Skip Navigation

Documents in Portable Document Format (PDF) require Adobe Acrobat Reader 5.0 or higher to view. Download Adobe© Acrobat Reader.

Business Security

Corporate Account Takeover (CATO)

Corporate Account Takeover is a type of business identity theft where cyber thieves take control of a business’ bank account. The cyber thieves defraud the business by stealing employee usernames, passwords and other valid credentials to gain access to business through the businesses many software systems. Cyber thieves then can initiate fraudulent wire and ACH transactions to accounts controlled by the thieves. Thieves then perform fraudulent transfer transactions by creating and adding fake employee names to transfer payroll or fake business names to create wire transfers. They also gain access to systems to steal sensitive information.

The best way to protect against CATO is a strong partner with your bank. Having a good understanding of the security set in place within your own business and the measures the bank has set in place through the systems a business utilizes. These established safeguards on accounts can help the bank identify and prevent unauthorized access to business funds. Each cyber crime is unique, so losses may not be covered by the bank’s insurance. 

Consider these tips to ensure your business is well prepared:

  • Develop a security plan. Each business should evaluate its Corporate Account Takeover risk profile and develop a security plan that includes sound business practices.
  • Protect your online environment. Protect your cyber environment just as you would your cash. Use appropriate tools to prevent and deter unauthorized access to your network and make sure you keep them up to date. Use token technology that creates unique one-time passcodes in combination with a username and password. Encrypt sensitive data and use complex passwords and change passwords regularly. 
  • Create a secure financial environment. Dedicate one computer exclusively for online banking. This computer should not be connected to the business network, have email capability, or connect to the Internet for any purpose other than online banking.
  • Partner with the bank to prevent unauthorized transactions. Several processes can protect you from cyber thieves obtaining sensitive information and unauthorized transactions. Our services offer call backs to businesses, out of wallet security passwords and questions, reduced limits on debit and credit card transactions, token devices for online authentication, multi-person approval processes, token authentication of ACH batch and wire creation and alterations and ACH batch limits to help protect you from fraud.
  • Pay attention to suspicious activity and react quickly. Watch for unexplained account or network activity, pop ups, and suspicious emails. If detected, immediately contact your financial institution, stop all online activity and remove any systems that may have been compromised. Keep records of what happened. Contact key employees within your business, even after hours, by having up to date phone contact information. 
  • Understand your responsibilities and liabilities. The account agreement with your bank will detail what commercially reasonable security measures are required in your business. You need to understand and implement the security safeguards in the agreement. Keep browser and system updates current. If you don't, you could be liable for losses resulting from a takeover. 
  • Educate all employees. Help staff understand theft by cybercrimes so they are aware that even one infected computer can lead to an account takeover. An employee whose computer becomes infected can infect the entire network. For example, if an employee takes a laptop home and accidentally downloads malware, criminals could gain access to the business's entire network when the employee connects again at work. All employees, even those with no financial responsibilities, should be educated about these threats.

Stay informed about defenses to Corporate Account Takeover. Since cyber threats change rapidly, it's imperative that you stay informed about evolving threats and adjust your security measures accordingly. Your business and your employees are the first line of defense against Corporate Account Takeover. Since cyber threats change rapidly, it is important to stay informed about evolving threat and adjust your security measures accordingly. 

Additional information on how to Identify, Protect, Detect, Respond and Recover through the following websites:

https://www.us-cert.gov/ccubedvp/cybersecurity-framework

http://www.nacha.org/c/Corporate_Account_Takeover_Resource_Center.cfm


Proper Security of Your Devices

You probably own an electronic device such as a tablet, smartphone or laptop that you use to conduct various transactions online. While these devices interest hackers and other criminals, you are the biggest threat to it if you have not taken enough measures to make it secure. If this scenario happen, chances are other people will have access to your sensitive information. The best thing you can do to secure your devices is to enable automatic lock screens - so your screen will only be accessible by entering a password after a period of inactivity.

Here are some additional tips to secure your devices:

  • Enable automatic updates for the operating system software. When manufacturers know there is a software vulnerability, they will usually push out a software update to patch where a potential hacker could have exploited the device.
  • Synchronization of your apps is good, but the same information you shared may appear on other devices without your knowledge.

To Dos

  • Avoid downloading apps from untrusted sources.
  • Discard any apps you no longer use on your device.
  • Review and set privacy options for any new app you download.
  • Download apps that you need and not just because everyone has them.


Proper Disposal of Devices

You have acquired the latest mobile device available on the market. You may decide to discard your old device - but what is the safest way to do this?

Mobile devices store plenty of information about you - more than you can probably imagine - and when you just throw it away, you expose your data to hackers.

Before you dispose of it you need to do the following:

  • Back up all the data, you may need it at a later date.
  • Erase all information in it. Erasing the data means it is not recoverable, versus data that is deleted - deleted information can still be recovered using tools available online.
  • The best way to clear everything is to use the factory reset function on your device which leaves it in the same condition as it was when the device was new.


Email Safety

Email communication is commonly used despite its lack of privacy protection. An email message is like a postcard, anyone who gets access to it can read it. The moment you send an email, you can no longer control it. It can be shared on social media or forwarded to others. 

You can improve email security by:

  • Avoid sending personal emails using the computer at work as they can be monitored by the employer.
  • Find out about the policy of your employer on sending personal emails from your work computer.
  • Use the phone or write a letter when you need to communicate private matters.

To Dos

  • Cease from sending sensitive information by email.
  • Keep your email passwords secret - your email is private and no one else should have access to it.
  • Limit access of your work computer from your colleagues.