Business Online Banking Security Tips
In addition to our standard security controls, Boston Private recommends that you consider the implementation of the following business and technology security practices to further mitigate the risk of online fraud.
Business Security Practices
Set Wire, ACH/Tax daily limits
Setting a blanket limit for daily Wire, and ACH/Tax. Current limits are not date specified.
Set additional approver for Wire, ACH/Tax
Require dual control for Wire, ACH/Tax payment transactions.
Validate all money transaction requests
Ensure the authenticity of all Wire/ACH and other money transaction requests – originating from within your organization, especially those in the form of e-mail which can be compromised.
Limit user entitlements
Assignment of user entitlements should be minimized and given only to those necessary individuals.
Reconcile and review daily
Accounts should be reviewed and reconciled at least daily to detect any unauthorized transactions.
Separation of duties
Require separation of duties, dual controls, etc., over file and transaction creation, submission, and verification/reconciliation.
Restrict home access
Consider not allowing or strongly discouraging access to Boston Private’s Online Banking System from home computers.
Create a strong passcode
You will be required to enter a strong passcode with a minimum of 8 characters that will include at least a letter, a number, and a special character, and is case sensitive. You will not be able to use a dictionary word, and if the passcode is deemed to be weak, you will be required to enter another passcode. Passcodes should never be shared, written down or stored on the computer. Consider changing the passcode a few times each year. Avoid using automatic login features that save your username and passcode.
Always completely log out from your Online Banking session. To properly close out the browser session, clients must click “Log Out”.
Enable password protected screensavers
Enable a password protected screensaver after a short period of idle computer inactivity. This protects against an unattended computer with an established session where the client has left the PC for some period of time.
Technology Security Practice
Download Trusteer Rapport
Boston Private offers Online Banking protection software from Trusteer, a leader in online security, free of charge. Trusteer Rapport helps to prevent fraudulent activity within your computer’s browser when using our Online Banking System. Once downloaded, Trusteer Rapport will:
- Help to mitigate fraudulent Online Banking activity
- Aid in protecting your Online Banking login details
- Assist the Bank in stopping malicious online attempts against you
- Work quietly in the background of your computer
E-mail over the Internet is inherently insecure. Adopt the following practices to help minimize the risk of being the victim of fraudulent e-mail scams:
- As e-mail is susceptible to hacking, it is important that all Wire/ACH and other e-mail transaction requests are validated for authenticity.
- Boston Private provides Secure Mail, a secure encrypted e-mail service, to communicate confidential e-mail information between the Bank and its clients. When communicating confidential e-mail to us, such as account numbers and social security numbers, always use the Secure Mail service. Never communicate con¬fidential information via normal Internet e-mail. Boston Private will always utilize Secure Mail when communicating confidential e-mail information to you. In addition to Secure Mail, you may also com¬municate confidential information to us by phone to your Bank representative, by mail, via our Online Banking secure messaging feature, or visit one of our offices. Register now for your free Secure Mail account.
- Opening file attachments or clicking on web links in suspicious e-mail could expose your computer(s) to malicious spyware and viruses leading to online fraud. Never open attachments (especially executable attachments), click on links, or respond to e-mail from suspicious or unknown senders.
- Be aware of e-mail phishing and scams. Phishing is an e-mail that falsely claims to come from a known sender. It typically provides a link to a phony website where you are asked to supply your confidential infor¬mation. Be suspicious of e-mail purporting to be from a financial institution, government department or other agency requesting account information, account verification or banking access credentials such as Access IDs, passcodes, PIN codes and similar information. Never respond to unsolicited e-mail asking for confidential information. Avoid clicking on links provided in e-mails. It is better to type the address directly into your browser’s address bar.
- Use e-mail filtering software to screen for unsolicited e-mail (spam). Consider installing a software tool that will assist in filtering spam from your e-mail inbox. These tools can help reduce the likelihood of a virus or worm installing a malicious program on your computer or receiving e-mail phishing attempts. Use a dedicated computer If possible, and in particular for clients that do high value or large numbers of online transactions, carry out all Online Banking activity from a stand-alone, hardened and secured computer system. This will minimize the risk of infection by computer viruses or malware.
Install a firewall
Install a dedicated, actively managed firewall. A firewall limits the potential for unauthorized access to a network and computers. Enable logging of outbound connections to control and monitor traffic leaving your company’s computer network. At a minimum, log outbound traffic to the Boston Private Online Banking Website and maintain each log for at least one month.
Apply security patches
Use current versions of the operating system and applications on your company computer(s) and ensure that security patches are up-todate. Most major software companies regularly release updates or patches to their software or operating systems to repair security problems. Some companies, such as Microsoft, offer you the ability to automatically receive these updates. All other vendor software updates can typically be found on their website.
Update virus protection software
Computer security programs including firewalls, anti-virus programs,, and anti-spyware programs should be kept current. Ensure that your company computer(s) have anti-virus and antispyware protection and make sure these programs are updated regularly. Also, scan your computer(s) for viruses and spyware at least once per month.
Implement Wireless networking security
If you use wireless networking, secure the network with the practices listed below to reduce the risk of being hacked by a wireless intruder:
- Ensure wireless encryption is enabled and the encryption level selection is at least 128-bit encryption, which provides a stronger encryption level.
- Change the default administrator ID and/or password provided by your wireless equipment (e.g., wireless router) manufacturer.
- Change the default wireless network name provided by your wireless equipment manufacturer so a hacker can’t use the default to try to access your network. Select a name that is equivalent to a strong password.
- Consider the option that disables the broadcast of your wireless network name over the air at regular intervals. Broadcasting the name is unnecessary and increases the likelihood that an unwelcome neighbor or hacker will try to log in to your network. Also consider the option to limit access to your wireless network to only your computer device(s). Consult your wireless equipment manufacturer for assistance on how to select these options.
- Beware that connecting to an unprotected network may result in an intruder gaining unauthorized access to your computer. It is possible for someone to monitor your Internet connection and even record your password(s).
Do not download or run software from unknown sources. This applies both to software available on the Internet and sent via e-mail. Installing software from unknown sources increases the probability of installing malicious code or accepting computer viruses. Limit administrative rights on your computers to prevent the inadvertent downloading of malicious software or other viruses.