Strategies to Protect Personal Information
Required Security Procedures - Business Online Banking Customers
- Business online banking customers must develop a written security policy and procedures designed to protect the network from unauthorized access (i.e. data breach) and avoid disclosing Protected Information (i.e. account numbers, social security numbers, etc.).
- Install a security software suite that includes antivirus, anti-spyware, malware, and adware detection from a reputable vendor. You must keep the software up-to-date through an automatic update feature and configure it to perform recurring, automated complete system scans on a routine basis. This will help to protect a computer against known viruses, malware, and adware; but you are advised that many viruses, malware, and adware programs are undetectable by antivirus software.
- Business online banking customers must enable a firewall and install the latest security updates.
- Restrict and control usernames and passwords. Usernames and passwords should not be shared; they should be protected and securely maintained. Failure to secure usernames and passwords creates risks of identity theft and unauthorized access.
- Change passwords on a regular basis.
- Create strong passwords that include a combination of letters, numbers, and special characters.
- Routinely install all new software and hardware patches or use the automatic update feature when available. Ensure all your software, including its operating system and application software, are updated.
- Review bank transaction histories daily. You must immediately report to the Bank any suspicious activity in your accounts. There is a limited recovery window, and a rapid response may prevent additional losses.
- Report suspected fraudulent activity to the Bank and the proper authorities immediately.
Recommended Security Procedures - All Customers
- Be suspicious of unsolicited phone calls, visits, or email messages asking for sensitive information, offering deals that are “too good to be true,” or compensating you for assisting someone with moving funds.
- Never reveal personal or financial information in email; and never respond to email solicitations or hyperlinks for this information.
- Visit websites by manually typing the URL into the browser’s address bar instead of clicking on a link in an email.
- Never send sensitive information over the Internet before checking a website's security (Verify “https:”).
- Pay attention to the URL of a web site. Malicious web sites may look identical to a legitimate site, but the URL may use a variation in spelling or a different domain (e.g., .com vs. .net).
- Verify any suspicious email or information request by contacting the company directly.
- Do not use contact information provided on a website connected to a request; instead, check previous statements for contact information.
- Check for known “Phishing” sites with groups such as the Anti-Phishing Working Group (http://www.antiphishing.org).
- Whenever possible, do not use an unsecured wireless network for financial transactions.
- Be cautious when accessing bank, brokerage, or other financial institution information at Internet cafes, public libraries, hotel business centers, or other public shared computers. If possible, be sure to clear browsing history, cookies, and temporary internet files as sensitive information can be retained in these shared systems.
- Business online banking customers should consider establishing daily transaction limits for all online transactions.
- When accessing First Columbia's Online Banking System, make sure the First Columbia web address is in a secure "Green Bar." This "Bar" is an Extended Validation Certificate that will verify that you are on First Columbia Bank & Trust Co.'s website – www.firstcolumbiabank.com. The letters https: should appear in front of the URL address as well.
- Business online banking customers should strongly consider initiating ACH and wire transfers under dual control, with a transaction originator and a separate transaction authorizer.
- Business online banking customers are encouraged to periodically perform a risk assessment and controls evaluation and establish internal policies related to employee use of the internet.
These Security Procedures are for information purposes and are not intended to provide legal advice. This guidance should not be considered an exhaustive list of actions. Security threats change constantly. It is your responsibility to thoroughly investigate, implement, and update appropriate security protocols. You should engage professional technical advice to assure proper implementation of security procedures on an ongoing basis.