Skip to main content

Fraud Tips for Businesses

Operating a business in today’s sophisticated world of e-commerce and online banking presents a number of challenges for business owners, including risks associated with check fraud and identity theft.

As your business partner, S&T is committed to providing you with the tools and safeguards needed to protect yourself from electronic and transaction fraud. In fact, S&T employs the highest level of encryption technology available.

In addition, we are here to work with you in the event your business becomes a victim of online scams or financial fraud of any kind. We’ll work together to restore your finances and walk you through the necessary steps to do so with the least damage to your business.

Security Tips for Businesses

Below are some tips to keep you and your business identity safe.

  • Keep your security up to date.  Always install the latest patches and updates.

     

  • Use email authentication.  With email authentication technology, when you send an email from your company’s server, the receiving servers can confirm that the email is really from you.

     

  • Train your staff.  Teach them how to avoid phishing scams and show them some of the common ways attackers can infect computers and devices with malware.

     

  • You may want to hire a web host.  When comparing services, security should be a top concern.

     

  • Physical security.  Protect information in paper files and on hard drives, flash drives, laptops, point-of-sale devices, and other equipment by storing paper files or electronic devices with sensitive information in a locked cabinet or room.  Shred documents and make sure data from devices is erased correctly. Limit physical access to records or devices only to those who need it.  Keep track of and secure devices that collect sensitive customer information.  Only keep files and data you need and know who has access to them.

     

  • Secure remote access.  Make sure employees and vendors follow strong security standards before they connect to your network.

     

  • Vendor security.  Include provisions for security in your vendor contracts.

     

  • Phishing emails or texts.  Before you click on a link or share any sensitive information, verify the website or phone number for the company or person behind the text or email.

     

  • RansomwareThis occurs when an employee clicks on a link, downloads an email attachment, or visits a website where malicious code is lurking in the background. With just one keystroke, the employee inadvertently installs software that locks them out of their own files. The cyber crook then demands a ransom, often in the form of cryptocurrency. But even if you pay, there’s no guarantee that hackers will live up to their end of the bargain.

    • The best defense against ransomware is prevention. Keep your computer security in fighting form by installing the latest patches and updates. Consider additional means of protection like email authentication and intrusion prevention software, and set them to update automatically. (You may have to do that manually on mobile devices.)

    • Back up your data regularly by saving important files to a drive or server not connected to your network. And have a “What if . . . .” plan in place that outlines the steps you’ll take if ransomware strikes.

    • Warn your staff about the potential consequences of casually clicking on a link or opening an unexpected attachment. Clue them in to how some cyber criminals use phishing emails that impersonate the look of business correspondence.

 

  • Tech support scams.  This occurs when your business receives a phone call, pop-up, or email telling you there’s a problem with your computer.  These are scammers who want to get your money, personal information, or access to your files.  They often ask for remote access to your computer which lets them access all information stored on it and any network connected to it.  They can install malware that gives them access to your computer and sensitive data, like user names and passwords.  They may try to sell you software or repair services that are worthless or available elsewhere for free or enroll you in a worthless computer maintenance or warranty program.  They may direct you to websites and ask you to enter credit card, bank account, and other personal information. 

     

    • To protect your business, if a caller says your computer has a problem, hang up.  If you get a pop-up message, ignore it.  If you’re worried about a virus or other threat, call your security software company directly, using the phone number on its website, the sales receipt, or the product packaging. Or consult a trusted security professional.  NEVER give someone your password, and don’t give remote access to your computer to someone who contacts you unexpectedly. 

       

    • If you’re scammed, change your passwords and get rid of malware.  If the affected computer is connected to your network, you or a security professional should check the entire network for intrusions.  If you bought bogus services, ask your credit card company to reverse the charges, and check your statement for any charges you didn’t approve.  Keep checking your credit card statements to make sure the scammer doesn’t try to re-charge you every month.  Report the attack right away to the FTC at FTC.gov/Complaint.

       

  • Cybersecurity basics.  Don’t forget the basics:  set updates to happen automatically, secure your files, require complex passwords, limit login attempts, encrypt devices, use multi-factor authentication, secure your router, train your staff, and have a plan for saving data, and notifying customers if you experience a breach.

For more information visit FTC.gov/Small Business

 

Listed below are a number of steps we recommend to protect your business from several common types of fraud.

ACH Fraud Protection

Enables businesses to access and validate transaction activity on a daily basis, create a list of preauthorized or “safe” vendors and block all unauthorized vendors.

Positive Pay

Allows your business to send electronic files of issued checks to S&T to guard against invalid or fraudulent checks posting to your account.

Payroll Direct Deposit

Offers the safest, most convenient and inexpensive form of payroll processing and reduces concerns about lost, stolen, forged or reproduced checks.

Check Safekeeping

Offers a free and secure means of protecting your checks from being stolen, lost, forged or reproduced.

Secure Online Statements

Provides online access to statements as opposed to receiving traditional statements through the mail to enhance your privacy and security.

Business Online Banking

Provides online access to your accounts so that you can review activity daily or periodically at your discretion.