How secure is your business from fraud, identity theft and cybercrime?

Businesses have unique challenges when it comes to fighting fraud. The most frequent sources are credit card abuse by internal employees, the absence of background checks when hiring employees, and overall lack of security. Use these tips to help better protect your business.

Ensure all of your checks, debit transactions, automatic payments and other withdrawals are ones that you authorized. In addition, check your bank and credit card statements each month to be sure all transactions are valid. Report suspicious activity immediately to help minimize impact.

Only provide each person (or program or computer, etc.) the privileges necessary to get the job done. Doing so reduces the risk of deleterious access to valuable assets. This approach also minimizes the damage from cyber-attacks by limiting what the proxy has permissions to perform. For example, if a virus infects a computer where a user has logged in, it cannot delete files, install itself, connect to other computers and steal information, if the user doesn't have these privileges. You can further strengthen security by using a special purpose computer for all financial transactions.

IDs and passwords are usually the first line of defense for protecting your computer and online accounts. They generally consist of letters, numbers and symbols. Use the following guidelines for selecting and storing IDs and passwords:

  • Use a minimum of eight characters containing a combination of uppercase and lowercase letters, numbers and symbols (#$%&).
  • Stay away from obvious information such as birthdays, pet names and nicknames.
  • Use a different password for each of your online accounts.
  • Avoid using the “remember my password” option even if your computer suggests it.
  • Change your passwords often and never reuse them.
  • Do not share your passwords; write them down or post them near your computer.

Checks should be written in numerical order, according to the check number printed on the front. When checks are written out of sequence, keeping track of what’s outstanding can be difficult.

  • Secure reserve supplies of checks, deposit slips and other banking documents in a locked facility and limit the number of people who have access.
  • Formalize procedures to securely retain and safely shred financial documents.
  • When possible, convert paper payments to electronic formats.
  • Never sign checks in advance.
  • Purchase checks directly from your financial institution.
  • Use a ballpoint pen when writing a check so that it cannot be erased.
  • Use dual authorization for all monetary transactions.
  • Conduct surprise audits.

Unscrupulous callers may ask for your personal information, your account number and/or your bank’s routing number. This information can be used to create an electronic draft against your account. The same is true for debit or credit card number(s). Farmington Bank will never call and ask for this information. In addition, when you call us to inquire about your account, we will ask security questions to verify your identity.

Never email your Social Security number, credit card or financial account numbers, passwords, or any other nonpublic personal information. Email is unsecure and can be intercepted. If you need to send a secure email, contact us at 877.376.2265 for further instructions.

The sooner you alert your financial institution to a problem, the sooner it can be resolved. Keep copies of any documents relevant to the investigation until it is complete. If you notice any fraudulent transactions on your Farmington Bank account(s), contact us immediately at 877.376.2265.

There are growing schemes that typically involve social engineering techniques to trick an employee into processing an illegitimate wire transfer. It’s relatively easy for cyber-criminals because they don’t need access to your email and/or online banking account. The cyber-criminals either register website domain addresses that are very similar (e.g., “i” replaced with “l”, etc.) to a company’s actual website domain address or by “spoofing” email address message headers. Additionally, the cyber-criminals will utilize a company’s website or social media accounts to identify the names of Executive Management (e.g., Chief Executive Officer, Chief Financial Officer, etc.) and individuals within Accounting and Finance Departments. Losses associated with email wire fraud can be financially devastating to a business as a majority of these thefts are not recoverable. Use the tips below to help safeguard your business from email-based wire fraud.

You should immediately verify the wire request with the individual the cyber-criminal is pretending to be by meeting with them in person or over the phone. You should avoid responding and confirming the wire via email as your replies will be sent to the cyber-criminal.

The cyber-criminals may notice an out-of-office message if they attempt to send an email to an targeted individual within the company. Once they receive the out-of-office reply, the cyber-criminals will target your company by sending an “urgent” request for a wire to be processed. You should pay special attention to urgent wire requests when key individuals (e.g., Chief Executive Officer, Chief Financial Officers, Controllers, etc.) are not in the office.

By clicking “reply,” you may realize that the message is being directed elsewhere (e.g., instead of the internal employee you thought you were communicating with.

This tip requires a bit more technical knowledge; however, you may be able to gather enough information to determine if the email is legitimate or from a cyber-criminal. When an email is sent from the sender to the recipient, the email’s message header is updated with technical details (e.g., sender’s email address, IP addresses, return email address, etc.). When reading the message header for a suspicious email, you should pay special attention to the “Reply-To:” field as this may include the cyber-criminals email address. Additionally, you should read through the message header to identify IP addresses or servers hosted in foreign countries (e.g., .ru, .ro, .cn, .cm, .cz, etc.) since this may indicate that the email is fictitious.

Regardless of becoming a victim to this fraud scheme, you should report instances of email-based wire fraud to law enforcement. It is highly recommended that you file a complaint on the Internet Crime Complaint Center website which is shared amongst local, state, federal/international law enforcement or regulatory agencies for criminal, civil, or administrative action, as appropriate.

Contact Us