Online and Mobile Banking Security for Businesses
The security measures offered by ACNB Bank must be complimented by security measures at your business in order to provide reasonable security standards. You are expected to review the following and assess what risks you choose to address and which you choose to accept for protecting your online accounts.
ACNB Bank recommends the following precautions for businesses and other organizations to secure the computer environment that they use.
- For Your Computer Network
- Keep your computer operating system and browser current. Software developers are continually working to update their applications to combat new threats. In order to ensure your online banking activities remain secure, it's important to keep your operating system and browser version updated.
Use a firewall to protect your computer from other Internet users. Most current operating systems, such as Windows 7 and 8, come with one already installed. Make sure it is on and configured.
Utilize Anti-Virus/Anti-Malware software from a reputable vendor and ensure it’s up-to-date and enabled. Keep your virus definitions current. Allow it to scan your files real-time and schedule a full system scan at least once a week. Purchase the software from a reputable vendor. Don’t make the purchase based upon a pop-up saying your computer is vulnerable and needs an immediate scan.
Don’t make all computer users an Administrator. Change the user account on your computer so that employees operate as a user with limited rights based on their job function and not as an administrator who has full access to install software updates.
Train your employees to use extreme caution with email links and attachments. Educate your employees not to click on email attachments or links if they do not know the sender of the email. Even if they do know the sender, if the email is odd or unexpected, it’s best to call the sender and validate it before clicking any links or attachments.
Train your employees to identify phishing attempts. Educate your employees on the most common phishing scams, including emails claiming to be from mail delivery services, hotels, travel agencies and airlines, NACHA, the FDIC, trusted vendors and news syndicates. Visit the Phishing and Social Networking section of our website for more help on social engineering and phishing scams.
Train your employees to beware of pop-ups. Be on the alert for sudden pop-up windows asking for personal information or claiming your computer is infected with a virus. This is called “Scare ware” because it frightens you into providing information. In most cases, this also begins the installation of malware.
Perform regular backups of important data. Regularly backup your computer files in case your computer does become infected and needs quarantined for incident investigation.
Remain vigilant when your computer experiences performance problems. Note any changes in your computer’s performance such as:
- Loss of speed.
- Frequent Lockups.
- Unusual pop-ups in the middle of online banking asking for personal information that typically isn’t necessary.
- Unexpected disconnects from online banking and a screen stating the site is temporarily unavailable.
- Banking Online
Utilize a dedicated computer for online banking. Use a computer that is not also used by employees to view emails or browse the Internet. This will significantly lower your risk of infection. The cost of purchasing a dedicated computer is cheaper than the losses you could incur at the hands of a criminal.
Train your employees not to freely browse the web on the online banking computer. Browsing to news sites or personal use sites on business computers significantly increases your risks of computer malware infection. Even legitimate websites have been victims of site takeover and have posted links to nefarious sites. Again, consider the use of a computer dedicated just to performing online banking.
Do not use public computers or public Wi-Fi hot spots. Don’t use public library or hotel computers, or Internet access points (like Wi-Fi hotspots in airports, cafes or other unknown Internet access hosts) to perform online banking.
Physically secure your computer. Physically secure your computer from public areas of your office so key logging devices cannot be physically connected to your machine.
Log off or lock your computer when unattended. Never leave your computer unattended while using online banking and always close your session by using the logoff feature to ensure your session is closed.
Secure all your credentials. Secure all ID’s, Passwords and Tokens. Never share your credentials with anyone and don’t let the browser remember your passwords for you. Choose strong, complex passwords and do not use the same password across all websites that you log into. Your employees should be trained not to utilize corporate online banking credentials to access other sites such as personal email and social networking sites.
- Keep your account signers and users current. Review your account users on a regular basis and ensure:
- Access for each user is only what’s necessary; do not set everyone up as administrators with equal level rights.
- Delete employees when their employment has terminated.
- Utilize the Controls offered by ACNB Bank. Take advantage of all security options offered by the Bank including:
- Out-of-band for account authentication and transaction initiation features.
- Dual-control for ACH and Wire transactions.
- Positive Pay to allow you to approve all checks, ACH debits and ACH credits posting to your account.
- Account and user level transaction limits: if possible set them at individual transaction, daily, weekly and monthly activity levels.
- Activity Alerts via email or text message to your mobile device so you can see activity taking place on your account even when you’re away.
- Monitor your account balances and transactions regularly. Monitor your accounts daily, preferably once or twice a day before your bank initiates activity from your account. Be especially timely in reviewing activity each morning. Criminals will attempt to trick banks into processing outbound transfers before you have the ability to access your account and review your activity.
- Train employees to respond to alerts. Train employees to act upon Activity Alerts when received and ensure they’re communicating with their dual-control partner to ensure the activity they’re approving is accurate.
- Report suspicious activity to ACNB Bank. Contact the Electronic Banking Department immediately if you notice suspicious account activity or experience a malware infection on your computer.
- Electronic Banking Department – 1.888.334.ACNB (2262) or locally at 717.334.3161
- Evaluate the Risks to Your Business
Periodically perform a Risk Assessment to re-assess that all the above risk reduction strategies are employed and functioning as intended. Challenge your business to implement more risk reduction options where possible. A comprehensive Risk Assessment should examine the following key areas:
- Security policy.
- Asset management.
- Access controls – including User ID and Password standards.
- Communications and operational controls.
- Computer systems acquisition and management – including operating system and software updates/patches.
- Incident response procedures – what to do if your system is compromised.
- Business recovery and continuity – how do you recover if your system fails or is destroyed.
- Periodic testing - multiple companies are available to test the soundness of your policies and technical network and computer controls.
Get Cyber-Security Insurance. Talk to your insurance agent about cyber-security insurance.
Review your liability to protect information with legal counsel. Depending on your line of business, talk with your attorney regarding your liability to protect confidential customer or payment card information.
Remember, ACNB Bank will never:
- Call, email or text you asking for your Online Banking password, Wire PIN, token codes, account numbers or debit card numbers. If you receive such a call, email or text message, do NOT give out any information.
- Direct you to a website that asks you to update your personal account information.
- Send an email to you containing computer software updates.
- Visit your place of business and request to perform maintenance on your computer.
Important: If you receive a phone call, email or text message that you question, please take the time to call and ask us to validate the communication before taking any other action. Do not use the contact information provided in the email or text message that you receive. Use the number advertised on our web site or on the back of your debit/credit card so you know you are speaking to us.