Business Online Security
Sonabank is Committed to Protecting and Securely Providing Access to Your Business Accounts Online.
Keeping your financial and business information confidential is one of our highest priorities. Our system architecture protects your information behind firewalls with constant anti-intrusion and anti-malware monitoring. All of your online banking and cash management services use at least 128 bit SSL secure encrypted connections, and our systems automatically monitor account access and lock accounts with too many incorrect attempts. We provide this high level of security to all of your online services, but our systems also provide you with unique capabilities to control your company's internal access as well.
What can you do?
Virtually all businesses now rely on technology for their operations to some extent. As these computers and processes become integral to efficient operations, we need to have layered security to ensure the integrity of the network and continued operation. Below are some points to consider when developing your business's security plan and procedures:
Firewall: Hardware and/or software based system that helps keep an internal network secure. It does this by acting as a funnel through which traffic must pass before entering your internal network from the public Internet, allowing it to block network traffic both incoming and outgoing from your internal network.
Anti-Malware Software: What is malware? Malware, malicious software, are programs or processes designed to take advantage of vulnerabilities in the Operating System, Browser or other programs on your computer. The type and purpose of the malware may cause it to be classified as a specific type such as virus, worm, trojan, adware, Man-in-the-Browser, Man-in-the-Middle, etc. Malware has nefarious purposes from disrupting your use, stealing user names, passwords, sending you to "fake" pages and more. You combat malware with specific software designed to detect and remove infections, known as Anti-Virus or Anti-Malware programs. Some options from reputable vendors are listed belo
System Updates: Computer malware such as viruses, trojans, worms, etc. are constantly evolving to take advantage of weaknesses in Operating Systems, Browsers, and other programs. As such, security patches and updates are released to close these exposed loopholes. Ensure that your systems are running on the most secure version(s) available.
Wireless Networks: With more powerful wireless routers providing greater network range it is imperative to ensure that your business's wireless networks are secure. Some points to consider when setting up and securing a wireless network:
- Update the administrative password from the factory default to a more complex version with various letters, numbers, cases, and symbols.
- Disable remote administration and if possible block broadcasting the network SSID, the public name of the network.
- Enable WPA encryption, if WPA is not supported enable WEP encryption.
- If only specific computers will be accessing the network, you may consider enabling MAC filtering. Each computer network card has a unique MAC address, and MAC filtering can limit access to specific MAC addresses you configure.
Designated Online Banking Computer: By limiting use of the computer(s) exclusively for Online Banking, you can reduce the risk of malware infection. If these computers are not allowed to access email, surf the web or access social networks you have eliminated access to common methods for introducing malware into your system. If possible, you should also avoid conducting online banking transactions from public shared networks such as coffee shops, airports, etc.
Backup: Create copies of important business data and information in the event of a security breach or disaster, to allow restoration of your system. If possible, set up automatic backups that are stored offsite or "in the cloud".
Unique Credentials: Each employee should be assigned unique credentials, these should never be shared amongst employees. Whether it is internal network access or Business Online Banking, assigning unique credentials allows you to set user specific permissions as well as research instances where errors or issues occurred.
Access: By using unique credentials, you can assign specific security access to employees based on their job duties. This can allow you to block installation of potentially malicious software or access to known high risk websites.
Passwords, the phrases that let employees gain access to your internal network and/or sensitive financial information. With such importance, below are a few best practices to protect your business:
- Do not use a password that can easily be guessed, and use a variety of symbols, characters, numbers and cases to maximize the effectiveness. Example: GH$21i!o0
- When selecting "secret questions" that allow an account to be reset or accessed from a new computer, use questions and answers that are not easily known or found. With the proliferation of Social Networks and information sharing, employees should not choose "What is the name of your pet?" if they have shared multiple pictures visible to the public about their visit to the Veterinarian's Office with "Roscoe".
- Never share passwords or keep a written copy close to a computer in an unsecured location, such as an unlocked drawer or corkboard.
- Do not use the same password for all accounts. If the password is compromised from one of these locations, it could compromise all the other accounts.
- Change passwords frequently
Levels of Protection
Though an Image and Pass Phrase will no longer be part of the login procedure, Sonabank's authentication features three powerful levels of security to guard access to user accounts. This is a security system that uses more than one form of authentication to verify the legitimacy of a login attempt. The goal of Multifactor Authentication is to create a layered defense that makes it more difficult for an unauthorized person to access Business Online Banking.
Sonabank's authentication uses three layers of verification to prevent unauthorized access.
- The first level requires the correct entry of a User ID and Password. These must match system records or access will be refused.
- The second level of identification is the device the person uses to sign in. If the computer, phone or tablet is not recognized, the customer or member will be required to answer a challenge question or verify their registered email address to ensure their identity.
- The third level of authentication is based on geographic indicators. If a login attempt is made from a new geographic location, the user may be asked an additional challenge question or be required to verify their registered email address.
ACH, Wires, & Monitoring
When you take advantage of our efficient and secure ACH and/or Wire services in Business Online Banking, we offer the tools to provide your business control over your operations. Below we will outline some best practices for maintaining control over your online transaction capabilities:
Roles & Access: Most businesses place limits on access to accounts, transaction amounts, approvals, etc. based on the employee's seniority and job duties. Our Business Online Banking system provides the ability to establish specific roles with defined access to accounts, views, payment templates, and transaction amounts. To learn more about establishing and configuring roles, view the "Administration" section of our Online Education Center. Some common activities that should have limited access to maintain control:
- Transfer, ACH, and Wire Functionality.
- Initiation and Approval Authority.
- Payment template access by employee role.
- View or edit template details.
- Transaction Limits, these can be per transaction, daily, weekly, or monthly limits.
Dual Authority: An accepted best practice is that initiation and approval authority should be separate responsibilities, as well as a redundant backup authority in case the primary employee is unavailable to initiate or approve an online payment.
Online vs Offline: Your established internal security and payment procedures, policies, and processes for offline payments should be considered when establishing your Online Banking roles and access. If a paper check over $20,000 requires an Executive countersignature, our Online Banking roles system allows you the flexibility to mirror your processes.
Update: Periodically evaluate the job duties of employees and ensure their access roles are necessary. Delete an employee's Business Online Banking credentials as part of your business's exit procedure.
Monitor: Review details of transfers as they occur and reconcile transactional accounts daily. Take advantage of the alert functionality in Business Online Banking to develop custom email alerts based on your unique business needs.
Separate: You can simplify monitoring and anomaly detection by separating accounts for a specific purpose. For example: Receivables vs. Payables, High vs. Low Volume Accounts, Electronic vs. Paper Transactions, etc.