What is corporate account takeover?
About Corporate Account Takeover
Corporate Account Takeover is a form of business identity theft where cyber thieves gain control of a business' bank account by stealing employee passwords and other valid credentials. Thieves can then initiate fraudulent wires and ACH transactions to accounts controlled by the thieves.
Basic Online Security Practices for Business Account Holders
The following security practices can be implemented by businesses to reduce the risk of theft:
- Education is Key – Provide continuous communication and education to employees using online banking systems.
- Secure your computer and networks
- Limit Administrative Rights - Do not allow employees to install any software without receiving prior approval.
- Install and update anti-virus and anti-malware programs frequently.
- Install routers and firewalls to prevent unauthorized access to your computer or network. Change the default passwords on all network devices
- Install security updates (patches) to operating systems and all applications as they become available.
- Use strong password policies.
- Do not open attachments from e-mail - Be on the alert for suspicious emails.
- Monitor and reconcile Bank Accounts daily, especially near the end of the day.
- Note any changes in the performance of your computer (dramatic loss of speed, computer locks up, unexpected rebooting, unusual popups, etc.)
- Make sure that your employees know how and to whom to report suspicious activity to at your Company & the Credit Union.
- Utilize resources provided by trade organizations and agencies that specialize in helping small businesses (see below).
Incident Response Plans
Since each business is unique, business members should write their own incident response plan. A general template would include:
- The appropriate contact numbers for the credit union;
- Steps the account holder should consider in order to limit further unauthorized transactions, such as:
- Changing passwords;
- Disconnecting computers used for Online Banking; and
- Requesting a temporary hold on all other transactions until out-of-band confirmations can be made;
- Information the account holder will provide to assist the credit union in recovering their money;
- Contacting the business’ insurance carrier; and
- Working with computer forensic specialists and law enforcement to review appropriate equipment.
Contacting the Credit Union
Contact the credit union regarding your business account if you
- Suspect a fraudulent transaction;
- Suspect that you have become a victim of Corporate Account Takeover; and/or
- You would additional information or resources provided to you regarding best security practices.
Member Service Center: 1.800.763.8600, ext. 2375
Additional Resources for Business Account Holders
You can visit the following websites to learn more about how to protect your small business:
- Better Business Bureau: Data Security Made Simpler
- Federal Communications Commission: Small Biz Cyber Planner
- Federal Communications Commission: 10 Cybersecurity Strategies for Small Business
The information contained on this web page is for informational purposes only. It should not be considered for security, legal, reputational or technical advice. You should consult with an attorney or other professional to determine what may be best for your needs. There is no guarantee or promise as to any results that may be obtained from using this content. To the maximum extent permitted by law, all liability is disclaimed for any inaccurate, incomplete or unreliable information contained in this presentation. No attorney-client relationship is formed through this presentation or content contained or made available in this presentation.