Guide to FHB Online Business Center

General Information

Security

So the threat is real! What can you do to prevent it? For your protection, we encourage you to review the following Best Practice Fraud Precautions:

1. Raised awareness of the BEC scam has helped businesses detect the scam before sending payments to the fraudsters. On-going training and reminders of the evolving threats of cyber-crime are crucial in preventing these frauds. Please share this information with your employees, customers, family and friends. 2. Review your bank account transactions daily. Contact FHB immediately if you detect any unauthorized transactions. Immediately cease all activity on any computer or device that you suspect may have been compromised. 3. Establish a segregation of duties so that individuals who have the responsibility for initiating wire or ACH transfers cannot approve or release those transfers. 4. Question and verify / confirm any wire, ACH or other transaction requests received over email, even internally since the sender may be a victim of BEC. This is why FHB does NOT accept wire, ACH or other transaction requests over email. 5. For all computers (PCs and network servers) that access financial websites, such as FHB Online Business Center (OBC), install a security software suite from a reputable vendor that includes detection for viruses, spyware, malware and adware, as well as firewall protection. Use the automatic software update feature and configure it to perform complete system scans on a routine basis. Use a designated computer for financial transactions only, if possible. 6. Create intrusion detection system rules that flag e-mails with extensions that are similar to company email. For example, legitimate e-mail of abc_company.com would flag fraudulent email of abc-company.com. 7. Ensure that your operating system and application software, such as Microsoft Office, Adobe Flash, Adobe Acrobat/Reader etc., are updated. Install any software and hardware updates immediately when made available. 8. Computers used to access OBC should be blocked from personal email accounts (such as Yahoo, Google, and Hotmail) and social networking websites where documents infected with viruses can be downloaded. 9. Whenever possible, do not use a wireless network for financial transactions. If a wireless network must be used, enforce latest security measures such as enabling encryption (e.g. WPA2 is preferable to WPA, do not use WEP) and MAC address filtering, changing the service set identifier (SSID) and turning off SSID broadcasting. 10. Do not click on a link to reach your financial institution, especially when listed in emails and search engines. Instead, type the bank’s website address into the Internet browser’s address bar every time. Do not open emails, click on links or open attachments sent with emails from an unknown person or organization. Input your OBC security token code only when prompted after selecting the “Release” button. If you are prompted to enter your security token code at any other time, immediately log out and contact our Cash Management Department.

5