering two of the three security challenge questions originally selected at enrollment or you can request entering a one-time use PIN sent to your e-mail address on file. Clients with cash management functions that have a high score at login will be required to enter a random security code generated from the token in addition to your Access ID and passcode. Dual-factor Authentication for Clients with Cash Management Functions (ACH/Wire Payments) Authorized Clients will be required to enter a random number generated from the token in Online Banking to create, modify, delete and approve ACH/Wire payments. Business clients without ACH/Wire access will not need a token to conduct their Online Banking transaction activities. Dual-factor Authorization for User Administrators to create or modify a new user or administrator, you will be required to enter a one-time PIN to be sent to your email address on file. This provides another layer of security. An alert is also sent to you stating the new or modified changes of the user or administrator (see below alerts). Alerts Clients can select and configure numerous automatic notifications to be sent to them when certain events occur using the Notify Me Alerts tab. The Online Banking System provides three types of alerts: Account Activity Alerts notify clients of events on their accounts such as balances, transfers, and deposits; Messaging Alerts notify clients of secure messages waiting for them on the Online Banking website. Security Alerts notify clients of events that could potentially affect their on line access. Mandatory security alerts are sent to the client when there is a change to their Access ID, passcode, security challenge questions, or email address/mobile phone number. Use of the optional alerts is highly recommended. For more information on available alerts, go to the Notify Me Alerts Tab within Online Banking. BOSTON PRIVATE BANK RECOMMENDED SECURITY PRACTICES FOR BUSINESS CLIENTS In addition to our standard security controls, we are recommending that you consider the implementation of the following business and technology security practices to further mitigate the risk of online fraud. Business Security Practices Set Wire, ACH/Tax daily limits Setting a blanket limit for daily Wire, and ACH/Tax. Current limits are not date specified. Set additional approver for Wire, ACH/Tax Require dual control for Wire, ACH/Tax payment transactions. Validate all money transaction requests - Ensure the authenticity of all Wire/ACH and other money transaction requests originating from within your organization, especially those in the form of e-mail which can be compromised. Limit user entitlements Assignment of user entitlements should be minimized and given only to those when necessary. (continued on next page) 2

Reconcile and review daily Accounts should be reviewed and reconciled at least daily to detect any unauthorized transactions. Separation of duties Require separation of duties, dual controls, etc., over file and transaction creation, submission, and verification/reconciliation. Restrict home access Consider not allowing or strongly discouraging access to Boston Private Bank s Online Banking System from home computers. Create a strong passcode you will be required to enter a strong passcode, a minimum of 8 characters which will include at least a letter, a number, a special character, and it s case sensitive. You will not be able to use a dictionary word, and if the passcode is deemed to be weak you will be required to enter another passcode. Passcodes should never be shared, written down or stored on the computer. Consider changing the passcode a few times each year. Avoid using automatic login features that save your username and passcode. Log out Always completely log out from your Online Banking session. To properly close out the browser session, clients must click Log Out. Enable password protected screensavers Enable a password protected screensaver after a short period of idle computer inactivity. This protects against an unattended computer with an established session where the client has left the PC for some period of time. Technology Security Practices Download Trusteer Rapport We are offering Online Banking protection software from Trusteer, a leader in online security, free of charge. Trusteer Rapport helps to prevent fraudulent activity within your computer s browser when using our Online Banking System. Once downloaded, Trusteer Rapport will: Help to mitigate fraudulent Online Banking activity Aid in protecting your Online Banking login details Assist the Bank in stopping malicious online attempts against you Work quietly in the background of your computer To learn more and download Trusteer Rapport, please click on the Trusteer Rapport link in our Account Safety & Security section within our public website (https://bostonprivatebank.com). E-mail Security E-mail over the Internet is inherently unsecured. Adopt the following practices to help minimize the risk of being the victim of fraudulent e-mail scams: As e-mail is susceptible to hacking, it is important that all Wire/ ACH and other e-mail money transaction requests are validated for authenticity. Boston Private Bank provides Secure Mail, a secure encrypted e-mail service, to communicate confidential e-mail (continued on next page) 3

information between the Bank and its clients. When communicating confidential e-mail to us, such as account numbers and social security numbers, always use the Secure Mail service. Never communicate confidential information via normal Internet e-mail. Boston Private Bank will always utilize Secure Mail when communicating confidential e-mail information to you. In addition to Secure Mail, you may also communicate confidential information to us by phone to your Bank representative, by mail, via our Online Banking secure messaging feature, or visit one of our offices. To learn how to use our Secure Mail service, please visit our website www.bostonprivatebank.com and click on the Secure Mail link on our homepage. Opening file attachments or clicking on web links in suspicious e-mail could expose your computer(s) to malicious spyware and viruses leading to online fraud. Never open attachments (especially executable attachments), click on links, or respond to e-mail from suspicious or unknown senders. Be aware of e-mail scams and phishing. Phishing is an e-mail that falsely claims to come from a known sender. It typically provides a link to a phony website where you are asked to supply your confidential information. Be suspicious of e-mail purporting to be from a financial institution, government department or other agency requesting account information, account verification or banking access credentials such as Access IDs, passcodes, PIN codes and similar information. Never respond to unsolicited e-mail asking for confidential information. Avoid clicking on links provided in e-mails. It is better to type the address directly into your browser s address bar. Use e-mail filtering software to screen for unsolicited e-mail (spam). Consider installing a software tool that will assist in filtering spam from your e-mail in-box. These tools can help reduce the likelihood of a virus or worm installing a malicious program on your computer or receiving e-mail phishing attempts. Use a dedicated computer If possible, and in particular for clients that do high value or large numbers of online transactions, carry out all Online Banking activity from a stand-alone, hardened and completely locked down computer system from which e-mail and Web browsing are not possible. This will minimize the risk of infection by computer viruses or malware. Install a firewall Install a dedicated, actively managed firewall. A firewall limits the potential for unauthorized access to a network and computers. Enable logging of outbound connections to control and monitor traffic leaving your company s computer network. At a minimum, log outbound traffic to the Boston Private Bank Online Banking Website and maintain each log for at least one month. Apply security patches Use current versions of the operating system and applications on your company computer(s) and ensure that security patches are up-to-date. Most major software companies regularly release updates or patches to their software or operating systems to repair security problems. Some companies, (continued on next page) 4

such as Microsoft, offer you the ability to automatically receive these updates. All other vendor software updates can typically be found on their website. Update virus protection software Computer security programs including firewalls, anti-virus program and anti-spyware programs should be kept current. Ensure that your company computer(s) have anti-virus and anti-spyware protection and make sure these programs are updated regularly. Also, scan your computer(s) for viruses and spyware at least once per month. Implement Wireless networking security If you use wireless networking, secure the network with the practices listed below to reduce the risk of being hacked by a wireless intruder. Ensure wireless encryption is enabled and the encryption level selection is at least 128-bit encryption which provides a stronger encryption level. Change the default administrator ID and/or password provided by your wireless equipment(e.g., wireless router) manufacturer. Change the default wireless network name provided by your wireless equipment manufacturer so a hacker can t use the default to try to access your network. Select a name that is equivalent to a strong password. Consider the option that disables the broadcast of your wireless network name over the air at regular intervals. Broadcasting the name is unnecessary and increases the likelihood that an unwelcome neighbor or hacker will try to log in to your network. Also consider the option to limit access to your wireless network to only your computer device(s). Consult your wireless equipment manufacturer for assistance on how to select these options. Beware that connecting to an unprotected network may result in an intruder gaining unauthorized access to your computer. It is possible for someone to monitor your Internet connection and even record your password(s). Downloading Software Do not download or run software from unknown sources. This applies both to software available on the Internet and sent via e-mail. Installing software from unknown sources increases the probability of installing malicious code or accepting computer viruses. Limit administrative rights on your computers to prevent the inadvertent downloading of malicious software or other viruses. BostonPrivateBank.com 5

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information