Green hero banner with Stockman S in green

Online Security Awareness

 
white silhouette of a mountain range

ACH Security Awareness

Online security is important for the success of your business. A data breach can lead to the loss of customer trust, the possibility of a lawsuit and could even lead to the loss of your business. The security of your online business information is also very important to Stockman Bank. We want to provide you with information you can use to defend your business from hackers, phishers, scammers and others who want to steal your information or funds.

As stated in the Cash Management Services Agreement (ACH Service Exhibit) you signed for use of Stockman Bank ACH Services:
“You agree to receive, store, and transmit data relating to this service in a secure manner using up-to-date, commercially-reasonable measures to protect against breaches.”
It is your responsibility to make sure your employees are kept up-to-date on security training, that ACH information is properly stored and that you have a plan in case of a security breach.
 
Below are some statistics provided by the U.S. Department of Justice in 2016 that will shed some light on the importance of security procedures within your business.
  • 48% of data breaches were the result of actions by negligent employees or contractors
  • In the aftermath of these incidents, these companies spent an average of $879,582 for damage or theft of IT assets. In addition, disruption to normal operations cost an average of $955,429*(This does not include legal fees or payouts due to lawsuits)
  • 60% of small companies go out of business within six months of a cyber attack.
 
According to NACHA Operating Rules and Guidelines, you are also required to protect sensitive and confidential business information you obtain from employees, business suppliers and other individuals. Below is a list of easy ways to protect your business.
  • Store any ACH related information (Authorization forms, checks used for authorization, formatted files, flash drives with ACH information etc.) in a locked area
    • A locked room, file cabinet or desk drawer.
  • Only employees with ACH related job duties have access to ACH related information
  • Keep employees up to date on security related training
    • Password security
    • Social engineering (e.g. phishing via email or phone)
    • Acceptable use policies for internet and email
    • Security of mobile devices/laptops when traveling
  • Have a plan of action for responding to data breaches
    • Call Financial Institution, Legal Counsel, law enforcement, affected customers/employees
  • Physical security includes:
    • Lock backup drives and other removable media
    • Limit staff access based on job duties
    • Clean desk policy
    • Office security systems or alarms
  • Digital security includes:
    • Unique access IDs for each employee
    • Strong passwords
    • Restricted access to files on network depending on job duties
    • Updated anti-virus and anti-malware programs
    • Firewall for office network
    • Restrictions on types of internet sites that can be used
    • Secure email for communications with customers/employees when sensitive information is being transmitted
    • “self-destruct” or “remote clean” ability for lost or stolen mobile devices
  • When/If you hire outside computer/internet software contractors:
    • Research potential new companies (financial history, references, internet search)
    • Contract review regarding data security practices and confidentiality
    • Find out how a service provider would notify you of a possible data breach and action plan

We have also listed two online brochures with helpful information about security, fraud and how to further protect your business. Please take a moment to review the information. If you have any questions please contact your local Cash Management Specialist or Cash Management Support at 1(855) 818-4517.
 
Informational Online Pamphlets:
Small Business Scams
Protecting Personal Information: A Guide for Business