Business security

Fraudsters are becoming increasingly sophisticated at exploiting vulnerabilities to commit fraud. At Think we work diligently to protect your information, but it is crucial that you play a role in preventing unauthorized access to your credentials as well.
 

Business security recommendations

Layered system security:

Use the right tools to prevent and deter unauthorized access to your network. Periodically review these tools to ensure they are up-to-date. Examples include:
  • Firewalls
  • Security suites
  • Anti-botnet, anti-malware, and antispyware programs
  • Encryption of laptops, hard drives, VPN's or other communications channels
  • Education of all computer users

Think Online safety:

  • Create a secure financial environment by dedicating one computer exclusively for Think Online and cash management activity. This computer should not be connected to the business network, have e-mail capability, or connect to the internet for any purpose other than Think Online.
  • Do not allow workstations used for Think Online to be used for general web browsing or social networking.
  • Verify use of a secure session (https) in the browser for all Think Online.
  • Do not conduct any online banking activity from free Wi-Fi hot spots like airports or internet cafes.
  • Cease all online banking activity if the Think Online application "looks" different than usual. Do not continue and contact the financial institution immediately.

Education:

  • Educate all computer users on cyber crimes so everyone understands that even one infected computer can lead to an account takeover.
  • Always ask, "Does this e-mail or phone call make sense?"
  • Educate all employees to think critically about each e-mail and phone call received.
  • Advise employees to: not open suspicious e-mails or e-mails from unknown persons, be particularly suspicious of e-mails or calls purporting to be from a financial institution, government agency or other organization requesting account information, account verification or banking access credentials.
  • Remember the analogy: An unsecure computer is the same as an unlocked house. If you fail to lock your house, then you have a significant chance of losing your valuables.

User accounts:

  • Establish user accounts for every computer and limit administrative rights.
  • Establish user accounts for every Think Online and cash management user.
  • Employ "user" settings to avoid accidentally downloading a credential-stealing program.
  • Require all employees to use strong passwords and change their passwords frequently.
  • Promptly deactivate or remove access rights from employees that no longer require access. (Example: inactive, transferred or terminated employees)
  • Take full advantage of options offered by financial institutions to reduce the risk of a large payment being initiated fraudulently. (Example: ACH File or wire transfer file limits)

Account security:

  • Consider initiating files or wire transfers under dual control, with assigned responsibility for transaction origination and authorization.
  • Reconcile accounts online daily; at a minimum, review pending or recently sent ACH Files and wire transfers.
  • Take advantage of appropriate account security services offered by your financial institution.
  • Require all employees to keep their log-in information secure.

Report suspicious activity:

  • Monitor and report suspicious activity. Ongoing monitoring and timely reporting of suspicious activity are crucial to deterring or recovering from fraud. A business should report anything unusual to the financial institution, such as log-ins at strange times of day, new user accounts, unauthorized transfers, etc. so the financial institution can immediately block the account and monitor activity.