Bear State offers a variety of Treasury Management Solutions to help you run your business. We make sure we understand your business; how it runs, your future goals and your current struggles. We are committed to being your partner - which means doing our best to protect you. Running a business can be a challenge, and we want to help you understand potential security concerns and provide you with best practices to help ease your mind.
Bear State Bank provides these guidelines to help mitigate risks to your business against Cybersecurity threats related to online fraud. A security best practices approach can help mitigate risks to your business related to potential financial losses, business disruption and costs associated with fraud.
Cybercrime continues to increase in complexity and numbers, requiring a risk mitigation best practices approach that incorporates multiple layers of security. Below are general security guidelines that will help protect your business, as Cybercrime continues to evolve.
UNDERSTAND YOUR CYBERSECURITY RISKS - Achieve comprehensive, effective systems management by understanding what hardware and software are installed across your organization and how you can best mitigate security risks.
DEDICATED COMPUTER - Dedicate a stand-alone computer that is separate from your network for online banking. Consider using an alternate boot up system that utilizes a flash drive and is read-only capable. Consider physically securing this device.
PASSWORD SECURITY - Users should never share their password or PIN. Create complex passwords using lower case, upper case and special characters. Create passwords that are 8 characters or greater in length. Use different passwords for different accounts and systems.
SECURITY SOFTWARE - Install anti-virus, anti-malware, anti-spyware, firewall and various other attack blockers. This provides a layered approach for detecting and blocking malicious attacks.
Set your security software to update automatically
Set malware scanning to update automatically
Set your Operating System to update automatically (Windows, OS X, Linux)
Keep your ancillary software updated
Ensure your software firewall is turned on
** Verify your updates are working as expected
FIREWALLS - Consider installing an appliance firewall to prevent unauthorized access to your network, creating a strong password for firewall access.
WIRELESS - Do not use public Internet access points, such as airports and restaurants. If external access is needed, consider implementing a VPN or DirectAccess to provide end to end data encryption.
OUT OF BAND AUTHENTICATION - Utilize multi-factor authentication for an additional layer of security when available. This could include one-time passcodes provided through devices such as SMS authentication and security tokens. Avoid the use of VoIP phones using SMS authentication, since there is connectivity through the Internet and potential for passcode hi-jacking.
DUAL CONTROL PROVIDES A VERY GOOD LAYER OF SECURITY - Initiate your ACH and Wire transfers using dual control. This provides another layer of security to mitigate security risks.
BACKUP IMPORTANT BUSINESS DATA AND INFORMATION
Regularly backup important data on all computers
Store copies off-site on a schedule as appropriate
** In the event of a failed hard drive on a PC or a Ransomware attack, this is your safety net
USER ACCOUNTS - ESCALATED PRIVILEGE ACCOUNTS
Do not use escalated privilege accounts, such as Administrator, unless necessary. Always log out of Administrator and escalated privilege type accounts when not needed or not in use. Utilize a unique login for Treasury Management access and delete inactive or terminated user accounts.
DISCOVER CYBERSECURITY EVENTS - Block evolving threats and implement the appropriate measures to mitigate or identify the occurrence of a cybersecurity event.
MONITOR YOUR ACCOUNTS ON A DAILY BASIS - This allows you to quickly detect suspicious activity.
SUSPICIOUS ACTIVITY - Report any suspicious activity within your company to your bank immediately.
IF MALWARE IS DETECTED OR SUSPECTED
IF A DEVICE IS DETERMINED TO BE INFECTED WITH MALWARE.
EDUCATING YOUR EMPLOYEES IS ONE OF YOUR BEST SECURITY LAYERS - Provide on-going training and security awareness for your employees.
MAKE YOUR EMPLOYEES PART OF YOUR CYBERSECURITY TEAM BY KNOWING THESE RULES:
Do not click links from unexpected or suspicious emails
Do not open attachments from unexpected or suspicious emails
Do not enable macros from unexpected or suspicious emails.
Do not open unrecognized email
Open familiar email with caution. You can never tell who is truly behind the emails. It may be spoofed or faked.
Email is inherently an unsecure medium of communication. Only general inquiries should be sent via email. Pass-codes and confirmations for Wires and Ach transactions should utilize Out-of-band authentication (OOBA) processes such as a phone call and/or multifactor authentication if available.
Stay Safe Online
FDIC Cybersecurity – Consumer Protection
Cybersecurity for Small Business - FCC
Cybersecurity for Small Business - SBA
Internet Crime Compliant Center - FBI