Back
Next

1 / 30
Secure Banking Practices for Businesses

Course Overview

This course will introduce you to the risks and threats that come with online banking, as well as technology and security best practices to help combat such threats. You will also learn about the key ways information is stolen, the cost of security incidents, top attack targets, breach methods and popular malware types used by criminals.

This course contains the following four sections:

  1. How Your Information Gets Stolen
  2. Security Threat Landscape
  3. Partnership for Protection
  4. Protecting Online Accounts for Businesses

2 / 30
Section Objectives

By the end of this section, you will recognize the key ways fraudsters steal valuable information.

Topics

  • Social Engineering
  • Knowledge Check: What is Valuable Information?
  • Malware
  • Popular Banking Malware
  • Malware Tactics
  • Knowledge Check: Threat to Security

3 / 30
***l imageTermWidget***r ***l widgetTitle***r ***l /widgetTitle***r ***l activityInstructions***r ***l p***r ***l b***r Instructions ***l /b***r ***l /p***r ***l br/***r ***l p***r ***l i***r Click on each topic to learn about two popular social engineering ploys.***l /i***r ***l /p***r ***l br/***r ***l /activityInstructions***r ***l pageContent***r ***l p***r Social engineering is the act of manipulating people into performing a specific act or breaking normal security procedures. Social engineers take advantage of the trusting nature of people to steal information, spread malicious software and much more. Social engineering is a component of many, if not most, types of security breaches.***l /p***r ***l br/***r ***l /pageContent***r ***l imageItem***r ***l itemImage***r ***l /itemImage***r ***l itemText***r Phishing***l /itemText***r ***l contentArea***r ***l text***r ***l p***r The most common examples of phishing are fraudulent ***l b***r emails ***l /b***r claiming to be from a trusted source in order to get victims to provide the attacker valuable information. ***l /p***r ***l br/***r ***l p***r For example, a social engineer may send an email that appears to be from your bank that lures you to a copycat website that looks just like your bank's site. Once there you are instructed to 'verify' certain personal information, which is then used to hijack your account and your identity. ***l /p***r ***l br/***r ***l /text***r ***l image***r ***l /image***r ***l audio***r ***l /audio***r ***l /contentArea***r ***l /imageItem***r ***l imageItem***r ***l itemImage***r ***l /itemImage***r ***l itemText***r Vhishing***l /itemText***r ***l contentArea***r ***l text***r ***l p***r Vhishing is the practice of using social engineering techniques to trick people into providing sensitive information over the ***l b***r phone***l /b***r . Vhishing calls may be automated or conducted by human operators. ***l /p***r ***l br/***r ***l p***r A common scam is for the attacker to pose as a financial institution alerting the victim of fraudulent activity on their account. The attacker requests the victim provide sensitive information such as account number, social security number or PIN to verify the transactions. This information is then used to hijack your account and your identity.***l /p***r ***l br/***r ***l /text***r ***l image***r ***l /image***r ***l audio***r ***l /audio***r ***l /contentArea***r ***l /imageItem***r ***l instructionsBoxTitle***r Introduction***l /instructionsBoxTitle***r ***l briefInstructions***r ***l /briefInstructions***r ***l instructionsBtnText***r Instructions***l /instructionsBtnText***r ***l /imageTermWidget***r ***l activityAudio***r ***l instructionAudio***r ***l /instructionAudio***r ***l contentAudio***r ***l /contentAudio***r ***l /activityAudio***r ***l altTags***r ***l closeAlt***r ***l /closeAlt***r ***l instructAlt***r ***l /instructAlt***r ***l submitAlt***r ***l /submitAlt***r ***l playPauseAlt***r ***l /playPauseAlt***r ***l muteUnmuteAlt***r ***l /muteUnmuteAlt***r ***l replayAlt***r ***l /replayAlt***r ***l stepPrevAlt***r ***l /stepPrevAlt***r ***l stepNextAlt***r ***l /stepNextAlt***r ***l restartAlt***r ***l /restartAlt***r ***l /altTags***r 
4 / 30
***l p***r You just learned that social engineers use a variety of techniques to trick you into revealing personal information. To avoid becoming a victim, it's important to know what may count as valuable information to a fraudster. Decide if you think the following statement is True or False.***l /p***r ***l br/***r ***l p***r ***l b***r Active email addresses are valuable targets to online attackers.***l /b***r ***l /p***r ***l br/***r ***l p***r ***l b***r Instructions***l /b***r ***l /p***r ***l br/***r ***l p***r ***l i***r Click to select whether you think the statement is True or False.***l /i***r ***l /p***r ***l br/***r sample***l p***r True***l /p***r ***l br/***r ***l p***r ***l b***r Correct***l /b***r ***l b***r !***l /b***r  Email addresses are valuable targets as they can lead to further attacks like traditional phishing or sophisticated, targeted attacks. Even information that may seem harmless could be used for criminal activities in the wrong hands. ***l /p***r ***l br/***r ***l p***r Use caution sharing your email address online or with website mailing lists. Consider maintaining an alternate email for these types of activities.***l /p***r ***l br/***r true***l p***r False***l /p***r ***l br/***r ***l p***r ***l b***r Incorrect.***l /b***r  Email addresses are valuable targets as they can lead to further attacks like traditional phishing or sophisticated, targeted attacks. Even information that may seem harmless could be used for criminal activities in the wrong hands.  ***l /p***r ***l br/***r ***l p***r Use caution sharing your email address online or with website mailing lists. Consider maintaining an alternate email for these types of activities.***l /p***r ***l br/***r True or False?View QuestionAnswerView Answer
5 / 30

Malware is a very real threat in the world of online banking. Knowing what malware is and how infections occur can help you protect yourself against an attack.

Instructions

Roll over each topic to learn more.

***l optionWidget***r ***l options***r ***l option***r ***l optionTitle***r What is malware?***l /optionTitle***r ***l content***r ***l p***r Malicious software, or malware, is software designed to break into or damage a computer system without the owner's knowledge. ***l /p***r ***l br/***r ***l p***r Examples of malware include computer viruses, worms, Trojan horses, spyware and adware.***l /p***r ***l br/***r ***l /content***r ***l audio***r ***l /audio***r ***l /option***r ***l option***r ***l optionTitle***r How can I get infected?***l /optionTitle***r ***l content***r ***l p***r Most malware cannot get onto your computer without some action on your part. Malware creators use many tactics, including social engineering, to get you to run the infected file on your system. ***l /p***r ***l br/***r ***l /content***r ***l audio***r ***l /audio***r ***l /option***r ***l /options***r ***l /optionWidget***r ***l altTags***r ***l closeAlt***r ***l /closeAlt***r ***l instructAlt***r ***l /instructAlt***r ***l submitAlt***r ***l /submitAlt***r ***l playPauseAlt***r ***l /playPauseAlt***r ***l muteUnmuteAlt***r ***l /muteUnmuteAlt***r ***l replayAlt***r ***l /replayAlt***r ***l stepPrevAlt***r ***l /stepPrevAlt***r ***l stepNextAlt***r ***l /stepNextAlt***r ***l restartAlt***r ***l /restartAlt***r ***l /altTags***r 
6 / 30
***l clickAndRevealWidget***r ***l activityInstructions***r ***l p***r There are many ways fraudsters may trick you into downloading malware on to your computer. This activity will introduce you to some of the most commonly used tactics.***l /p***r ***l br/***r ***l p***r ***l b***r Instructions***l /b***r ***l /p***r ***l br/***r ***l p***r ***l i***r Click Begin to start. Then, click each flash card to reveal a malware tactic. ***l /i***r ***l /p***r ***l br/***r ***l /activityInstructions***r ***l imageItems***r ***l imageItem***r ***l itemImage***r ***l /itemImage***r ***l itemText***r ***l text***r Free Downloads ***l /text***r ***l audio***r ***l /audio***r ***l /itemText***r ***l contentArea***r ***l text***r ***l p***r Many free downloads available on the Internet contain malware, specifically adware. Do not download software from the Internet unless you can absolutely trust the source.***l /p***r ***l br/***r ***l /text***r ***l image***r ***l /image***r ***l audio***r ***l /audio***r ***l /contentArea***r ***l /imageItem***r ***l imageItem***r ***l itemImage***r ***l /itemImage***r ***l itemText***r ***l text***r Pop-ups***l /text***r ***l audio***r ***l /audio***r ***l /itemText***r ***l contentArea***r ***l text***r ***l p***r Pop-ups can contain malware. If you get a pop-up, do not click inside the window to close it as it may execute the malware. Instead click the 'X' icon in the window to close it.***l /p***r ***l br/***r ***l /text***r ***l image***r ***l /image***r ***l audio***r ***l /audio***r ***l /contentArea***r ***l /imageItem***r ***l imageItem***r ***l itemImage***r ***l /itemImage***r ***l itemText***r ***l text***r Email Attachments***l /text***r ***l audio***r ***l /audio***r ***l /itemText***r ***l contentArea***r ***l text***r ***l p***r Email attachments from unknown senders may contain malware. Even if you know the sender, the file could be infected. All email attachments should be scanned for viruses before opening.***l /p***r ***l br/***r ***l /text***r ***l image***r ***l /image***r ***l audio***r ***l /audio***r ***l /contentArea***r ***l /imageItem***r ***l imageItem***r ***l itemImage***r ***l /itemImage***r ***l itemText***r ***l text***r Unknown Email Links***l /text***r ***l audio***r ***l /audio***r ***l /itemText***r ***l contentArea***r ***l text***r ***l p***r Clicking on unknown email links can be risky for a couple of different reasons. Email links designed to infect your computer with malware can either direct you to a Web page with embedded malware, or activate a malware program embedded in the email itself. Avoid this by not clicking on the link and instead go to the website itself.***l /p***r ***l br/***r ***l /text***r ***l image***r ***l /image***r ***l audio***r ***l /audio***r ***l /contentArea***r ***l /imageItem***r ***l /imageItems***r ***l optionalFeedback***r ***l text***r ***l /text***r ***l audio***r ***l /audio***r ***l boxTtitle***r Feedback***l /boxTtitle***r ***l /optionalFeedback***r ***l instructionsBoxTitle***r Activity: Malware Tactics***l /instructionsBoxTitle***r ***l beginBtnText***r Begin***l /beginBtnText***r ***l instructionsBtnText***r Instructions***l /instructionsBtnText***r ***l flipInstructText***r Click to flip...***l /flipInstructText***r ***l fleedbackBtnText***r Feedback***l /fleedbackBtnText***r ***l /clickAndRevealWidget***r ***l activityAudio***r ***l instructionAudio***r ***l /instructionAudio***r ***l /activityAudio***r ***l altTags***r ***l closeAlt***r ***l /closeAlt***r ***l instructAlt***r ***l /instructAlt***r ***l submitAlt***r ***l /submitAlt***r ***l playPauseAlt***r ***l /playPauseAlt***r ***l muteUnmuteAlt***r ***l /muteUnmuteAlt***r ***l replayAlt***r ***l /replayAlt***r ***l stepPrevAlt***r ***l /stepPrevAlt***r ***l stepNextAlt***r ***l /stepNextAlt***r ***l restartAlt***r ***l /restartAlt***r ***l feedbackBtnAlt***r ***l /feedbackBtnAlt***r ***l /altTags***r 
7 / 30
***l p***r Let's take a look at a couple of the most common types of malware used to target online banking sites. ***l /p***r ***l br/***r ***l p***r ***l b***r Instructions***l /b***r ***l /p***r ***l br/***r ***l p***r ***l i***r Click on each term to learn more. ***l /i***r ***l /p***r ***l br/***r Keystroke LoggerA keystroke logger is a form of malware that tracks the keys a user strikes on a keyboard. The Zeus Trojan, one of the most rampant keystroke loggers, specifically targets online bank accounts. It lurks on infected systems waiting for the user to visit banking websites. At this time, Zeus awakens and records the system user's key strokes as they type in their confidential passwords and account details. This information is used by fraudsters to access the victim's account and transfer out money.Online Session HijackingSophisticated malware allows fraudsters to perpetrate man-in the middle (MIM) or man-in-the browser (MIB) attacks on their victims. In a MIM/MIB attack, the fraudster inserts himself between the customer and the financial institution and hijacks the online session. Then they either intercept the login credentials or modify/create transactions not authorized by the victim.Introduction Instructions
8 / 30
***l p***r Which of the following do you think is the biggest threat to the security of your online information?***l /p***r ***l br/***r ***l p***r ***l b***r Instructions ***l /b***r ***l /p***r ***l br/***r ***l p***r ***l i***r Click to select your answer.***l /i***r ***l /p***r ***l br/***r sample***l p***r Malicious software***l /p***r ***l br/***r ***l p***r ***l b***r Incorrect.***l /b***r  Malware is a real threat to the security of your information but it requires an action on your part to get on your system.***l /p***r ***l br/***r ***l p***r Remember, technology alone can't protect information. The human factor-what people do or don't do is the biggest threat to information security. Following secure procedures and best practices is critical to keeping your information safe.***l /p***r ***l br/***r ***l p***r Social Engineers***l /p***r ***l br/***r ***l p***r ***l b***r Incorrect.***l /b***r  Social Engineers pose a constant threat to the safety of your information but with some knowledge you can avoid becoming a victim.***l /p***r ***l br/***r ***l p***r The human factor-what people do or don't do is the biggest threat to information security. Following secure procedures and best practices is critical to keeping your information safe.***l /p***r ***l br/***r ***l p***r Individual actions***l /p***r ***l br/***r ***l p***r ***l b***r Correct! ***l /b***r Technology alone can't protect information. The human factor-what people do or don't do is the biggest threat to information security. Following secure procedures and best practices is critical to keeping your information safe.***l /p***r ***l br/***r trueQuestion: Threat to SecurityView QuestionAnswerView Answer
9 / 30
Section Objectives

By the end of this section, you will recognize the monetary risk of security incidents as well as the top attack targets, breach methods and malware types used by criminals in 2011.

Topics

  • Global Security Report
  • Cost of Security Incidents
  • Who's at Risk?

10 / 30
***l p***r Trustwave is the leading provider of data security and compliance management solutions to businesses throughout the world. The Trustwave 2012 Global Security Report is founded on data from real-world investigations and research performed by Trustwave SpiderLabs in 2011.***l /p***r ***l br/***r ***l p***r ***l b***r Instructions***l /b***r ***l /p***r ***l br/***r ***l p***r ***l i***r Click the forward arrow to learn key findings from the 2012 Global Security Report.***l /i***r ***l /p***r ***l br/***r ***l p***r ***l b***r Attacker Targets***l /b***r ***l /p***r ***l br/***r ***l p***r 89% of online security breaches involved the theft of customer records, including payment card data, personally identifiable information and other records, such as email addresses. ***l /p***r ***l br/***r ***l p***r The sensitive information of businesses and individuals remains the number one target of hackers.
***l /p***r ***l br/***r ../assets/target.png***l p***r ***l b***r Top Attack Method for Banking***l /b***r ***l /p***r ***l br/***r ***l p***r Banking malware, such as the Zeus Trojan, accounted for 36% of all attacks against the Banking industry, including online bank accounts.***l /p***r ***l br/***r ../assets/attacker.png***l p***r ***l b***r Malware Types***l /b***r ***l /p***r ***l br/***r ***l p***r Keystroke loggers and malware that targets specific applications tied for second place, each causing 13.2% of breach investigations in 2011. ***l /p***r ***l br/***r ***l p***r Application-specific malware and keystroke loggers are frequently used in attacks on online bank accounts and represent a large threat for businesses and individuals.
***l /p***r ***l br/***r ../assets/graph.png***l p***r ***l b***r Anti-virus***l /b***r ***l /p***r ***l br/***r ***l p***r Anti-virus software is critical to help keep your system secure, however it should always be used along with other security technology and best practices.***l /p***r ***l br/***r ***l p***r Targeted malware, which is frequently used in online accounts attacks, uses very specific techniques to break into your system. Since it doesn't target the common system vulnerabilites most malware exploits, it can be missed by your anti-virus software. In 2011 anti-virus detected less than 12% of the targeted malware used in system breaches. ***l /p***r ***l br/***r ../assets/firstaid.pngIntroduction  Instructions***l p***r The number one target of fraudsters is valuable information, including online account information. Small businesses and individuals are easy targets for criminals since they don't necessarily have the same level of security as large organizations. ***l /p***r ***l br/***r ***l p***r Malware, specifically keystroke loggers and targeted malware, are the tools of choice for these criminals. It is important to be aware of these threats and use security best practices combined with technology to protect your valuable information.***l /p***r ***l br/***r SummaryReturn to Step
11 / 30

Malware and other online attacks will be responsible for an estimated $210 million in losses in North America this year, according to a report released in late 2011 by Boston-based analyst firm Aite Group.

The firm expects that the losses due to corporate account takeovers will increase from the $210 million estimated this year to $371 million by 2015.

12 / 30
***l p***r As you just learned, small to mid-sized businesses and individuals are often the targets of online attacks. Let's take a closer look at why fraudsters prefer to target them.***l /p***r ***l br/***r ***l p***r ***l b***r Instructions***l /b***r ***l /p***r ***l br/***r ***l p***r ***l i***r Click on each term to learn more. ***l /i***r ***l /p***r ***l br/***r BusinessesSmall to mid-sized businesses have bank accounts big enough to be appealing to fraudsters, and often times their security is not as strong as larger organizations. Corporate account takeover is a popular type of business indentity theft in which a criminal steals a company's valid online banking credentials. Attacks are typically performed using malware. Since many small businesses have less sophisticated security controls, the malware may go undetected for weeks, even months, giving criminals plenty of time to do all kinds of damage.IndividualsIndividuals are easy targets for malware and other online attacks. Systems can be infected when users perform common acts such as visiting a website or opening an email attachment. Many online bank account hijacking attempts come as a result of hacking into individual user accounts, and from there electronically breaking into the bank using their information and security codes.Introduction Instructions
13 / 30
Section Objective

By the end of this section, you will learn how you and your bank can work together to protect valuable information.

Topics

  • Online Banking Security
  • Your Bank's Role
  • Your Role

14 / 30
***l root***r ***l gui***r ***l interface***r ***l stage/***r ***l top src='' border=''/***r ***l left src='' border=''/***r ***l right src='' border=''/***r ***l bubble path='../images/swf'/***r ***l /interface***r ***l context***r ***l text***r ***l p***r The following conversation is between an online banking customer and a bank security expert. They are discussing the popularity of online banking and the security measures that help protect against ever evolving online security threats. ***l /p***r ***l br/***r ***l p***r ***l b***r Instructions***l /b***r ***l /p***r ***l br/***r ***l p***r ***l i***r Click Begin to view a conversation about online banking security. The forward arrow allows you to move through the dialogue.***l /i***r ***l /p***r ***l br/***r ***l /text***r ***l font face='arial' size='11' color='0x000000' bold='false' underline='false' italic='false' bgcolor='0xffffff'/***r ***l /context***r ***l instructions***r ***l text***r ***l /text***r ***l font face='arial' size='11' color='0x000000' bold='false' underline='false' italic='false' bgcolor='0xffffff'/***r ***l /instructions***r ***l feedback***r ***l text***r ***l p***r ***l li***r Your bank has implemented layers of security measures to help keep your account secure.***l /li***r ***l li***r Contact your Banker to find out the specific security measures your bank is taking to protect your information***l /li***r ***l li***r Review all banking agreements.  Consumers are provided certain additional protections under Regulation E which should be addressed in these agreements or contact your banker for additional information regarding these protections.***l /li***r ***l li***r The constant evolution of threats requires security to be a partnership between you and your bank.***l /li***r ***l li***r Click Next to learn more about your bank's role and your own role in protecting information.***l /li***r ***l /p***r ***l br/***r ***l /text***r ***l font face='arial' size='11' color='0x000000' bold='false' underline='false' italic='false' bgcolor='0xffffff'/***r ***l /feedback***r ***l person name='Ashley ' img='../assets/ashley_customer.png'***r ***l font face='arial' size='11' color='0x000000' bold='false' underline='false' italic='false' bgcolor='0xffffff'/***r ***l /person***r ***l person name='Chris ' img='../assets/MIC01_14.png'***r ***l font face='arial' size='11' color='0x000000' bold='false' underline='false' italic='false' bgcolor='0xffffff'/***r ***l /person***r ***l /gui***r ***l speech***r ***l dialogue person='Ashley '***r ***l text***r ***l p***r I really enjoy the convenience of online banking, it's changed how I do business. A few years ago no one I knew managed their account online and now it's the preferred way to bank. ***l /p***r ***l br/***r ***l /text***r ***l feedback***r ***l /feedback***r ***l audio***r ***l /audio***r ***l /dialogue***r ***l dialogue person='Chris '***r ***l text***r ***l p***r That's true. Access to the Internet and other technology has increased. As a result, more and more people are doing all kinds of business and networking online. ***l /p***r ***l br/***r ***l /text***r ***l feedback***r ***l /feedback***r ***l audio***r ***l /audio***r ***l /dialogue***r ***l dialogue person='Ashley '***r ***l text***r ***l p***r I have to admit, even though so many people access private accounts over the Internet every day, I still worry about online security. Is it really safe to do my banking online?***l /p***r ***l br/***r ***l /text***r ***l feedback***r ***l /feedback***r ***l audio***r ***l /audio***r ***l /dialogue***r ***l dialogue person='Chris '***r ***l text***r ***l p***r Security and safety measures for accessing and sharing information over the Internet have improved greatly over the years. The banking industry in particular has been very active in implementing safeguards to protect customer account information.***l /p***r ***l br/***r ***l /text***r ***l feedback***r ***l /feedback***r ***l audio***r ***l /audio***r ***l /dialogue***r ***l dialogue person='Ashley '***r ***l text***r ***l p***r How do I know what my bank is doing to protect me?***l /p***r ***l br/***r ***l /text***r ***l feedback***r ***l /feedback***r ***l audio***r ***l /audio***r ***l /dialogue***r ***l dialogue person='Chris '***r ***l text***r ***l p***r Law makers and the banks have developed standards for safeguarding customer information. Regulation E establishes the rights and liabilities of the people and entities that participate in electronic funds transfer activities.***l /p***r ***l br/***r ***l /text***r ***l feedback***r ***l /feedback***r ***l audio***r ***l /audio***r ***l /dialogue***r ***l dialogue person='Chris '***r ***l text***r ***l p***r Commercial and consumer accounts have different levels of protection under Regulation E. You should refer to your Regulation E agreement from your bank or talk to your banker for an explanation of the protections provided to your account.***l /p***r ***l br/***r ***l /text***r ***l feedback***r ***l /feedback***r ***l audio***r ***l /audio***r ***l /dialogue***r ***l dialogue person='Ashley '***r ***l text***r ***l p***r I will definitely do that. I want to make sure my account is secure as possible. ***l /p***r ***l br/***r ***l /text***r ***l feedback***r ***l /feedback***r ***l audio***r ***l /audio***r ***l /dialogue***r ***l dialogue person='Chris '***r ***l text***r ***l p***r Well keep in mind, criminals are always looking for new ways to electronically break into banks and steal your money. Online account security has to be a partnership between you and your bank. ***l /p***r ***l br/***r ***l /text***r ***l feedback***r ***l /feedback***r ***l audio***r ***l /audio***r ***l /dialogue***r ***l dialogue person='Chris '***r ***l text***r ***l p***r Even though banks have implemented layers of security measures, they need your help to make them effective. ***l /p***r ***l br/***r ***l /text***r ***l feedback***r ***l /feedback***r ***l audio***r ***l /audio***r ***l /dialogue***r ***l dialogue person='Ashley '***r ***l text***r ***l p***r What should I be doing to help my bank keep my account secure?***l /p***r ***l br/***r ***l /text***r ***l feedback***r ***l /feedback***r ***l audio***r ***l /audio***r ***l /dialogue***r ***l dialogue person='Chris '***r ***l text***r ***l p***r Account owners should be well informed about online security threats and use best practices, such as strong passwords, to help keep their information secure. ***l /p***r ***l br/***r ***l /text***r ***l feedback***r ***l /feedback***r ***l audio***r ***l /audio***r ***l /dialogue***r ***l /speech***r ***l titleBox***r ***l instrTitle***r Conversation: Online Banking Security ***l /instrTitle***r ***l feedTitle***r Points to Remember***l /feedTitle***r ***l /titleBox***r ***l /root***r ***l activityAudio***r ***l instructionAudio***r ***l /instructionAudio***r ***l feedbackAudio***r ***l /feedbackAudio***r ***l /activityAudio***r ***l altTags***r ***l closeAlt***r ***l /closeAlt***r ***l instructAlt***r ***l /instructAlt***r ***l submitAlt***r ***l /submitAlt***r ***l playPauseAlt***r ***l /playPauseAlt***r ***l muteUnmuteAlt***r ***l /muteUnmuteAlt***r ***l replayAlt***r ***l /replayAlt***r ***l stepPrevAlt***r ***l /stepPrevAlt***r ***l stepNextAlt***r ***l /stepNextAlt***r ***l restartAlt***r ***l /restartAlt***r ***l feedbackCloseBtnAlt***r ***l /feedbackCloseBtnAlt***r ***l /altTags***r ***l instructionBtnText***r Instructions***l /instructionBtnText***r ***l beginBtnText***r Begin***l /beginBtnText***r ***l feedbackCloseBtnText***r Replay***l /feedbackCloseBtnText***r 
15 / 30

Your bank is dedicated to protecting the security of your personal information. In fact, lawmakers and bank regulators have developed standards for safeguarding bank customers' nonpublic personal information or "NPI". Security programs developed from these standards are designed to:

  • Ensure the security and confidentiality of customer information.
  • Protect against any anticipated threats to the security of customer information.
  • Protect against unauthorized access that would result in substantial harm or inconvenience to any customer.

Uniform examination procedures are in place to monitor and enforce these standards, and bank examiners regularly go on-site to assess how bank security measures are being implemented, understanding that each bank has a different menu of products and services, and therefore differing security requirements.

16 / 30

Your bank has security measures to protect your account information, but they can't be effective without your help and cooperation. It is important for you to understand your role in keeping your online bank account secure.

Instructions

Roll over each item to learn more.

***l optionWidget***r ***l options***r ***l option***r ***l optionTitle***r Businesses***l /optionTitle***r ***l content***r ***l p***r Businesses should take a layered approach to security, using secure processes and technology to protect their valuable information. Anyone who may have access to business computer systems or accounts should be educated on security best practices. Increased security procedures may help reduce the incidence of, and mitigate the financial losses, business risks, and reputational damage that can result from online attacks.***l /p***r ***l br/***r ***l /content***r ***l audio***r ***l /audio***r ***l /option***r ***l option***r ***l optionTitle***r Individuals***l /optionTitle***r ***l content***r ***l p***r Anyone who uses the Internet should educate themselves on security best practices and online risks. Actions you take each day can have a direct impact on the security of your information. Even simple actions that may seem harmless can expose your computer to a variety of security threats. Following security best practices can greatly reduce threats and help keep your online banking information secure.***l /p***r ***l br/***r ***l /content***r ***l audio***r ***l /audio***r ***l /option***r ***l /options***r ***l /optionWidget***r ***l altTags***r ***l closeAlt***r ***l /closeAlt***r ***l instructAlt***r ***l /instructAlt***r ***l submitAlt***r ***l /submitAlt***r ***l playPauseAlt***r ***l /playPauseAlt***r ***l muteUnmuteAlt***r ***l /muteUnmuteAlt***r ***l replayAlt***r ***l /replayAlt***r ***l stepPrevAlt***r ***l /stepPrevAlt***r ***l stepNextAlt***r ***l /stepNextAlt***r ***l restartAlt***r ***l /restartAlt***r ***l /altTags***r 
17 / 30

In the first three sections of this course, you learned about online security threats, as well as the most common attack targets, attack methods, and malware types used by fraudsters. You were also introduced to technology and security best practices to help protect you against attacks. When accessing your online account, keep these key points in mind:

  • Even though online security is better than ever, criminals are always looking for news ways to electronically break into banks and steal your money.
  • Fraudsters will use a variety of techniques to steal your account information. Security awareness is one of your best defenses.
  • Businesses and individuals play an important role in keeping their online account information secure.

Click Next to move on to the next section, Protecting Online Accounts for Businesses.

18 / 30
Section Objective

You play an important role in the safety of your online bank accounts. A layered approach to security is critical to protecting yourself against ever-growing online security threats. Although there is no absolute assurance of security, using technology and secure processes can greatly reduce your risk of becoming a victim.

By the end of this section, you will recognize security best practices to help protect your information and accounts.

19 / 30
***l root***r ***l gui***r ***l interface***r ***l stage/***r ***l top src='' border=''/***r ***l left src='' border=''/***r ***l right src='' border=''/***r ***l bubble path='../images/swf'/***r ***l /interface***r ***l context***r ***l text***r ***l p***r Technology alone is not enough to keep your information secure. Even though your bank has implemented a variety of measures to keep your online account secure, they need your help. Review the following conversation between a business owner and online security expert to learn more.***l /p***r ***l br/***r ***l p***r ***l b***r Instructions***l /b***r ***l /p***r ***l br/***r ***l p***r ***l i***r Click Begin to view a conversation about your role in online banking security. The forward arrow allows you to move through the dialogue.***l /i***r ***l /p***r ***l br/***r ***l /text***r ***l font face='arial' size='11' color='0x000000' bold='false' underline='false' italic='false' bgcolor='0xffffff'/***r ***l /context***r ***l instructions***r ***l text***r ***l /text***r ***l font face='arial' size='11' color='0x000000' bold='false' underline='false' italic='false' bgcolor='0xffffff'/***r ***l /instructions***r ***l feedback***r ***l text***r ***l p***r ***l li***r Banks have implemented a variety of security measures to help protect your account information, but they can't do it alone.***l /li***r ***l li***r Businesses play an important role in the security of their online bank accounts.***l /li***r ***l li***r On the following pages you will learn security best practices that will help keep your valuable accounts secure.***l /li***r ***l li***r Click Next to learn about how to set up user accounts according to security best practices.***l /li***r ***l /p***r ***l br/***r ***l /text***r ***l font face='arial' size='11' color='0x000000' bold='false' underline='false' italic='false' bgcolor='0xffffff'/***r ***l /feedback***r ***l person name='Ashley' img='../assets/ashley_customer.png'***r ***l font face='arial' size='11' color='0x000000' bold='false' underline='false' italic='false' bgcolor='0xffffff'/***r ***l /person***r ***l person name='Jim' img='../assets/avatardon.png'***r ***l font face='arial' size='11' color='0x000000' bold='false' underline='false' italic='false' bgcolor='0xffffff'/***r ***l /person***r ***l /gui***r ***l speech***r ***l dialogue person='Ashley'***r ***l text***r ***l p***r I have a small business and I know that online banking is a popular target for fraudsters. What is my bank doing to protect me?***l /p***r ***l br/***r ***l /text***r ***l feedback***r ***l /feedback***r ***l audio***r ***l /audio***r ***l /dialogue***r ***l dialogue person='Jim'***r ***l text***r ***l p***r Your bank has a number of security measures to protect your account information, but they can't be effective without your help and cooperation.***l /p***r ***l br/***r ***l /text***r ***l feedback***r ***l /feedback***r ***l audio***r ***l /audio***r ***l /dialogue***r ***l dialogue person='Ashley'***r ***l text***r ***l p***r What do you mean?***l /p***r ***l br/***r ***l /text***r ***l feedback***r ***l /feedback***r ***l audio***r ***l /audio***r ***l /dialogue***r ***l dialogue person='Jim'***r ***l text***r ***l p***r Many bank account hijacking attempts are a result of hackers compromising security on devices outside the bank's control. ***l /p***r ***l br/***r ***l /text***r ***l feedback***r ***l /feedback***r ***l audio***r ***l /audio***r ***l /dialogue***r ***l dialogue person='Jim'***r ***l text***r ***l p***r If the bank's customers aren't using security practices, such as a strong password, firewalls, anti-virus and up-to-date software, even the most advanced security measures on your bank's part won't protect your account.***l /p***r ***l br/***r ***l /text***r ***l feedback***r ***l /feedback***r ***l audio***r ***l /audio***r ***l /dialogue***r ***l dialogue person='Jim'***r ***l text***r ***l p***r It is the customer's responsibility to provide sufficient security for their networks and devices that have access to Internet banking services.***l /p***r ***l br/***r ***l /text***r ***l feedback***r ***l /feedback***r ***l audio***r ***l /audio***r ***l /dialogue***r ***l dialogue person='Ashley'***r ***l text***r ***l p***r I guess I hadn't thought about my role in online security. So what kind of measures should I be using on a daily basis?***l /p***r ***l br/***r ***l /text***r ***l feedback***r ***l /feedback***r ***l audio***r ***l /audio***r ***l /dialogue***r ***l dialogue person='Jim'***r ***l text***r ***l p***r Some common sense and easily implemented precautions can help you safeguard your personal information from identify theft and account fraud.***l /p***r ***l br/***r ***l /text***r ***l feedback***r ***l /feedback***r ***l audio***r ***l /audio***r ***l /dialogue***r ***l /speech***r ***l titleBox***r ***l instrTitle***r Conversation: Your Role in Online Account Security***l /instrTitle***r ***l feedTitle***r Points to Remember***l /feedTitle***r ***l /titleBox***r ***l /root***r ***l activityAudio***r ***l instructionAudio***r ***l /instructionAudio***r ***l feedbackAudio***r ***l /feedbackAudio***r ***l /activityAudio***r ***l altTags***r ***l closeAlt***r ***l /closeAlt***r ***l instructAlt***r ***l /instructAlt***r ***l submitAlt***r ***l /submitAlt***r ***l playPauseAlt***r ***l /playPauseAlt***r ***l muteUnmuteAlt***r ***l /muteUnmuteAlt***r ***l replayAlt***r ***l /replayAlt***r ***l stepPrevAlt***r ***l /stepPrevAlt***r ***l stepNextAlt***r ***l /stepNextAlt***r ***l restartAlt***r ***l /restartAlt***r ***l feedbackCloseBtnAlt***r ***l /feedbackCloseBtnAlt***r ***l /altTags***r ***l instructionBtnText***r Instructions***l /instructionBtnText***r ***l beginBtnText***r Begin***l /beginBtnText***r ***l feedbackCloseBtnText***r Replay***l /feedbackCloseBtnText***r 
20 / 30

A user account, which requires a username and password, defines the actions a user can perform on a system. Here are some simple tips on how to set up user accounts according to security best practices.

Instructions

Roll over each item to learn more about setting up user accounts according to security best practices.

***l optionWidget***r ***l options***r ***l option***r ***l optionTitle***r Unique User Accounts for All Employees***l /optionTitle***r ***l content***r ***l p***r It is recommended every user on a computer or network have established user accounts. Employees should only be provided the amount of privileges necessary to do their job.***l /p***r ***l br/***r ***l /content***r ***l audio***r ***l /audio***r ***l /option***r ***l option***r ***l optionTitle***r Limit Administrator Accounts***l /optionTitle***r ***l content***r ***l p***r Many small and mid-sized businesses allow all employees to be the administrator on their computer. This allows them to download and install software---but they may unknowingly download malicious software (or malware) that would compromise your security. As a security best practice, you should limit administrator accounts to only the employees that require administrator access to do their job.***l /p***r ***l br/***r ***l /content***r ***l audio***r ***l /audio***r ***l /option***r ***l option***r ***l optionTitle***r Deactivate Accounts***l /optionTitle***r ***l content***r ***l p***r Promptly deactivate or remove access rights from employees that no longer require access (e.g. inactive, transferred or terminated employees).***l /p***r ***l br/***r ***l /content***r ***l audio***r ***l /audio***r ***l /option***r ***l option***r ***l optionTitle***r Protect User Names and Passwords***l /optionTitle***r ***l content***r ***l p***r User names and passwords should be kept private and should never be shared. ***l /p***r ***l br/***r ***l /content***r ***l audio***r ***l /audio***r ***l /option***r ***l option***r ***l optionTitle***r Educate Users***l /optionTitle***r ***l content***r ***l p***r All employees should be educated on security best practices to protect themselves and your company's information. The human factor - what employees do or don't do - has the largest impact on the security of your accounts and systems.***l /p***r ***l br/***r ***l /content***r ***l audio***r ***l /audio***r ***l /option***r ***l /options***r ***l /optionWidget***r ***l altTags***r ***l closeAlt***r ***l /closeAlt***r ***l instructAlt***r ***l /instructAlt***r ***l submitAlt***r ***l /submitAlt***r ***l playPauseAlt***r ***l /playPauseAlt***r ***l muteUnmuteAlt***r ***l /muteUnmuteAlt***r ***l replayAlt***r ***l /replayAlt***r ***l stepPrevAlt***r ***l /stepPrevAlt***r ***l stepNextAlt***r ***l /stepNextAlt***r ***l restartAlt***r ***l /restartAlt***r ***l /altTags***r 
21 / 30
***l p***r There are four basic security measures you can take to help protect your business computer and the information on it. ***l /p***r ***l br/***r ***l p***r ***l b***r Instructions***l /b***r ***l /p***r ***l br/***r ***l p***r ***l i***r Click the forward arrow to step through computer security measures.***l /i***r ***l /p***r ***l br/***r ***l p***r ***l b***r Install a Firewall***l /b***r ***l /p***r ***l br/***r ***l p***r A firewall manages what traffic is allowed to enter and exit your computer. It is also used to block your system details from a hacker's view.***l /p***r ***l br/***r ../assets/brickwall.png***l p***r ***l b***r Install Anti-Virus Software***l /b***r ***l /p***r ***l br/***r ***l p***r Anti-virus software helps prevent malware and viruses from installing on your computer. After installing anti-virus software, be sure to keep it up to date.***l /p***r ***l br/***r ../assets/shield_green.png***l p***r ***l b***r Run Security Patches and Updates***l /b***r ***l /p***r ***l br/***r ***l p***r Security patches are fixes published by software developers to help protect against vulnerabilities. Security holes can lead hackers to your computer where they can install malware and steal sensitive information. Anytime a new patch or update is available you should install it right away.***l /p***r ***l br/***r ../assets/portablecomputer.png***l p***r ***l b***r Use Encryption ***l /b***r ***l /p***r ***l br/***r ***l p***r Encryption encodes information making it unreadable to anyone except the person or persons with the key to decrypt it. Encrypt any confidential information stored on laptops, hard drives, USB thumb drives, information traveling over VPN or email communication.***l /p***r ***l br/***r ../assets/encryption.pngIntroduction  InstructionsFeedbackReturn to Step
22 / 30
***l imageTermWidget***r ***l widgetTitle***r ***l /widgetTitle***r ***l activityInstructions***r ***l p***r ***l b***r Instructions***l /b***r ***l /p***r ***l br/***r ***l p***r ***l i***r Click each image to learn how to tell whether a website is trustworthy.***l /i***r ***l /p***r ***l br/***r ***l /activityInstructions***r ***l pageContent***r ***l p***r Learning about a website and the company behind it before purchasing goods, downloading programs or providing sensitive information is a best practice that will help to keep your sensitive information safe. ***l /p***r ***l br/***r ***l /pageContent***r ***l imageItem***r ***l itemImage***r ../assets/globe_term.png***l /itemImage***r ***l itemText***r ***l /itemText***r ***l contentArea***r ***l text***r ***l p***r Sensitive information should only be shared with websites that have a secure connection. A secure connection is encrypted so that it is unreadable to Web users who do not have the decryption key. One way to tell if a site is encrypted is to look at the address bar at the top of your browser, which begins with ***l i***r http://***l /i***r . If there is an ***l i***r s***l /i***r  after the ***l i***r http***l /i***r  (i.e. ***l b***r ***l i***r ***l e***r https://***l /e***r ***l /i***r ***l /b***r ), then you are on a secure connection. Websites will often change from an ***l i***r http://***l /i***r  to an ***l i***r https://***l /i***r  after you enter your user name and password.***l /p***r ***l br/***r ***l p***r ***l i***r Verify use of secure session (***l b***r ***l i***r ***l e***r https***l /e***r ***l /i***r ***l /b***r ) in the browser for all online banking.***l /i***r ***l /p***r ***l br/***r ***l /text***r ***l image***r ***l /image***r ***l audio***r ***l /audio***r ***l /contentArea***r ***l /imageItem***r ***l imageItem***r ***l itemImage***r ../assets/lockgrey_term.png***l /itemImage***r ***l itemText***r ***l /itemText***r ***l contentArea***r ***l text***r ***l p***r Another way to tell whether a website is secure is to look for a lock icon displayed in the window of the browser.  The lock must be displayed in the browser and ***l b***r not***l /b***r  on the webpage display area. Often, the lock will appear in the browser address bar.***l /p***r ***l br/***r ***l p***r ***l i***r You can click or double click a website's lock icon to view its security details.***l /i***r ***l /p***r ***l br/***r ***l /text***r ***l image***r ***l /image***r ***l audio***r ***l /audio***r ***l /contentArea***r ***l /imageItem***r ***l imageItem***r ***l itemImage***r ../assets/seal_png.png***l /itemImage***r ***l itemText***r ***l /itemText***r ***l contentArea***r ***l text***r ***l p***r Many websites will display a site seal issued by their security vendor(s).  The seal provides visitors to the site additional assurance that the website is secure.  Most seals allow visitors to click the seal to display additional information on the website's security.***l /p***r ***l br/***r ***l p***r ***l i***r Site seals should not be trusted to confirm security on their own.  Always check for ***l i***r https://***l /i***r  and the lock icon.***l /i***r ***l /p***r ***l br/***r ***l /text***r ***l image***r ***l /image***r ***l audio***r ***l /audio***r ***l /contentArea***r ***l /imageItem***r ***l imageItem***r ***l itemImage***r ../assets/checked_shield_green_term.png***l /itemImage***r ***l itemText***r ***l /itemText***r ***l contentArea***r ***l text***r ***l p***r Some websites have taken extra steps to validate their security and assure their visitors that their website is trustworthy.  Extended Validation (EV) Certificates enable secure connections, establish business identities and assist in preventing fraud through a rigorous set of checks and validations.***l /p***r ***l br/***r ***l p***r ***l i***r Sites with EV Certificates will shade the Internet address bar green to let visitors know the website has been validated.***l /i***r ***l /p***r ***l br/***r ***l /text***r ***l image***r ***l /image***r ***l audio***r ***l /audio***r ***l /contentArea***r ***l /imageItem***r ***l instructionsBoxTitle***r Introduction***l /instructionsBoxTitle***r ***l briefInstructions***r ***l /briefInstructions***r ***l instructionsBtnText***r Instructions***l /instructionsBtnText***r ***l /imageTermWidget***r ***l activityAudio***r ***l instructionAudio***r ***l /instructionAudio***r ***l contentAudio***r ***l /contentAudio***r ***l /activityAudio***r ***l altTags***r ***l closeAlt***r ***l /closeAlt***r ***l instructAlt***r ***l /instructAlt***r ***l submitAlt***r ***l /submitAlt***r ***l playPauseAlt***r ***l /playPauseAlt***r ***l muteUnmuteAlt***r ***l /muteUnmuteAlt***r ***l replayAlt***r ***l /replayAlt***r ***l stepPrevAlt***r ***l /stepPrevAlt***r ***l stepNextAlt***r ***l /stepNextAlt***r ***l restartAlt***r ***l /restartAlt***r ***l /altTags***r 
23 / 30
***l p***r The Internet is an incredibly useful tool for most businesses, but it can also expose your system to a variety of security threats. Let's take a look at a few of the most common mistakes users make when browsing the Internet. Recognizing poor security practices can help prevent you from becoming a victim.***l /p***r ***l br/***r ***l p***r ***l b***r Instructions***l /b***r ***l /p***r ***l br/***r ***l p***r ***l i***r Click the forward arrow to learn about common mistakes users make when browsing the Internet.***l /i***r ***l /p***r ***l br/***r ***l p***r ***l b***r Clicking on links to unfamiliar websites***l /b***r ***l /p***r ***l br/***r ***l p***r These websites could be set up by hackers to install malware on your system or steal sensitive information. ***l /p***r ***l br/***r ../assets/cancle.png***l p***r ***l b***r Sharing sensitive information with unknown or non-secure websites.***l /b***r ***l /p***r ***l br/***r ***l p***r The information you enter on a non-secure form is sent over the Internet in a format that is easily read by other users.***l /p***r ***l br/***r ../assets/creditcard.png***l p***r ***l b***r Downloading software from unknown or untrustworthy sources.***l /b***r ***l /p***r ***l br/***r ***l p***r These files are often infected with viruses, worms, trojans and other harmful software that attackers can use to compromise your computer.***l /p***r ***l br/***r ../assets/computer_map.png***l p***r ***l b***r Sharing too much information on blogs, websites, social networking sites, etc.***l /b***r ***l /p***r ***l br/***r ***l p***r Social engineers can take information learned about you on the Web to begin a ploy to get more information from you, your company and other people you know.***l /p***r ***l br/***r ../assets/quote2.png***l p***r ***l b***r Using weak passwords for online accounts. ***l /b***r ***l /p***r ***l br/***r ***l p***r Weak passwords can be easily cracked by hackers. Additionally, if you use the same password on multiple accounts and one account is cracked, the hacker can then access any other accounts using the same password.***l /p***r ***l br/***r ../assets/lock_open.pngIntroduction Instructions***l p***r Being aware of some of the risks of common online activities and using secure practices while browsing the Web can help to protect your system and information.***l /p***r ***l br/***r Point to RememberResume Activity
24 / 30
***l p***r Check your knowledge on wireless network security. Which of these statements at left are true about wireless network security?***l /p***r ***l br/***r ***l p***r ***l b***r Instructions***l /b***r ***l /p***r ***l br/***r ***l p***r ***l i***r Select all the true statements, then click Submit.***l /i***r ***l /p***r ***l br/***r sample***l p***r Wireless networks can be very insecure.***l /p***r ***l br/***r true***l p***r Wireless networks transmit data in a way that can be easily intercepted and viewed by others.***l /p***r ***l br/***r true***l p***r Wireless networks can be easily used by outsiders, including malicious users, if not set up properly.  ***l /p***r ***l br/***r true***l p***r ***l b***r All the answers are correct!***l /b***r  A, B and C are all security risks created by the use of a wireless network.***l /p***r ***l br/***r ***l p***r ***l i***r Avoid conducting online banking activities from free Wi-Fi hot spots like airports, hotels and Internet cafes. These Wi-Fi networks are insecure and are frequently a target for stealing login credentials.***l /i***r ***l i***r If you use wireless in your company or home, make sure that it is set up securely with proper encryption and passwords***l /i***r .***l /p***r ***l br/***r ***l p***r ***l b***r All the answers are correct.***l /b***r   A, B and C are ***l i***r all***l /i***r  security risks created by the use of a wireless network.***l /p***r ***l br/***r ***l p***r ***l i***r Avoid conducting online banking activities from free Wi-Fi hot spots like airports, hotels and Internet cafes. These Wi-Fi networks are insecure and are frequently a target for stealing login credentials.***l /i***r ***l i***r If you use wireless in your company or home, make sure that it is set up securely with proper encryption and passwords***l /i***r .***l /p***r ***l br/***r Take a GuessView QuestionAnswerSubmitView Answer
25 / 30
***l p***r Passwords play a critical role in securing information. A ***l b***r ***l i***r ***l e***r strong password***l /e***r ***l /i***r ***l /b***r  is a password that will be difficult if not impossible to guess. To ensure passwords are effective, businesses should implement strict policies to enforce strong password creation rules, regularly scheduled password changes and password best practices.***l /p***r ***l br/***r ***l p***r ***l b***r Instructions***l /b***r ***l /p***r ***l br/***r ***l p***r ***l i***r Complete the puzzle by dragging and dropping the pieces to learn best practices for effective passwords.***l /i***r ***l /p***r ***l br/***r ***l p***r Make your password at least nine characters long.***l /p***r ***l br/***r ***l p***r Use at least one alphabetic (letter) and one numeric (number) character. Use at least one (! # $ or ^) special character. Use at least one upper case and one lower case character.***l /p***r ***l br/***r ***l p***r Always change the password provided by a vendor or other system provider.***l /p***r ***l br/***r ***l p***r Do not use a word that is found in the dictionary by itself. Do not use your name or user name in your password.***l /p***r ***l br/***r ***l p***r Do not re-use passwords. ***l /p***r ***l br/***r ***l p***r Keep passwords secret. Never share login IDs or passwords. Never write them down or store them on your computer.***l /p***r ***l br/***r ***l p***r Do not end the password with a set of numbers, such as Smith1234. Numbers should be used randomly throughout.***l /p***r ***l br/***r ***l p***r Change passwords frequently, at least every 3-6 months.***l /p***r ***l br/***r ***l p***r Consider password phrases to make remembering easier for your users.  For example: 'Jack and Jill went up the hill to fetch a pail of water' could be:  J&Jwuth2fapow ***l /p***r ***l br/***r IntroductionPassword TipPassword TipsInstructionsSummary
26 / 30
***l p***r If your password is too simple, hackers can easily crack your password using automated tools that force their way into your system by guessing your password over and over again.***l /p***r ***l br/***r ***l p***r ***l b***r Instructions***l /b***r ***l /p***r ***l br/***r ***l p***r ***l i***r Click to select whether you think the answer is true or false.***l /i***r ***l /p***r ***l br/***r sample***l p***r True***l /p***r ***l br/***r ***l p***r ***l b***r Correct***l /b***r . Hackers have many tools at their disposal to try to guess passwords, including an automated attack, sometimes called a brute force attack.  Brute force attacks use dictionaries and patterns to electronically guess your password.***l /p***r ***l br/***r ***l p***r Always use strong passwords. Even if you have a strong password, it should be changed frequently to protect against brute force attempts to steal it.***l /p***r ***l br/***r true***l p***r False***l /p***r ***l br/***r ***l p***r ***l b***r Incorrect.***l /b***r  Hackers have many tools at their disposal to try to guess passwords, including an automated attack, sometimes called a brute force attack.  Brute force attacks use dictionaries and patterns to electronically guess your password. ***l /p***r ***l br/***r ***l p***r Always use strong passwords. Even if you have a strong password, it should be changed frequently to protect against brute force attempts to steal it.***l /p***r ***l br/***r True or False?View QuestionAnswerView Answer
27 / 30

There are some basic security measures businesses can use to protect their online bank accounts. Following these best practices can reduce your risk of becoming a victim.

Instructions

Roll over each topic to learn more

***l optionWidget***r ***l options***r ***l option***r ***l optionTitle***r Avoid Social Engineering Ploys***l /optionTitle***r ***l content***r ***l p***r Don't get phished or vished. Remember, your bank will never email or call you asking for personal account information.***l /p***r ***l br/***r ***l p***r If you receive an email or even a telephone call from your bank asking for personal information, contact your bank to make sure the email or call was legitimate before giving out your information.***l /p***r ***l br/***r ***l /content***r ***l audio***r ***l /audio***r ***l /option***r ***l option***r ***l optionTitle***r Report Suspicious Activity***l /optionTitle***r ***l content***r ***l p***r Monitoring and timely reporting of suspicious activity are crucial to deterring or recovering from fraud.  A business should report anything unusual to their bank, such as logins at strange times of day, new user accounts or unauthorized transfers.***l /p***r ***l br/***r ***l p***r If your online banking application looks different than normal, cease all activity and contact your bank immediately.***l /p***r ***l br/***r ***l /content***r ***l audio***r ***l /audio***r ***l /option***r ***l option***r ***l optionTitle***r Account Log Out***l /optionTitle***r ***l content***r ***l p***r Always be sure to log off of your online bank account or application when you are finished.***l /p***r ***l br/***r ***l /content***r ***l audio***r ***l /audio***r ***l /option***r ***l option***r ***l optionTitle***r Create a Secure Financial Environment***l /optionTitle***r ***l content***r ***l p***r If it is possible, consider creating a secure financial environment by dedicating one computer exclusively for online banking and cash management activity. This computer should not be connected to the business network, have email capability or connect to the Internet for any purpose other than online banking.***l /p***r ***l br/***r ***l /content***r ***l audio***r ***l /audio***r ***l /option***r ***l /options***r ***l /optionWidget***r ***l altTags***r ***l closeAlt***r ***l /closeAlt***r ***l instructAlt***r ***l /instructAlt***r ***l submitAlt***r ***l /submitAlt***r ***l playPauseAlt***r ***l /playPauseAlt***r ***l muteUnmuteAlt***r ***l /muteUnmuteAlt***r ***l replayAlt***r ***l /replayAlt***r ***l stepPrevAlt***r ***l /stepPrevAlt***r ***l stepNextAlt***r ***l /stepNextAlt***r ***l restartAlt***r ***l /restartAlt***r ***l /altTags***r 
28 / 30
***l root***r ***l gui***r ***l interface***r ***l stage/***r ***l top src='' border=''/***r ***l left src='' border=''/***r ***l right src='' border=''/***r ***l bubble path='../images/swf'/***r ***l /interface***r ***l context***r ***l text***r ***l p***r A security assessment conducted by a qualified security expert can provide an additional layer of protection for your business. Security assessors can help identify vulnerabilities in your system and recommend technology and best practices to safeguard your information. Review the following conversation between a security expert and a small business owner discussing the benefits of conducting periodic security assessments.***l /p***r ***l br/***r ***l p***r ***l b***r Instructions***l /b***r ***l /p***r ***l br/***r ***l p***r ***l i***r Click Begin to view a conversation about security assessments. The forward arrow allows you to move through the dialogue.***l /i***r ***l /p***r ***l br/***r ***l /text***r ***l font face='arial' size='11' color='0x000000' bold='false' underline='false' italic='false' bgcolor='0xffffff'/***r ***l /context***r ***l instructions***r ***l text***r ***l /text***r ***l font face='arial' size='11' color='0x000000' bold='false' underline='false' italic='false' bgcolor='0xffffff'/***r ***l /instructions***r ***l feedback***r ***l text***r ***l p***r ***l li***r Conducting periodic security assessments will augment the protection you gain by employing security best practices and security technology. ***l /li***r ***l li***r Make sure the firm conducting your security assessment is a qualified security expert with credentials such as a CISSP, CISA, CISM, etc. ***l /li***r ***l li***r Ask your banker if they can can refer you to information security firms that are members of the banker's association that specialize in this area.***l /li***r ***l /p***r ***l br/***r ***l /text***r ***l font face='arial' size='11' color='0x000000' bold='false' underline='false' italic='false' bgcolor='0xffffff'/***r ***l /feedback***r ***l person name='Ashley' img='../assets/ashley_customer.png'***r ***l font face='arial' size='11' color='0x000000' bold='false' underline='false' italic='false' bgcolor='0xffffff'/***r ***l /person***r ***l person name='Jim' img='../assets/avatardon.png'***r ***l font face='arial' size='11' color='0x000000' bold='false' underline='false' italic='false' bgcolor='0xffffff'/***r ***l /person***r ***l /gui***r ***l speech***r ***l dialogue person='Ashley'***r ***l text***r ***l p***r These tips have been very helpful. Besides using best practices and implementing basic security technology, is there anything else I can do to protect my business?***l /p***r ***l br/***r ***l /text***r ***l feedback***r ***l /feedback***r ***l audio***r ***l /audio***r ***l /dialogue***r ***l dialogue person='Jim'***r ***l text***r ***l p***r Absolutely! It is highly recommended that businesses conduct security assessments periodically. There are a number of firms that specialize in evaluating information security controls. Businesses should use a qualified security expert with credentials such as a CISSP, CISA, CISM or the equivalent.***l /p***r ***l br/***r ***l /text***r ***l feedback***r ***l /feedback***r ***l audio***r ***l /audio***r ***l /dialogue***r ***l dialogue person='Ashley'***r ***l text***r ***l p***r That's a good idea and worthwhile investment in the security of my business. I just need to find the right firm to help me.***l /p***r ***l br/***r ***l /text***r ***l feedback***r ***l /feedback***r ***l audio***r ***l /audio***r ***l /dialogue***r ***l dialogue person='Jim'***r ***l text***r ***l p***r For a security firm recommendation, be sure to contact your banker.***l /p***r ***l br/***r ***l /text***r ***l feedback***r ***l /feedback***r ***l audio***r ***l /audio***r ***l /dialogue***r ***l /speech***r ***l titleBox***r ***l instrTitle***r Conversation: Security Assessments ***l /instrTitle***r ***l feedTitle***r Points to Remember***l /feedTitle***r ***l /titleBox***r ***l /root***r ***l activityAudio***r ***l instructionAudio***r ***l /instructionAudio***r ***l feedbackAudio***r ***l /feedbackAudio***r ***l /activityAudio***r ***l altTags***r ***l closeAlt***r ***l /closeAlt***r ***l instructAlt***r ***l /instructAlt***r ***l submitAlt***r ***l /submitAlt***r ***l playPauseAlt***r ***l /playPauseAlt***r ***l muteUnmuteAlt***r ***l /muteUnmuteAlt***r ***l replayAlt***r ***l /replayAlt***r ***l stepPrevAlt***r ***l /stepPrevAlt***r ***l stepNextAlt***r ***l /stepNextAlt***r ***l restartAlt***r ***l /restartAlt***r ***l feedbackCloseBtnAlt***r ***l /feedbackCloseBtnAlt***r ***l /altTags***r ***l instructionBtnText***r Instructions***l /instructionBtnText***r ***l beginBtnText***r Begin***l /beginBtnText***r ***l feedbackCloseBtnText***r Replay***l /feedbackCloseBtnText***r 
29 / 30

In this section, you learned about the important role businesses play in the safety of their online bank accounts, as well as the security best practices that should be implemented to help keep systems and accounts safe. Remember these key points about your role in secure online banking:

  • The bank has a number of security measures in place to help protect account information from fraudsters, but these measures can only be effective with your help and cooperation. Using secure practices will help ensure that your information stays safe.
  • Secure practices include having a strong password, implementing strong computer security measures, setting up user accounts with clear parameters for different types of users, and being informed about the websites you download or buy from.
  • Conducting periodic security assessments will add an extra layer of protection to your business. Make sure that your security assessments are done by a firm with a qualified security expert.
  • Avoid conducting online banking activities from free Wi-Fi hot spots like airports, hotels and Internet cafes. These Wi-Fi networks are insecure and are frequently a target for stealing login credentials. If you use wireless in your company or home, make sure that it is set up securely with proper encryption and passwords.

30 / 30

Congratulations! You have completed the Secure Banking Practices for Businesses course. Now you have the knowledge to protect your information and your assets when you bank online.

You may now exit this browser window or tab to return to your bank's website.