0

Business Customer Internet Banking Awareness & Education Program

Home / Business Customer Internet Banking Awareness & Education Program

Bank of Alaska is committed to providing our customers with a safe and secure online operating environment. We monitor for abnormal and/or unusual internet banking behavior, providing an extra layer of security that protects you and your business.
Cybercriminals work around the clock to try to install malicious software known as Malware on your company's computer(s). Malware is any program or file that is damaging to a computer and consist of computer viruses, worms, Trojan horses, and spyware. Cybercriminals try to install malware for many reasons, including:

  • Damage your company's computer and/or software.
  • Use your company's email to spread malware.
  • Monitor your online activity in attempt to steal your company's sensitive information and money.
Bank of Alaska will never request personal information by phone, email or text message including account numbers, personal identification information, passwords or any other confidential customer information.

Online Banking Safety Measures

In addition to the security features managed by Bank of Alaska, below are some pointers and additional steps to take to further protect your company's sensitive information:
  • Ensure that your computer(s) or mobile device(s) have the latest software versions installed on them.
  • Ensure that your computer(s) or mobile device(s) have the most recent anti-virus software installed on them.
  • Never use your personal or businesses information as your username or password. For example, Albert Brennaman should not use "Albertb1234" or Mr. Wonderful Pizza should not use "Mrwonderfulpizza123" as their password.
  • Create a complex, hard to guess password that contains upper and lower case letters, numbers and special characters. The password should be 8 characters minimum.
  • Never use words in the dictionary as part of your password.
  • Consider changing your password regularly and avoid using the same password more than once.
  • Keep an eye out for suspicious emails that ask you for business or personal information. If you receive an email from Bank of Alaska and are unsure whether it is legitimate, then please contact our Customer Service Department at 800-670-3110 for further assistance.
  • Do not share or provide your Username, Account Number(s), Password and Security Challenge Questions and Answers with anyone.
  • Try not to use public computers and/or public Wi-Fi to access your company's online banking account(s).

Commercial Banking Safety Measures

In addition to the information provided regarding "Online Banking Safety Measures", Commercial and Small Business account holders should introduce additional measures in order to further protect their online banking information. These additional measures include, but are not limited to:
  • Ensuring that all your company computers are equipped with the proper software patches needed.
  • Provide your employees with training on the risks.
  • Perform your own internal risk assessment and evaluation on all online accounts. This should be conducted annually at minimum.
  • Establish appropriate user account controls for all employees who have access to online banking.
  • Develop internal policies regarding employee internet usage.
  • Review all transactions being conducted by your employees.

Identity Theft

What is identity theft? Identity theft is a fraud committed or attempted using the identifying information of another person without authority. Below are various guidelines to help you protect your company:
  • Never give anyone your personal or company's information.
  • Report any lost or stolen checks, debit cards, and/or credit cards immediately.
  • Review your monthly statements to ensure that are no unauthorized transactions.
  • Be sure to shred all your sensitive documents that contain your company's confidential information such as bank and credit card statements, bills and invoices, expired credit cards and pay-stubs to employees.

Electronic Funds Transfer (EFT)

An EFT by definition is an electronic exchange or transfer of money from one account to another, either within a single financial institution or across multiple institutions initiated through electronic based systems. Below are the most common methods of EFT transactions:
  • Point of Sale (POS) transfers.
  • Transfers initiated by telephone.
  • Direct deposits or withdrawal of funds.
  • Automated Teller Machine (ATM) transfers.
  • Transfers initiated through internet banking.
  • Transfers resulting from debit or credit card transactions.
As a business customer, you should perform periodic risk assessments to evaluate the security and controls you have in place. The risk assessment should be used to determine the risk level associated with any internet activity you perform and any controls you have in place to mitigate these threats.

Mobile Banking Protection

In this day and age, it is very convenient to manage your finances for your business using your smartphone or tablet. However, the safety tips listed below should be considered when it comes to protecting your company's account information.
  • Do not root or jailbreak your mobile device(s) - doing this can expose the security controls and make your device vulnerable to cyber-attacks.
  • Be sure to conduct your company's financial activity in a safe and secure environment - use your cellular service or own internet provider rather than an unsecured and/or public Wi-Fi networks, like those offered at public places.
  • Make sure your device(s) have the latest operating system installed onto it.
  • Create a strong password for your mobile application and your device(s) - avoid using complete words. Avoid using your real name, your businesses name and username. Make sure your password is a minimum of eight characters.
  • Do not use the same password more than once and be sure to use characters from each of the following categories: Uppercase letters, Lowercase letters, Numbers & Symbols
  • Remotely erase or turn off access to your device(s) and account(s) in the event your device(s) are lost or stolen. Take precautions in case your device(s) are lost or stolen, before your device(s) are lost or stolen.
  • Take precautions in case your device(s) are lost or stolen, before your device(s) are lost or stolen - use the auto-lock or time-out feature so your device(s) will lock when it is left unused for a certain period of time and avoid leaving your device(s) unattended in public places.
  • Do not send your account number(s), username(s) and password(s) via email or text message, as these methods are not necessarily secure.
  • Research the applications you are interested in downloading before downloading them. Fraudulent applications are often designed with names that look similar to real applications. Best practice is to download the application directly from the trusted provider's website.
  • Be proactive in protecting your smartphone(s) and/or tablet(s) by installing anti-malware software on the device(s).

Beware of Social Engineering

A social engineering attack is usually conducted by an outsider who will use a variety of psychological tricks on an employee of your business to obtain information they need in order to access your businesses computer or network. The majority of Social Engineering attacks are orchestrated to obtain a financial gain.

Common Types of Social Engineering Attacks

  • Phishing attacks- A phishing attack is a form of social engineering where a fraudster tricks their target into opening a malicious attachment and/or following a link to a malicious website. This attack is often used to steal your businesses data for a financial gain. A successful attack could lead to unauthorized access to your businesses customers, banking information, and the takeover of your online banking account to initiate unauthorized transactions. A successful phishing attack exposes your business to a strategic, operational, and reputational risks; jeopardizes the privacy of your customers; and exposes your business and customers to the risk of financial fraud.
  • Customer Business Email Compromise - Customer Business Email Compromise (BEC) is a method where an attacker impersonates a high level employee of your business customer in order to fraudulently transfer funds or steal sensitive information from your business. In most cases, an attacker simply creates an account with an email address that is very similar to an email address that looks comparable to your customers. In a BEC attack, the fraudster typically uses the identity of someone in your customer's organization to trick an employee of YOUR business into sending money to them. In some cases, this may be done using a spoofed or compromised legitimate email address. Customer BEC can expose your business and your customers to the risk of financial fraud while exposing your business to a reputational risk.
  • Internal Business Email Compromise - Internal Business Email Compromise (BEC) is a method where an attacker impersonates a high level employee of YOUR business in order to fraudulently transfer funds or steal sensitive information. In most cases, an attacker simply creates an account with an email address that is very similar to your company's email address. In an internal BEC attack, the fraudster typically uses the identity of an employee inside the business to trick another employee (the target) into sending them money. In some cases, this may be done using a spoofed or a compromised legitimate email address. Internal BEC will expose your business to a strategic and operational risk. If an internal BEC attack is successful, then your business can be exposed to a financial loss.
  • Vishing Attacks - Vishing is a form of social engineering where fraud is attempted over the phone. During a Vishing attack, the caller impersonates a trusted individual by your business, and tries to get your employee to do something or tell them something to compromise your organization in some way. Examples of some things a Vishing attacker may want your employee to do is:
    • Transfer money out of your business.
    • Provide information about your businesses technology (ex. computers, network information).
    • Provide the businesses customer information.
    • Provide your businesses internal information (ex. non-public policies, trade secrets).

Protect Your Business from Social Engineering Attacks

The majority of successful social engineering attacks are widespread, short-lived, and need only a few of your employees to take the bait. Most prevention methods do not require much more than simply paying attention to the details in front of you. Below are common methods for protecting your company:
  • Educate yourself and your employees - The first mitigation should be security through education. If your staff is educated to the types of attacks being conducted, then they can defend against them.
  • Delete any request for financial information or passwords - If you get asked to reply to a message with personal information such as account numbers, passwords, usernames, etc., it is a rip-off.
  • Secure your companies computing devices - Install the latest versions of anti-virus software, firewalls, and email filters. Set your companies operating system to automatically update, and if your smartphone(s) do not automatically update, manually do it whenever you receive a notice to do so.
  • Verify the identity of an email sender before following links or opening attachments:
    • Be mindful of who is emailing you. Check email addresses for accuracy and look for signs of suspicious activity (e.g. emails not in the format you would expect or a name appears to be spelled incorrectly).
    • Hover over links in emails WITHOUT clicking in order to see the actual destination (URL).
    • Do not open any attachment(s) that you did not request or expect.
  • Verify the identity of telephone callers before providing your company's sensitive information.