Security Best Practices for Businesses

Security Best Practices for Businesses At Cross River Bank we understand the importance of online security and the need for various types of safety measures. On a daily basis, we take many precautions to successfully protect the security of your accounts and transactions. However, it is also up to you, our customer, who must participate in creating a secure environment to protect your online banking accounts from unauthorized access and fraudulent activity.

Security Best Practices

As each business is unique and operates differently, additional security measures may be necessary based on your environment and level of risk. We at Cross River Bank recommend that you periodically perform an internal risk assessment and evaluate your controls to determine if they are sufficient given your level of risk. We also recommend you educate and train employees on the following list of best practices, which should be used as a starting point to protect your online banking accounts.

1) Monitor account activity on a daily basis. Immediately review Wire, ACH or other transaction confirmations and report suspicious transactions or if your information has been compromised by contacting us at 1-877-55C-RB55.

2) Utilize dual controls and approval for ACH and wire transfer transactions.

3) Implement transaction limits that are appropriate for the level of transaction activity at your business.

4) Never share logins, passwords, dynamic tokens, or any other information that allows secure access to your online banking system. Do not leave them in an area that is not secure.

Avoid using passwords such as birthdays, family names, and pet names.
Avoid using passwords such as birthdays, family names, and pet names.

5) Use different logins and passwords for each online banking system. Your password should be easy to remember and difficult to guess. We recommend using best practices for strong passwords that include upper and lower case letters, numbers, and special characters. Periodically change passwords several times a year.

6) Avoid using passwords such as birthdays, family names, and pet names.

7) Do not store a list of passwords on the computer or keep them near your computer.

8) Never access websites for online banking from a public computer at an internet café, hotel, library, etc. and do not use public wireless access points or non-secure wireless networks.

9) Obtain and install commercial anti-virus, anti-malware and anti-spyware software, and consider installation of a managed firewall. Free software may not provide the level of protection required against the latest security threats. Keep all security software updated to the latest releases. In many cases the software can be configured to automatically update.

As each business is unique and operates differently, additional security measures may be necessary based on your environment and level of risk.

10) Keep computers updated with the latest operating system patches and updates for all software applications. This includes the operating system, browser software, and software programs such as Real Player, iTunes, and Microsoft Office. Most of the programs can be set to automatically update.

11) To prevent the inadvertent installation of malware, spyware, or viruses do not navigate the web when you are using an identity that has Administrative rights. Set up a separate identity for web browsing that does not have Administrative rights, and only use the Administrative rights identity when operating off of the web.

12) Be aware of pop-ups that prompt you to install software. A common scam is a message that warns of a virus installed on your computer and imitates running a virus scan. Never click OK to the popup that states software needs to be installed to remove the virus. Clicking OK will actually install malware, spyware, and/or a virus on your computer.

13) Limit or eliminate unnecessary web-surfing and e-mail activity by employees, including personal activity, on computers used for online banking. Consider using a dedicated computer to perform online banking transactions and do not use it for any other online purpose (ex: reading e-mail, web browsing, accessing social media sites).

To prevent the inadvertent installation of malware, spyware, or viruses do not navigate the web when you are using an identity that has Administrative rights.
To prevent the inadvertent installation of malware, spyware, or viruses do not navigate the web when you are using an identity that has Administrative rights.

14) If you are on a site that asks for personal information or login information check for the following on the web page:

  • Check that the online banking system session is secure by verifying the web address contains "https://" and not "http://". This ensures the site is secure.
  • Look for a closed lock either by the address bar or in the bottom frame of your browser. If the lock is missing the page is not encrypted and your information can be intercepted as it passes across the internet.
  • Type the address of the page you are browsing to in the address bar instead of clicking on a link. Links can be spoofed to look valid but may take you to a fraudulent site without your knowledge. Favorites can also be compromised and altered to take you to a fraudulent site.

Like “phishing” and other email or text scams, Social Engineering involves scamming or tricking people into breaking their normal security procedures in order to obtain information, commit fraud, or gain access to the victim’s computer system. These Social Engineers attempt to obtain information by gaining the confidence of an authorized user and getting them to reveal information that compromises the network’s security. The Social Engineer relies on the natural helpfulness and weaknesses of people. They may call the authorized employee with an urgent problem that requires immediate network access.

Additional Resources

Cross River Bank and legitimate companies or financial institutions will NEVER make an unsolicited contact requesting your user name, password, or other account information. It is important that all internet banking users be aware of such types of fraud.

You can report suspicious e-mails, text messages or any other suspicious activity or requests to your financial institution and the Internet Crime Complaint Center (www.ic3.gov), a partnership between the FBI and National White Collar Crime Center.