Best Practices for Business Customers
Who Access Their Accounts Online

Internet criminals continue to design new and more deceptive tools to steal personal information from online users and gain access to their funds. As a Guaranty eCorp user, we want you to know the steps you can take to reduce your risk of falling victim to these attacks and help prevent unauthorized access to your accounts as the losses incurred in the event your online accounts are hacked are the responsibility of you the client. Passwords and usernames are not sufficient to protect your systems from professional hackers.

Woodsville Guaranty Savings Bank recommends that all business customers who access and conduct transactions through eCorp consider the following measures to help protect their accounts and company from loss due to fraud.

Account Management

• Reconcile all banking transactions on a daily basis. 
  
• Require dual control for the initiation of ACH and wire transfer payments, with both an originator and authorizer approving debits before they are made. 
  
• Take advantage of the administrative features within eCorp to limit permissions given to individual employees. 
  
• Require security tokens for employees. 
  
• For certain transactions (ACH and Wires), consider additional approval methods (out-of-band) offered by the bank, such as call backs or a fax to confirm transactions.
  
  

System Security

• Install a dedicated, actively managed firewall, especially if you have a broadband or dedicated connection to the Internet, such as DSL or cable. A properly configured firewall with updated firmware and operating systems helps to limit the potential for unauthorized access to a network and computers.
  
• If possible, conduct online transactions from a stand-alone computer system without email and with web-browsing limited to only the sites necessary to conduct transactions and manage your company’s finances. 
  
• Install commercial anti-virus and desktop firewall software on all computer systems. Free software will not provide the same level of protection against the latest threats, as compared with products commonly available in the market today.
  
• Ensure virus protection and security software are updated regularly.
  
• Ensure that your computers receive necessary, periodic updates, particularly to the operating system of key applications. 
  
• Patch non-Microsoft applications like Adobe, Java and Flash Player, to name a few. Consider a tool like File Hippos’ Update Checker or Secunia Personal Security Inspector to alert you to the availability of critical patches for these and other third party applications. 
  
• Install malware/spyware detection programs. Commercial anti-virus programs alone are not sufficient to protect your systems from professional hackers. 
  
• Update malware/spyware programs regularly.
  
• Stay up to date on industry trends relating to online security and maintain relations with competent technical experts, (third parties or employees) to assist in maintaining your network security. 
  
• Consider a review of security web sites example: http://krebsonsecurity.com/ 
  
• Never leave your computer unattended while using any online banking or investing service.
  
• Never access bank, brokerage or other financial services information at Internet cafes, public libraries, etc. Unauthorized software may have been installed to trap account number and sign on information, leaving the customer vulnerable to possible fraud.
  
• Be suspicious of emails purporting to be from a financial institution, government department or other agency requesting account information, account verification or banking access credentials such as usernames, passwords, PIN codes and other personal information. Opening file attachments or clicking on web links in suspicious emails could expose your system to malicious code that could hijack your computer. When in doubt DO NOT OPEN. 
  
• Clear your browser cache before logging on to eCorp in order to eliminate copies of web pages that have been stored on the hard drive.
  
• Before entering a user code and password for any online banking at any website, verify that it is a secure session (https not http).
  

Passwords

• Create a strong password with at least 8 characters that include a combination of mixed case letters, numbers and special characters. Then, change your password often.
  
• Prohibit the use of shared usernames and passwords for online banking use.
  
• Use a different password for each website that is accessed.
  
• Never share username and password information with third-party providers or other employees.
  
• Avoid using automatic login features that save usernames and passwords for online banking.
  

Know Your Rights and Responsibilities

• If a transaction is made to your account that seems suspicious, particularly if that transaction is an ACH or wire transfer, contact Woodsville Guaranty Savings Bank immediately. There is a limited recovery window for these transactions, so immediate escalation may prevent further loss to you.
  
• Familiarize yourself with your account agreement(s) for online banking services, particularly with respect to your liability for fraud and the Uniform Commercial Code as adopted in the jurisdiction.
  

For more information

For additional resources about computer security and online scams, visit the Consumer/Identity Theft section of the FDIC’s website at www.FDIC.gov for various consumer alerts. Information on cyber security is available for businesses at www.us-cert.gov. Another cyber security website is http://www.fcc.gov/blog/empowering-small-businesses-become-cyber-secure.