Business Banking Security/Best Practices

Protecting your business’s financial assets is a top priority at HarborOne Bank, but we can’t do it alone. Just as you protect your business’s physical location from intruders by activating a burglar alarm at closing time, your business’s computers must be protected from cyber thieves attempting to exploit weaknesses in your computer network.

Please be aware that FDIC Insurance or Regulation E (the Electronic Funds Transfer Act) does not cover fraud losses for business customers. HarborOne Bank recommends that all business owners discuss online fraud protection with their insurance carriers to ensure they are adequately protected in the event of a loss.

The tips below provide information and security measures you can take to help protect your accounts from scams and other harmful attacks.

Harden your computer against cyber-attacks.
Computers that are not appropriately protected can become an open gateway for cyber criminals to access your online account or perform malicious activity. Unfortunately, antivirus products alone are not enough to protect you from malware that can give cyber criminals control of your computers. Below are basic tips to protect the computers at your business.

  • Use a dedicated computer: If possible, dedicate a computer to be used ONLY for online banking purposes to mitigate against the risk of computer and user credentials being compromised. Your business’ computer information technology system should not be used for email, social media, or web browsing.
  • Password Protection: A unique password or token PIN is the first step of securing your online information. Select a password/PIN that is easy for you to remember but do not select birthdays, sequential numbers or street addresses. Do not share your password/PIN with anyone. Remember, HarborOne employees will never ask for your password.
  • Keep your operating systems, antivirus and other software up to date. Scan your computers for viruses regularly.
  • Fraud Awareness: Fraudsters use official-looking e-mails (Phishing) and websites to lure you into revealing confidential financial information. The phishing messages appear to be from trusted banks, retailers or other companies. Be suspicious of any e-mail with urgent requests to “verify account information.” When in doubt, call the sender directly and validate the message. If you receive a suspicious email, do not click on any links or attachments, since they could contain malware. Just delete the email.
  • Transaction Review: Check your account balances and transaction activity daily and promptly report any suspicious activity to your account manager or call877-997-9957 and speak to a HarborOne Customer Service Representative.

Make your computer less vulnerable to cyber thieves.
Your business online account has built-in security options you can use to protect and monitor your online activity. Don’t wait until your business is a victim of cyber fraud before you protect yourself.

  • Enroll and Check your Email Alerts: Reviewing email alerts immediately can protect against fraudulent activity on your account.
  • Review Account Activity: Review your online accounts for any transactions you did not initiate. Early detection may prevent large losses.
  • Requiring two individuals to execute transactions (dual control) can prevent fraudulent activity even if one employee’s computer is compromised.
  • Change your Password: Changing your password periodically reduces the chance of it being compromised.
  • Only use Company Computers: When accessing online business accounts, only use designated company computers that use the company network. Non-business computers and networks are more likely to be infected with malware.

How to identify common attacks by cyber criminals.
No one wants to become a victim of cyber fraud, but if it does happen, responding to it quickly is of the utmost importance. Below are ways to help your employees identify when they may be the victim of cyber fraud, or when you should consider contacting HarborOne for assistance. Be sure that all employees that participate in online banking are aware of these tips.

Contact customer support if you experience any of the following scenarios:

  • If you receive an email alert regarding a wire, ACH, or bill pay transaction you did not initiate
  • If you receive an email alert regarding a change of password or email address you did not create
  • If the login screen looks different or has unusual fields or prompts
  • If you see unknown transactions or balance inconsistencies on your account
  • If you receive a message saying online banking is unavailable due to maintenance or another reason after you just logged in
  • If you log on to HarborOne online banking and are immediately logged off, your account is locked for no apparent reason, or your computer freezes

Learn about your liability in the event of a cyber-attack.
HarborOne provides online business banking to its business customers to add convenience for conducting financial transactions, but we cannot assume liability for fraud on business accounts as a result of malware and system vulnerabilities on our customers’ Information Technology systems. Our business customers must ensure that adequate security controls are in place on their Information Technology systems before accessing online banking to minimize risk.

Business customers are contractually obligated to maintain the security of their computers and must monitor their accounts proactively and frequently. This means that you will be responsible for any fraudulent financial activity on your account if your business’s computers or accounts are compromised. Business customers who use their Information Technology systems to house proprietary, financial, or personnel information should employ an Information Security Professional periodically to conduct a thorough review of their systems and security controls.