2. Monitoring & Transmitting Financial Data — Do It Securely


  1. Initiate a "dual control" payment process with your bank and employees.
  2. Have dedicated workstations.
    • Lock down these workstations when not in use...even for short periods of time.
    • Do not use public computers — such as at the public library, hotel business centers or airport computer terminals — to access online banking.
  3. Use robust authentication methods and vendors.

    In addition to passwords and PINs:
    • Each user should have their own password — do not allow several users to share the same password.
    • Use complex passwords — ones that contain a combination of numbers, letters and/or symbols.
    • Consider using an additional authentication tool, such as a token or a smart card.
    • Each user should change their password frequently — approximately every 45-60 days.
  4. Update virus protection and security software.
    • Do not respond to emails or open attachments...unless you were expecting the communication. Phishing scam emails can come from both unrecognized and recognized sources.
    • You won’t ever receive an authentic email asking for your online banking credentials.
    • If something appears unusual or you receive an email requesting your online banking credentials, call your bank, but don’t click on any links or use any information from the email, as it may be a phishing email.
  5. Reconcile accounts daily.
    • Utilize bank account features, such as automated payment filters and other alerts that show unexpected activity on your accounts.

In This Chapter

The volume of attacks against small businesses increased threefold from 2011 to 2012.

Source: Source: 2013 Symantec Internet Security Threat Report