Business Banking Security
Protecting your business financial assets is a top priority at People's United Bank, but we can't do it alone. Just as you protect your business from intruders by activating a burglar alarm at closing time, your business computers must be protected from cyber thieves attempting to exploit weaknesses in your computer network.
The links below provide security measures you can take to help protect your accounts from scams and other harmful attacks.
- Harden your computer against cyber attacks.
Computers that are not appropriately protected can become an open gateway for cyber criminals to access your online account or perform malicious activity. Unfortunately, antivirus alone is not enough to protect you from malware that can give cyber criminals control of your computers. Below are basic tips to protect the computers at your business.
1. Use a dedicated computer: If possible, dedicate a PC to be used ONLY for online banking purposes to mitigate against the risk of PC and user credentials being compromised. This PC should not be used for email, social media, or web browsing.
2. Password Protection: A unique password or token PIN is the first step of securing your online information. Select a password/PIN that is easy for you to remember but not quickly guessed, like birthdays, sequential numbers or street addresses. Do not share your password/PIN with anyone. Remember, our employees will never ask for your password.
3. Keep your operating systems, antivirus and other software up to date. Scan your computers for viruses regularly.
4. Fraud Awareness: Fraudsters use official-looking e-mails (Phishing) and websites to lure you into revealing confidential financial information. The messages appear to be from trusted banks, retailers or other companies. Be suspicious of any e-mail with urgent requests to “verify account information.” When in doubt, call the sender directly and validate the message. If you receive a suspicious email, do not click on any links or attachments, since they could contain malware. Just delete the email.
5. Transaction Review: Check your account balances and transaction activity daily and promptly report any suspicious activity to your account manager or call our Commercial Client Support team.
For more security tips to protect your computer see the Computer Protection Checklist.
- Make your computer less vulnerable to cyber thieves.
Your business online account has built-in security options you can use to protect and monitor your online activity. Don’t wait until your business is a victim of cyber fraud before you protect yourself.
1. Enroll and Check your Email Alerts: Alerts will notify you about activity on your account. Reviewing alerts immediately can protect against fraudulent activity on your account.
2. Review Account Activity: Review your online accounts for any transactions you did not initiate. Early detection may prevent large losses.
3. Requiring two individuals to execute transactions can prevent fraudulent activity even if one employee's computer is compromised.
4. Change your Password: Changing your password periodically reduces the chance of it being compromised.
5. Only use Company Computers: When accessing online business accounts, only use designated company computers that use the company network. Non-business computers and networks are more likely to be infected with malware.
Below is an additional security checks-lists for the eTreasury+ platform:
- How to identify common attacks by cyber criminals.
No one wants to become a victim of cyber fraud, but if it does happen, responding to it quickly is of the utmost importance. Below are ways to help your employees identify when they may be the victim of cyber fraud, or when you should consider contacting us for assistance. Be sure that all employees that participate in online banking are aware of these tips.
Contact customer support if you experience any of the following scenarios:
1. If you receive an email alert regarding a wire, ACH, or bill pay transaction you did not initiate
2. If you receive an email alert regarding a change of password or email address you did not create
3. If the login screen looks different or has unusual fields or prompts
4. If you see unknown transactions or balance inconsistencies on your account
5. If you receive a message saying online banking is unavailable due to maintenance or another reason after you just logged in
6. If you log on to online banking and are immediately logged off, your account is locked for no apparent reason, or your computer freezes
- Learn about your liability in the event of a cyber attack.
People’s United Bank provides commercial online business banking to its business customers to add convenience for conducting financial transactions, but we cannot assume liability for fraud on business accounts as a result of malware and system vulnerabilities on our customers' IT systems. Customers must ensure that adequate security controls are in place on their IT systems before accessing online banking to minimize risk.
Business customers are contractually obligated to maintain the security of their computers and must monitor their accounts. This means that you will be responsible for any fraudulent financial activity on your account if your computers or accounts are compromised. Business customers who use their IT systems to house proprietary, financial, or personnel information should employ an Information Security Professional periodically to conduct a thorough review of their systems and security controls.
Please be aware that the FDIC or Regulation E does not cover fraud losses for commercial customers. People’s United Bank recommends that all business owners discuss online fraud protection with their insurance carriers to ensure they are adequately protected in the event of a loss.
- eTreasury+ Security Checklist
Learn about recent business e-mail scams
A new form of ‘Man-in-the-E-mail’ scam targeting businesses has been on the increase. This scam has been labelled ‘Business E-mail Compromise’ or ‘BEC’ by the FBI. The scam focuses on the use of social engineering techniques targeting businesses and their employees for the purposes of committing ACH/Wire fraud. The scam begins through the use of a compromised or spoofed e-mail account of a high level executive (CEO, CFO, etc.), business partner, or trusted supplier requesting what appears to be a legitimate financial transaction. The request, if not validated by the business, results in a fraudulent transaction that the business unknowingly requests through a financial institution to process. Once the transaction is completed, the funds are quickly moved to another account by the fraudster, leaving the business with little to no chance at recovering the funds.
Businesses should be aware of such scams and ways to mitigate the risks associated with it. The most important step is to implement an internal procedure to validate any financial transaction request no matter who it is received from through means other than e-mail, prior to submission to a financial institution. If a request is received via e-mail, the requestor should be contacted through alternate means (ie. phone # on record) to validate the transaction details including the receiving account # and dollar amount at a minimum. Having this dual control step in place can go a long way to saving a business from this type of scam.
For more information about this scam and ways to protect your business, please visit the FBI/IC3 announcement page https://www.ic3.gov/media/2018/180712.aspx.