HELPING YOU PROTECT YOUR BUSINESS FROM FRAUDULENT ACTIVITY & SCAMS
FOUR STEPS TO BEING MORE SECURE ONLINE
Assess your Cyber Security:
- Install security software and keep it updated: a firewall, and anti-virus and anti-spyware software.
- Back up your critical data on a regular schedule – and test your backup to make sure you can recover its data.
- If you don’t have an IT Manager, give someone responsibility for your network security. Remember it’s everyone’s responsibility to comply with your security procedures.
- Use reputable software and keep it up-to-date.
- Use email spam filters and ensure your people can recognise scams and hoaxes, and don’t click links or open attachments from suspicious senders.
- Subscribe to security notification services, like NetSafe, that keep you informed about the latest online safety and security risks and solutions.
Establish an Incident Management Plan
- Your incident management plan gives your employees guidance on recognising and dealing with a cyber security breach.
Develop a Cyber Security Policy for your Business
- Your cyber security policy sets rules to protect your business. It includes simple security controls for the ways you and your team use your systems and devices.
- Hold regular company meetings designed to remind staff why information security is important.
Review your Security Regularly
- Once you’ve set up your risk management approaches, you need to make them part of your culture.
ACTIONS TO HELP PROTECT YOUR ONLINE BUSINESS BANKING:
Payments
- Ensure staff are trained to recognise suspicious emails.
- Ensure you have clear policies around authorisation of payments.
- Confirm new invoice details and account numbers directly with suppliers using a phone number known to you or publicly available.
- Be cautious when emails request urgent or confidential action be taken.
- Put in place a “two person rule” around signing off transactions and set transfer thresholds.
- For internal payment requests by email, ensure staff personally speak with the colleague requesting the payment on an already identified contact number held by the business.
KEEPING YOUR FASTNET BUSINESS SITE SAFE:
- Ensure staff NEVER share FastNet passwords or Netcode numbers.
- Ensure staff use strong passwords, never write it down or give it out to anyone.
- Never click on a link to access FastNet.
- Consider IP Address Verification as added security – customers need to have a fixed IP address and can lock down anyone using FNB to only access that IP address.
- Have an FNB segregation of duties policy for the uses (for example, a user can create a payment but not authorise payments but not create).
- Ensure all users have a daily limit that is required for their role.
- Review your FNB admin/users still have the relevant permissions to fit their role (limit, account access and permissions). There is a report under the administration section that will provide this data.
- Review their daily account limits.
- Regularly check the FastNet Business Audit (under Administration/Client/Audit Log) to identify any unexpected changes to account numbers, extra payments or logging in after hours.
- Set up Alerts to advise if a large payment is deducted from their account or if the account goes into overdraft.
- If you want to review your security for FastNet Business phone the ASB Helpdes on 0800 225 527.
This article is from the ASB. For more advice, please refer to the following guide:
www.asb.co.nz/banking-with-asb/guide-to-small-business-cyber-security