In light of the July 6 decision
by the U.S. Federal Court of Appeals for the First Circuit regarding a bank's
liability when cyber fraud occurs, IBAT, with endorsed service provider Dell
Secureworks, has prepared five tips for banks to share with their business
customers to prevent corporate account takeover (CATO) and other types of cyber
a computer that is dedicated only to handling online banking and bill pay.
That computer or virtualized desktop would not have any other capabilities,
such as sending and receiving emails or surfing the Web, since Web exploits and
malicious email are two of the key malware infection vectors.
computer users should avoid using weak or default passwords for any online site
and should refrain from using the same password for multiple sites.
Use a "password manager" to put all your passwords in one database and avoid
using the same password for more than one website
and enforce a centralized plan for keeping computer applications, operating
systems and security software updated. Make sure servers and workstations
are fully patched promptly and regularly.
a robust Intrusion Prevention Solution (IPS) to defend against cyber threats.
An IPS provides policies and rules to block suspicious network traffic such as
Web exploit kit attacks, SQL injection attacks, and banking Trojans that infect
computers and steal data that allow intruders access to your banking accounts.
clicking on links or attachments in emails, always verify that the
correspondent sent you the email with the link or attachment. Hackers are
known for breaking into email accounts and sending malicious links and
attachments. Verify with the sender to confirm the links or attachments are
safe to click or open.
Also, please refer to the earlier guidance by
the FFIEC, a webinar
conducted by the Texas Department of Banking and the Texas
Bankers Electronic Crimes Task Force - Best Practices Reducing the Risks of
Corporate Account Takeovers as resources to help protect your customers
from fraud. CATO is just one of the many IT security topics that will be
discussed at IBAT's IT
Security Summit on August 9.