Cybersecurity Awareness

Protect your business with Cash Management solutions through The Southern Bank’s Business Online banking platform. The Cash Management products offered by The Southern Bank will make your banking more efficient, secure, easy to use and easily accessible. However, with increased online access comes the risk of your business’s information being compromised through cybercrime.

Cybercrimes are not new. Cybercriminals employ various technological and non-technological methods to manipulate or trick you or other victims into divulging personal or account information. Such techniques may include asking you to perform an action such as opening a fraudulent e-mail attachment/link, accepting a fake friend request on a social networking site or visiting a legitimate, yet compromised, website that installs malware on your computer(s). Modern cybercrime is about money. Cybercriminals are broadening their targets to the financial accounts of business owners, employees, small businesses and medium-sized businesses. If these criminals find weaknesses in your cyber practices, significant business disruption and potential monetary losses could result.

In the same way you protect your business with locks, cameras and alarm systems, you want to be sure you are doing everything you can to protect your business virtually, too. Having protection-focused software is only part of the equation. No single layer of protection is enough — a layered security approach is needed, especially when employees can easily and unknowingly engage in potentially unsafe online behavior. The best practices outlined in this handout are intended to raise your awareness of ways to help protect, detect and educate your business’s employees about today’s online risks. We encourage you to understand your unique cybersecurity needs and create a plan suited for your company.

Secure Your Business’s Network, Data, and Computers

Dedicate a Computer: Try using one dedicated computer on a safe network to perform your online banking transactions. If a stand-alone device is not possible, then ensure that each user of online services uses his/her device (desktop computer, laptop or mobile) and his/her password.
Endpoint Protection: Install and maintain real-time anti-virus, anti-spyware and anti-malware resources. Use these tools regularly to scan your business network, and allow automatic updates for your software and operating systems.
Firewalls: Install firewall hardware to prevent unauthorized access to your network. Be sure to use Intrusion Detection Systems (IDS) or Intrusion Prevention Systems (IPS) services to detect and prevent attacks from causing harm.
Backup: Develop scheduled backups for all critical systems and data, then commit to verifying that the backups are usable by testing their validity on a regular basis.
Patch Management: Ensure all computers are updated as soon as possible. (Microsoft releases patches on the second Tuesday of each month.) Third-party software such as Adobe and Java products are important to update as well.
Secure Data Transfer: When sending sensitive information, email is not to be trusted. Find a user-friendly email encryption product when sending information outside your business.
Wireless: Do not use publicly available internet to access accounts or sensitive business information. If this type of access is needed, ensure your transmissions are encrypted. To do this, you can employ a Virtual Private Network (VPN).
VPN: Virtual Private Networks can be configured on most firewalls and are very helpful in keeping sensitive data protected. Be sure to protect VPNs with very strong passwords that change often.
Mobile: Be careful when using mobile devices and tablets. While convenient, information technology experts say that in many ways, mobile devices are more vulnerable to unwanted access.
Categorize and Isolate Information Systems: Keep your business email, payroll system and point-of-sale (POS) system on separate equipment/servers to prevent any compromise from impacting all systems at once.

Insurance

Consult with your insurance agent or carrier about employee dishonesty and cyber insurance coverage. Policy coverage may only be valuable if your corporate security policies are well defined, and procedures are followed.

User IDs, Tokens, Passwords, Controls

Do not share your secure user ID and password with anyone, even a coworker. The Southern Bank will ask for your user ID when you initiate a call, but The Southern Bank will never ask for your password. Never let anyone watch you log in to your bank account, especially while receiving remote support.

Make sure key employees have a trained backup in the event of an absence. Each backup should have their own ID and password available to continue banking business as usual. Ensure your bank is aware of the backup’s access rights.

  • Don’t forget to delete employee IDs and access when anyone leaves the business or sees a change in responsibilities. Regularly review an active access list to determine any changes to privileges that may be needed.
  • Create strong passwords, not something that is easily guessed. Try using a sentence with punctuation, special characters, or a mix of letters and numbers. Avoid dictionary words and passwords used in other locations. Try to keep the password length over 12 characters when possible.
  • Change your passwords often, at a minimum based on your company policy for these changes. Every 90 days is a good starting point.
  • When you sign in to a webpage and are given the option to save your password, select NO.

Dual Control to Create Safety Checks: Initiate ACH and wire transfer payments under dual control using two separate computers. For example, one person authorizes the creation of the payment file, and a second person authorizes the release of the file from a different computer system.

Periodic Updates

Hold meetings to review data security. Familiarize new hires with your security protocols to ensure everyone involved learns to spot possible attacks.

  • Suspicious emails: Don’t view or open attachments or click on links in unsolicited emails. Financial institutions and government agencies do not contact customers by email or phone asking for passwords, credit card numbers or other sensitive information. Be wary of pop-up messages claiming your machine is infected and offering software to scan and fix the problem.
  • Report Suspicious Activity: Make sure your employees know how and to whom suspicious activity should be reported both internally and with accounts at your financial institution. Immediately contact your financial institution if you notice unauthorized activity.

It is important to note …

  • The best practices covered above will help you protect yourself, your computer and your organization — but only if all precautions are followed to prevent unauthorized access to your computer and/or login credentials. Once an unauthorized person has gained access, it may be too late to stop their actions.

Cyber Resources

Stay informed about current threats by having these resource links saved in your browser’s favorites.

FBI’s Internet Crime Complaint Center (IC3)www.ic3.gov
Department of Homeland Securitywww.dhs.gov
National Consumers League’s Fraud Centerwww.fraud.org
Better Business Bureauwww.bbb.org/data-security/
Federal Trade Commission (the nation’s consumer protection agency)www.ftc.gov
Federal Bureau of Investigationswww.fbi.gov/scams-safety
Homeland Security Cybersecurity Research and Development Centerwww.cyber.st.dhs.gov
National Cybersecurity Alliancewww.staysafeonline.org

MEMBER FDIC. EQUAL OPPORTUNITY LENDER.

At The Southern Bank, we’re dedicated offering the tools and guidance needed to keep you, your business and your employees protected from cybercrime. For more tips and information on staying safe online, visit our blog at thesouthern.bank.