My friend had me evaluate there tech structure security wise. (I am more hardware then software, and i’m doing this as a favor to him) His concern is he has business logins for banks and such but how should he manage it email wise? Should he make a new user so that the bank login for his business is Chase@companyname.com
If I were a business I would ask the Bank how they would like to be interacted with. Doubt the form of login makes any difference, just who has access to that login, the password entropy, 2FA, where it’s stored etc.
Having worked in Banks my experience is if there is a budget it will get done, whether it’s done competently is a whole different matter, account holders don’t matter.
Better to tell your friend to improve processes (and its adherence), it’s where most Business functions I’ve seen fail.
Having separate email addresses for each login can be handy especially when trying to figure out who provided your email to junk mail lists. It also makes it just a bit harder to guess what the log in name is.
So what should there usernames be? Like Username@companyname.com
making it something like chase@companyname doesn’t sound secure. maybe a custom username with a mix of letters and numbers would be better?
I would not go that far, usernames are frequently dumped out publicly when places are hacked. More important would using a good password manager and 2fa.
Improving processes are really easy, first map and document your processes !
There is a popular scam in the UK whereby people who are in the process of buying a house are told by the “Bank” their account numbers / email addresses / contacts have changed … then low and behold you have just lost 100k deposit and the Bank has no idea what you are talking about !
Your friend needs to protect his reputation and assets, his bank doesn’t care so processes and controls and procedures are super important but not sexy at all.
So I think i get what you are saying. I guess best place to start would be securing all accounts.
Gmail supports adding a plus to your email - you can set it to firstname.lastname@example.org. However sometimes when you enter this as an email, you’ll get an error (YMMV).
There should be an out-processing for people who interact with the banks and such, and in there should be the transfer of ownership. Not just access to the email account, but literally transferring the role from email1 to email2. Sometimes just owning the email is not enough to access services - some banks require you use a certificate to log into the wire-transfer portals. There needs to be something in the employee agreement as well, so in the event of a walkout they can be held liable. High level jobs should have high level liability / accountability.
That’s Genius, Working upon what you said I found that chase offers " Chase Access & Security Manager" Specifically tailored for businesses . Where bookkeepers and accountants can have their own id login and password.