Protecting Your Business

If you're in business, you have a new set of responsibilities. Your top priority should be to protect you and your company from business identity theft. (Yes, your business has an identity and it needs to be protected, just as an individual must protect his or her identity.) Fortunately, a few simple steps can dramatically reduce the odds that your business will be victimized.

Understand Your Risk | Safeguard Your Information | Nine Points of Protection | About E-mail and Online Banking
What To Do If You're a Victim

Understand Your Risk
How do you know if you're at risk? If you answer yes to one or more of the questions below, you need to take steps to review the security of your computers and networks.
  • Is any of your important company or personal information stored on a computer? (That information could relate to you or your employees, customers, contractors or partners.)
  • Do you or your employees access any important information through an internal computer network (including banking, credit card, supplier or delivery information)?
  • Do you have a company website?
  • Do you or your employees use the Internet at work?
  • Do you or your employees use e-mail at work?
  • Could your company survive if it lost the use of its computers for several days or longer?
Becoming a victim of cybercrime is not a question of the size of your business. Most companies use similar tools for their information technology infrastructure—such as desktop computers, operating systems, networks, storage devices, web browsers, laptop computers and mobile computing devices. All of these are equal targets for cybercriminals.

Safeguard Your Information
One of the most important things you can do is safeguard your sensitive business and financial data. Here are some simple steps that will help get you started in protecting your most valuable information:
  • Install commercial antivirus software on all computer systems
  • Ensure virus protection and security software are updated regularly
  • Consider installing spyware detection programs
  • Be suspicious of e-mails pretending to be from financial institutions, government agencies or other organizations requesting account information, account verification or banking-access credentials
  • Never share usernames or passwords with third-party vendors
  • Limit administrative rights on users' workstations
  • Perform all online banking activities from a stand-alonecomputer system from which e-mail and web browsing are not possible
  • When conducting online banking, make sure your browser is operating in a secure session (indicated in the web address bar by "https")
  • Avoid using automatic login features that save usernames and passwords for online banking
  • Never leave a computer unattended while using any online banking or brokerage service
  • Never access bank, brokerage or other financial services information at Internet cafés, public libraries, etc. Unauthorized software may have been installed to trap account login information, leaving you open to potential fraud
  • Regularly clear your web browser's "history" in order to eliminate copies of web pages that have been stored on your hard drive
Nine Points of Protection
  1. Banking PC: Conduct all business banking activities from a standalone computer that does not have access to e-mail or the Internet.
  2. Dual Control: Initiate electronic transactions (such as payroll and wire transfers) under dual control, with a transaction originator and a separate transaction authorizer.
  3. Daily Review: Reconcile all banking transactions on a daily basis, and look for any unusual activity.
  4. "kNOw" Phishing: Don't access websites from links in e-mails. Beware of e-mails offering a prize or discount and then ask you to enter a user ID and password. Many of these spoof e-mails are characterized by poor spelling and grammar.
  5. Fresh Passwords: Change your passwords every 45 to 60 days.
  6. Online Security: Frequently update antivirus and antispyware software.
  7. E-mail Safely: Never include personal or sensitive data in response to an e-mail.
  8. Trust But Verify: Be suspicious of e-mails pretending to be from a legitimate institution and requesting your access credentials (such as usernames, passwords, PINs, etc.).
  9. When in doubt, call NBT Bank.
About E-mail and Online Banking
Fraudulent e-mail is an easy entry point for cybercriminals. It is also a common approach used to get you to volunteer your most sensitive financial data. Fraudulent (or "spoof") e-mail often pretends to be from legitimate financial institutions or government agencies in order to get you to reveal sensitive business and personal information. Here are some tips that may help you determine if an e-mail (or website) you're viewing is real or fraudulent:
  • NBT Bank will never send you an e-mail asking you for personal or financial information
  • NBT Bank will not send you a time-sensitive e-mail asking you to confirm or update sensitive information
  • NBT Bank will never require you to provide ATM/debit card numbers or PINs
What To Do If You're a Victim
If you suspect that your business information or computer has been compromised, take action immediately to try to minimize the extent of any damage or loss. Take these actions accordingly:
  • Immediately cease all activity from computer systems that may be compromised.
  • Immediately contact NBT Bank's Call Center and your NBT Banker so that your online access can be disabled. When speaking with NBT Bank, you should also change your online banking passwords, open new accounts (if needed), request that the bank review all financial transactions and electronic authorizations on your account and ensure that no unauthorized requests have been made regarding your account (such as an address change).
  • Maintain a written record of events: what happened, what was lost and what steps you took to report the incident to banks, authorities and others (such as affected customers). Be sure to record the date, time, telephone number, person spoken with, details discussed and any applicable reference numbers (such as report or case numbers).
  • File a police report and provide the facts and circumstances surrounding the loss. Obtain a police report with the date, time, department, location and name of the officer filing the report. Having a police report will often facilitate dealing with insurance companies, banks and other organizations that may be affected by the fraudulent activity against you.
Member FDIC | Equal Housing Lender Equal Housing Lender | Copyright 2008 © NBT Bancorp All Rights Reserved