• Products and Services
    • Cash Management
    • Trade Finance
    • Forex Trading
    • Investor Services
    • Channel Services
    • Trade Suite
    FX Trading
    Forex (FX) Trading with Business Online
    A real-time tool for companies dealing in foreign exchange.
    Find out more
    • Trade Finance Trade Finance solution provides Documentary Trade and Open Account Trade Finance (OATF) facilities to our Business Online clients. Learn More
    International Payments
    Transfer electronic funds reliably
    Process your cross-border payments and transfer funds between your Foreign Currency accounts.
    Find out more
    • FX Trader The FX Trading component on Business Online is a real-time tool for companies dealing in foreign exchange. It allows for online dealing and management of trades and provides instant access to forex rates.   Learn more
    BOL SA App
    Convenient Banking
    Enjoy simple and convenient banking at your fingertips with the Business Online SA Mobile App
    Find out more
    • Custody and Security Services Manage your investment portfolio with Investor Services Online and keep full control over your transactions. Access and control your entire investment custody profile and monitor all securities flows from trade instruction to final settlement.  Learn More
    Trade Finance
    Transact easily
    Trade Finance solution provides Documentary Trade and Open account trade finance (OATF) facilities to our Business Online clients.
    Find out more
    • BOL SA App The Business Online SA Mobile App provides you with simple and convenient banking at your fingertips. Learn More
    • Self Administration

      The Operator and Limits maintenance self-service capability puts the control in your hands enabling you to manage your business needs

       Learn More
    • Order management Track the progress of transactions throughout the system, with order management, and approve, amend or delete them as required, saving you time and managing risk. Learn More
    • Full Transactional Feedback This service provides detailed feedback on your transactions. You can view failed transactions, print consolidated reports and update the status of a transaction according to a list of failed reasons. Learn More
    Trade Suite on Business Online is a central digital hub that gives you access to a range of trade and working capital requirements. The platform allows you to digitally apply and transact with multiple trade solutions.
     
  • Security Centre
  • Help and Support
  • About us
Global
Download Business Online Desktop Application Business Online International Trade
Internet Banking
Business Online
Overview
Products and Services
Products and Services
Cash Management
Liquidity Management and Account Services
Domestic Payments and Collections
International Payments
Trade Finance
Trade Finance
Forex Trading
FX Trader
Investor Services
Custody and Security Services
Channel Services
Accessibility
BOL SA App
Host to host and Corporate Swift
Self Administration
Order management
Full Transactional Feedback
Trade Suite
Security Centre
Security Centre
Help and Support
Help and Support
About us
About us
Corporate and Institutions
Business Banking
Contact us

Be savvy about Online Security

Security breaches constantly make the headlines. That’s why it is critically important to ensure that your data is secure. Always remember that we will never ask you to update personal information like PINs or passwords via an email or over the phone.

ONLINE SECURITY TIPS
  • The basic principle of IT security is to not be impregnable, or to be 100% secure
  • 100% security isn’t something to strive for, nor is it often practical
  • Aim to be better than the next target. Focus not only on preventing cyber-crime but also on being ready to detect it when it takes place and to respond to it when it happens

Awareness

  • People are the weakest link in any organisation
  • Create and enforce awareness programs. Themes should include common threats that are being seen in the wider IT environment:
  • Phishing
  • Malware
  • Mobile security
  • Social engineering

Credential Management

  • Implement 2-Factor Authentication where possible
  • Avoid storing passwords in clear text
  • Implement a password policy that is in line with international best practice
  • Passwords need to be hashed and salted before being stored
  • Enforce the password policy on all systems in your environment
  • Exercise additional controls to protect authentication data
  • Password cracking is real and available; ensure the appropriate flags are raised to protect your organisation from brute force attacks
IMPLEMENT SECURITY POLICIES

Access control

  • Ensure accountability for all accounts to your applications and infrastructure
  • Review all access monthly at a minimum
  • Provision access on a least privileged basis
  • Determine effective access for the systems and infrastructure in your organisation
  • Exercise additional controls over privileged user and system accounts
  • Attacks are traditionally performed on behalf of an authenticated user

Physical security

  • All access to your organisation needs to be authenticated and controlled
  • Ad hoc access needs to be attested to by an accountable permanent employee
  • Staff should display company issued identification
  • Be aware of the level of information that is openly displayed or available
  • Consider the use of additional access control around sensitive environments
  • Social engineering is often the easiest way into any organisation

Network security

  • Protect your payment files from point of origination to point of exit
  • Conduct reviews of your firewalls and external facing systems annually, at a minimum
  • Terminate all external connections within your DMZ
  • Consider the use of a sandboxed environment to scan received files
  • Consider segregating core or critical systems from the rest of your network
  • Standard Bank South Africa provides encrypted communications between your network and ours, but control of the source is within your domain

Operational security

  • Ensure patch levels of systems and infrastructure is at an (n-2) level at a minimum
  • Keep an up-to-date asset register of all hardware and software, including open systems, in your organisation
  • Implement anti-virus on Wintel systems and ensure open systems are kept up-to-date
  • Scan any attachments or files introduced into your environment for malware or viruses before opening them
  • It does not help to update Windows on your laptop without updating Java

Logging

  • Ensure that all these events are logged at a minimum:
  • Authentication and authorisation events
  • Provisioning and de-provisioning of user or system accounts, account locking, unlocking and password resets or changes
  • Granting, modifying, or revoking access rights to a user, file or object
  • Log all privileged user activity on systems and infrastructure
  • Log all system and application configuration changes
  • All logs should be stored remotely from where they are generated, without the capability to overwrite or edit
KEEP SYSTEMS AND SOFTWARE UP TO DATE

Business Continuity Planning (BCP)/Disaster Recovery (DR)

  • Backup your important data to a remote/offsite server
  • Segregate your important backups from the rest of your network
  • Create restore points where applicable
  • Test your DR plan on an annual basis at a minimum
  • Identify and remediate against single points of failure in your systems and in your organisation

Remember that availability and continuity are key pillars of IT security

  • ONLINE SECURITY TIPS
  • IMPLEMENT SECURITY POLICIES
  • KEEP SYSTEMS AND SOFTWARE UP TO DATE
  • The basic principle of IT security is to not be impregnable, or to be 100% secure
  • 100% security isn’t something to strive for, nor is it often practical
  • Aim to be better than the next target. Focus not only on preventing cyber-crime but also on being ready to detect it when it takes place and to respond to it when it happens

Awareness

  • People are the weakest link in any organisation
  • Create and enforce awareness programs. Themes should include common threats that are being seen in the wider IT environment:
  • Phishing
  • Malware
  • Mobile security
  • Social engineering

Credential Management

  • Implement 2-Factor Authentication where possible
  • Avoid storing passwords in clear text
  • Implement a password policy that is in line with international best practice
  • Passwords need to be hashed and salted before being stored
  • Enforce the password policy on all systems in your environment
  • Exercise additional controls to protect authentication data
  • Password cracking is real and available; ensure the appropriate flags are raised to protect your organisation from brute force attacks

Access control

  • Ensure accountability for all accounts to your applications and infrastructure
  • Review all access monthly at a minimum
  • Provision access on a least privileged basis
  • Determine effective access for the systems and infrastructure in your organisation
  • Exercise additional controls over privileged user and system accounts
  • Attacks are traditionally performed on behalf of an authenticated user

Physical security

  • All access to your organisation needs to be authenticated and controlled
  • Ad hoc access needs to be attested to by an accountable permanent employee
  • Staff should display company issued identification
  • Be aware of the level of information that is openly displayed or available
  • Consider the use of additional access control around sensitive environments
  • Social engineering is often the easiest way into any organisation

Network security

  • Protect your payment files from point of origination to point of exit
  • Conduct reviews of your firewalls and external facing systems annually, at a minimum
  • Terminate all external connections within your DMZ
  • Consider the use of a sandboxed environment to scan received files
  • Consider segregating core or critical systems from the rest of your network
  • Standard Bank South Africa provides encrypted communications between your network and ours, but control of the source is within your domain

Operational security

  • Ensure patch levels of systems and infrastructure is at an (n-2) level at a minimum
  • Keep an up-to-date asset register of all hardware and software, including open systems, in your organisation
  • Implement anti-virus on Wintel systems and ensure open systems are kept up-to-date
  • Scan any attachments or files introduced into your environment for malware or viruses before opening them
  • It does not help to update Windows on your laptop without updating Java

Logging

  • Ensure that all these events are logged at a minimum:
  • Authentication and authorisation events
  • Provisioning and de-provisioning of user or system accounts, account locking, unlocking and password resets or changes
  • Granting, modifying, or revoking access rights to a user, file or object
  • Log all privileged user activity on systems and infrastructure
  • Log all system and application configuration changes
  • All logs should be stored remotely from where they are generated, without the capability to overwrite or edit

Business Continuity Planning (BCP)/Disaster Recovery (DR)

  • Backup your important data to a remote/offsite server
  • Segregate your important backups from the rest of your network
  • Create restore points where applicable
  • Test your DR plan on an annual basis at a minimum
  • Identify and remediate against single points of failure in your systems and in your organisation

Remember that availability and continuity are key pillars of IT security