Cyber threats are very real — take action today to protect your business.
Criminals all around the world are targeting U.S. businesses to steal online banking credentials and confidential information. Criminals target businesses of all sizes, no matter how small. A criminal might not be able to find your location on a map, but they can find you on the Internet and through email.
How does it happen?
Criminals use malicious software, commonly called malware, to infect business computers. Generally malware is delivered in an email disguised as a legitimate request which urges the user to click on the link or activate an attachment. Users can also become infected from some websites. In most cases, the malware is sophisticated enough to infect the entire business network, allowing criminals to view everything the business does.
What happens if our computers are infected?
Infected computers and networks allow criminals complete access to all information, including when you log into your online banking platform. The malware allows criminals to monitor everything you do, capture your online banking credentials and know your online behavior. Then, they use your credentials to initiate fraudulent transfers out of your accounts via wires or ACH or create counterfeit checks. To Union Bank, it appears you are initiating the transfers because they are processed using your credentials. Too often, a business is not aware of the infection until after their accounts are taken over and funds are removed. Criminal groups also harvest valuable information from your network such as employee identities, patient information and credit card numbers to sell on the black market. Criminals often monitor an infected business network for months to harvest as much information as possible before they take over the accounts.
What can I do to protect my network and accounts?
There are many things for a business to consider when protecting their network. Every business is unique so there is no single solution for all businesses. We encourage you to contact your IT provider about these threats to identify ways to protect your network. Here are a few things to consider: (This is not a complete list of options)
- Keep your Security Suite up-to-date with all necessary patches. Ensure the Suite includes bot-net protection, antispyware, anti-malware and scans every file before it is downloaded.
- Run network scans to identify malware already present or malware that slipped passed the Security Suite.
- Do not click on links or open attachments in emails from unknown senders or in emails that do not make sense (i.e. The U.S. District Courts will never send subpoenas via email).
- Avoid conducting online banking from public, free Wi-Fi connections.
- Use hardware and software firewalls.
- Encrypt VPN’s (Virtual Private Networks).
- Block websites that employees are prohibited from visiting and websites known to carry malware.
- Layer security options to put as much resistance between your network and the criminals as possible.
- Notify Union Bank if you are experiencing problems with your online banking platform (i.e. pop-ups even though you have enabled pop-up blocker, can’t shut the computer down, you type in the address to one website and are redirected to a different website, your online banking sign-on page looks different than normal, etc).
- If you even suspect your computers are infected, contact Union Bank immediately so we can review your accounts while you resolve the issue.
- Some businesses use one computer for all online banking activities that is not attached to their network and does not have email capabilities. Use this computer solely for online banking activities.
How does Union Bank help protect me?
Union Bank is committed to protecting our customer’s confidential financial information by providing the highest level of security for our online systems. In addition to offering the highest level of 128-bit software encryption protection, we have added additional security features to ensure your financial information is secure, helping protect you from compromised information and fraud.
- Business Banking Online - Requires a unique user code and password. Provides an Authentication Image and challenge questions to ensure user security.
- Wire Transfers - In addition to the features above, we provide another layer of protection called a security token. A security token is a small, connectionless device that generates a One Time Password to use each time you log in to Business Banking Online. This password is unique and changes frequently for your protection. We also establish dollar limits and require dual control for users initiating any wire transfers. We will also initiate call backs for verification of any outgoing wire transfers to that individual.
- ACH Transfers - In addition to the features mentioned previously for Business Banking Online and Wire Transfers, we utilize ACH Scheduler to validate and report dates and totals of ACH files you initiate. Web Cash Manager is the system used to create ACH transactions. Union Bank reconciles transactions created in Web Cash Manager to your ACH Scheduler entries for additional verification.
Contact us to discuss additional account security options that may be available to help protect your accounts. Here are a few things to consider:
- Educate everyone on this type of fraud scheme. Don’t respond to or open attachments or links in unsolicited e-mails.
- Ensure every employee has their own credentials and are not sharing with others.
- Have a method to review and approve new-user credentials created on your accounts.
- Avoid using the Administrator credentials unless necessary; create user accounts with limited authority for daily processing. If your credentials are compromised, this can help limit the damage a criminal can do. Review your account daily, especially pending or recently sent wires or ACH files.
- Report any suspicious activity to Union Bank immediately.
- Use dual-control for wire and ACH activity.
- Discuss available security options such as positive pay or ACH filters.
Practice these steps and be vigilant!
This blog article is for informational purposes only, and is not an advertisement for a product or service. The accuracy and completeness is not guaranteed and does not constitute legal or tax advice. Please consult with your own tax, legal, and financial advisors.