HomeResource CenterSecurity Center

Business Security

Keep the business you’ve built protected from security threats.

Mobile Device Security Best Practices

  • Require a passcode and/or biometrics to access your device.
  • When your device is not in use, lock the screen to prevent unauthorized access to it.
  • Install patches and updates as soon as possible once they become available.
  • “Sign Out” or “Log Off” when finished with an app, rather than just closing it.
  • Enable security features (e.g., auto-wipe, auto-lock, biometrics, etc.).
  • Install anti-malware, when possible.
  • Do not jailbreak or otherwise circumvent security controls on your device.
  • Before disposing of your mobile device or when changing ownership, delete all information from the device. Use a “factory reset” to permanently erase all content and settings stored on the device.

Online Security Tips

  • Never click suspicious links in emails, on social media posts, or via online advertising. Links can take you to a different website than the labels indicate.
  • Avoid using public computers or public wireless access points for online banking and other activities involving sensitive information, when possible.
  • Protect your data by only submitting sensitive information to websites that encrypt your data. Make sure the URL begins with https:// instead of just http://. (The “s” means your data will be encrypted when you submit it.) Some browsers also display a closed padlock.
  • Always be cautious if you receive an unsolicited phone call, text, or email directing you to a website or requesting sensitive information. When in doubt, do not click.

Corporate Account Takeover (CATO)

CATO is a form of financial fraud where cyber criminals gain access to business online banking accounts and initiate unauthorized fund transfers (e.g., ACH, check, wire transfers) to accounts under the cyber criminal’s control. These funds are often then transferred overseas and out of U.S. jurisdiction. The FBI estimates that CATO attacks have cost American companies hundreds of millions of dollars.
CATO attempts were first reported in 2006 and originally targeted large corporations, but the focus has been redirected toward small and mid-sized businesses, municipalities, and nonprofit organizations. Unlike larger corporations, these smaller companies are perceived to lack the resources needed to prevent and detect a security breach, making them a more attractive target for cyber criminals.

  • Five key steps lead to a CATO. Knowing how it happens can help prevent it from happening to you.

    1. Phishing. The victim is tricked into clicking on malicious links or attachments in emails, online pop-ups, and fake friend requests from compromised websites. Malware can be hidden in videos, documents, pictures and other attachments.
    2. Malware Installation. The victim unknowingly installs malware on their computer by clicking on links or attachments. The malware usually contains key logging and screenshot capabilities.
    3. Online Banking Login. Malware runs unnoticed in the background until the user logs into their online banking account. The user may then be redirected to a dummy site they believe is their bank — a man-in-the-middle attack.
    4. Theft of User Credentials. Malware captures the user’s login credentials and sends the information to cyber criminals.
    5. Unauthorized Fund Transfers. Stolen credentials are used to log into the online banking account and initiate unauthorized fund transfers from the victim’s account to an account under the cyber criminal’s control.

    • Other Techniques Used by Cyber Criminals Include:

    • Man-in-the-Middle or Man-in-the-Browser Attacks. In these attacks, a cyber criminal gets between the user and the online banking site to intercept the online banking credentials and all other communication between the user’s browser and the site. From there, they can alter and/or add unauthorized transactions to be transferred to an account the criminal then controls. The attack goes unnoticed by the user. A fake page may say the online site is unavailable or make it appear to be working but alter payment information behind the scenes.
    • Counterfeit checks. Cyber criminals may attempt to exploit your business check archiving system to issue counterfeit checks.
    • Malware. Cyber criminals may use malware to access sensitive and proprietary information.

    Resources to Protect Your Business

    Visit the following websites to learn more about how to protect your small business.

    Explore Cyber Security  

    SWITCH TO MARBLEHEAD BANK TODAY.

    We’ve been helping our neighbors succeed since 1871. Switch today and experience true local banking.