The ABCs of staying safe online and preventing fraud

• Did you click on a link or open an attachment in a phishing email?
• Did you share sensitive information during an unsolicited phone call?
• Have you noticed any unexpected activity in your bank account?

1. Install updates. By regularly updating your operating systems, software and mobile apps, you’re adding an additional level of protection against fraud. We also recommend using up-to-date antivirus software on your computer.
   
   
2. Set strong passwords. An effective password is quite long (the closer it gets to 21 characters, the stronger it is). You should use a different password for each of your online services (email, bank accounts, social networks, etc.). Use an online password manager to store all your passwords in a secure place. If a website offers multi-factor authentication (MFA), we recommend using it for increased security, especially for sites that store any financial or other sensitive information.
   
   
3. Watch out for phishing scams. Phishing is when hackers use fraudulent emails or websites to trick users into disclosing private account or sign-in details. Don't click on links or open any attachments or pop-ups from sources you aren’t familiar with. If you accidentally click on a link or open an attachment that contains suspicious content, run your anti-virus software and consider restoring your computer from a backup dated before the link was clicked or the attachment opened.
   
   
4. Don't disclose your personal information. Hackers may create social media profiles and use them to attempt to guess your password or answer the security questions used in password reset tools. Lock down your privacy settings and avoid sharing information like birthdays, addresses or your mother's maiden name. Be wary of friend requests from people you don't know.
   
   
5. Secure your mobile devices. Use a password to lock your smartphone and other devices. This will make it harder for fraudsters to access your information if your device is lost or stolen. Before you give away, sell or trade a mobile device, make sure you wipe its contents using specialized software or the procedure recommended by the manufacturer. Some software enables you to wipe your device remotely if it’s lost or stolen.
   
   
6. Secure your internet connection. Always protect your home wireless network with a password. When connecting to public Wi-Fi networks, be cautious about what information you send over them.
   
   
7. Shop safely. Before making purchases online, make sure that the website uses secure technology. At the checkout screen, check that the web address begins with https rather than http: this indicates that the website is encrypted. Also, check to see if a locked padlock icon appears on the address bar.
   
   
8. Read the site's privacy policy. Though it may be long and complex, the privacy policy tells you how the site protects the personal information it collects and the rights you have to manage the use of your personal information.

Cybercriminals are targeting small businesses with increasingly sophisticated attacks. Criminals use spoofed emails, malicious software spread through infected attachments and online social networks to obtain sign-in credentials for business accounts, transfer funds from the accounts and steal private information. This type of fraud is referred to as "corporate account takeover."

You can shield your company from attack through a strong partnership with your financial institution.

You must understand and implement the security measures detailed in your account agreement with your bank. If you don't, you could be held liable for losses resulting from an account takeover.

Here's some advice to help you strengthen the security of your business:
 

1. Educate your employees. You and your employees are the first line of defense against corporate account takeover. A strong security program paired with employee training about the warning signs, safe practices, and responses to a suspected takeover are essential to protecting your company and customers.
   
   Don't have an internal training program? Discover the Cybersecurity awareness kit that National Bank of Canada created in partnership with Cybereco^TM to help you train your employees.
   
   
2. Protect your online environment. It’s important to protect your online environment just as you would your cash and your premises. Always use internet connections that are secured by a password, at the very least. Encrypt sensitive data and regularly update your antivirus software. It’s also important to use complex passwords and change these passwords periodically.
   
   
3.  Partner with your financial institution to help prevent unauthorized transactions. Speak to your banker about programs that can help safeguard you from unauthorized transactions. Call backs, device authentication and multi-person approval processes can help protect you from fraud.
   
   
4. Pay attention to suspicious activity and react quickly. Look out for unexplained account or network activity, pop-ups and suspicious emails. If detected, immediately contact your financial institution, stop all online activity and deactivate any systems that may have been compromised. Keep a record of what happened.