With online fraud and cybercrime escalating year after year, it is important for consumers and business owners to be aware of important practices concerning internet security.
Basic recommendations for personal and business:
- Install anti-virus software on computer(s) and set anti-virus to update automatically and perform full-system scans on a periodic basis. Malicious code, whether it's a virus, spyware or some other form of malware, can be very dangerous and problematic. If using a subscribed version of anti-virus, such as Norton, make sure it is up-to-date and not expired. If a virus is detected, disconnect the computer from the internet and clean the computer by using a second, non-infected computer. Another option is to research the best method to clean the detected virus.
- Always be skeptical of e-mails with attachments or links contained within the message. If the e-mail is unexpected or from an unknown source, DO NOT open the attachment or click on the links contained in the e-mail. Many e-mails use either scare tactics or financial gain tactics to entice the receiver to click links in an e-mail. Once the link is clicked, it will direct the receiver to a website used to gather personal information or download malware/viruses to the computer.
- Patch, patch, patch: The easiest way for hackers and cybercriminals to gain access to a computer is through known vulnerabilities. Make sure computers are set to download AND install updates automatically.
- Firewall: Don't be a target; firewalls can be the first line of defense from outside attacks. Hackers and cybercriminals scan the internet for computers not protected by a firewall and use open ports to exploit unpatched systems.
- Back it up: Another good practice is to back up data, including personal pictures and documents or business information. If a computer is compromised, it may be necessary to wipe the computer and re-install the operating system and software. Having back-ups of the information will help to restore operation as quickly as possible.
Small Business Information Security (National Institute of Standards and Technology)
Computer Security (Federal Trade Commission)
US-CERT Tips (US Computer Emergency Readiness Team)
Shields Up (Gibson Research Corporation) Firewall testing.
NEW ACH Security Framework Rule (For business customers utilizing ACH)
Effective September 20, 2013 a new framework rule regarding ACH security went into affect. You can Learn More about these changes by viewing EPCOR.org's course Click Here to download the course.
This Rule affects the security and integrity of certain ACH data throughout its lifecycle.
Protection of Sensitive Data and Access Controls
- Requires Originators to establish, implement, and (as appropriate) update security procedures relating to the initiation, processing and storage of entries.
IMPACT TO CORPORATE USERS: Each Originator will need to evaluate its current security policies, procedures and systems to ensure the company identifies
safeguards for protected information - non-public information, including financial information of customers. Security policies, procedure and systems must:
- protect the confidentially and integrity of the protected information
- protect against anticipated threats or hazards to the security or integrity of protected information until its destruction
- protect against unauthorized use of protected information that could result in substantial harm to the customer
If the Originator does not have up-to-date security policies, procedures and systems to ensure the company identifies safeguards for protected information, they will need to be developed. If a corporate user accepts credit cards, controls like those set out in PCI should be developed and followed for ACH information.
EPCOR Security Newsletters
-October 2014 (pdf)