Online Banking & user security
Passwords & PINs
- Always use secure passwords. A secure password consists of upper and lower case letters and numbers, and should not contain dictionary words, names or birthdates. Do not use your Social Security number (SSN), in full or in part, your birthdate or general number sequence such as 1234 for a password or PIN.
- Do not use the same username or password on any other website or software.
- Never share your password or PIN with anyone.
Review account transactions daily and reconcile frequently
- It is recommended that the “Super User” for Northrim Business Online Banking only use this access to create, maintenance and reset sub users. The Super User should have a separate login for conducting Business Banking transactions. In the event the Super User’s credentials are compromised while conducting Business Banking transactions, access to all controls may be at risk. A separate login may help prevent fraudsters from gaining access to create sub users, providing a means to approve fraudulent transactions.
- The Super User should be the only user permitted to add sub users for the company. In order to maintain internal control, sub users should not be permitted to create additional sub users.
- Users should never access Business Online Banking (or any privileged or sensitive computer system) from a public computer at a hotel/motel, library, coffee house, or other public wireless access point.
- Users should not enroll additional security to public computers.
- It is highly recommended that the company designate one computer in the office strictly for online banking transactions. This machine should not be utilized to browse the internet, check email or any other activity that could expose the computer to compromise.
- Determine which websites need to be made available to employees in order to conduct business activities. Consider blocking access to file sharing, social media and personal email sites.
- Determine who needs access to your banking systems and services and make sure the removal of access to those services is part of your employee exit process.
- Train everyone in the company on best practices in information security, not just financial personnel. Identify regular opportunities to routinely discuss security best practices such at staff meetings or other group check-ins.
Computer and email security
- Install and update your anti-virus and anti-malware software frequently. Most modern software updates automatically.
- Keep operating systems, browser and email patches up to date.
- Keep your web browser software up to date by installing the most recent version.
- Use well known network and desktop firewall solutions.
- Recommend that users sign off their computer when it is not in use.
- Do not click on links or attachments in an email that seems suspicious.
- Do not share confidential business information online. Emails and text messages are not secure and can be intercepted. When it is necessary to share information online, ensure that the website is secure.
- Consider using programs that scan emails for malicious content.
- Consider disabling CD, DVD and USB drives on all computers where these drives are not needed.
- Do not allow your employees to download unauthorized software or programs.
More business protection tips can be found at the National Cyber Security Alliance's Stay Safe Online Business Center.
Defend against ID theft as soon as you suspect it
Place a "Fraud Alert" on your credit reports, and review the reports carefully. The alert tells creditors to follow certain procedures before they open new accounts in your name or make changes to your existing accounts. The three nationwide consumer reporting companies have toll-free numbers for placing the initial 90-day fraud alert; a call to one company is sufficient:
Experian: 1-888-EXPERIAN (397-3742)
Placing a fraud alert entitles you to free copies of your credit reports. Look for inquiries from companies you haven't contacted, accounts you didn't open and debts on your accounts that you can't explain.
Contact each company where an account was opened or charged without your consent
- Follow up in writing, with copies of supporting documents.
- Use the ID Theft Affidavit at ftc.gov/idtheft to support your written statement.
- Ask for verification that the disputed account has been dealt with and the fraudulent debts discharged.
- Keep copies of documents and records of your conversations about the theft.
File a police report
File a report with law enforcement officials to help you correct your credit report and deal with creditors who may want proof of the crime.
Report the theft to the Federal Trade Commission
Your report helps law enforcement officials across the country in their investigations.
By phone: 1-877-ID-THEFT (438-4338)
or TTY, 1-866-653-4261
By mail: Identity Theft Clearinghouse, Federal Trade Commission, Washington, DC 20580