Security Best Practices
While we work to ensure that a secure environment is provided for Online Banking, there are steps that Online Banking clients should follow to protect confidential information while performing financial transactions online. Though we take every step possible to ensure the security of our system, we are not responsible for any breach of security that is outside our control.
The following Security Best Practices should be exercised by all Online Banking clients:
- Create a strong unique Online Banking password. Select a password that is hard to guess by using random letters, numbers, and symbols. Do not use a word that can be found in the dictionary and do not use readily identifiable information such as your name, birth date, or child's name.
- Do not share your password with anyone else. Keep your password secure.
- Do not use the Save Password option on your computer.
- Change your password regularly. We recommend changing your password every 60 to 90 days.
- Signoff when you have finished your online banking session.
- Run a variety of reputable anti-malware programs on the computer you use to conduct online banking transactions. Schedule full system virus scans at least once per week.
- Use a current Internet browser with 128 bit encryption.
- Update your computer frequently for software updates and patches, especially for the operating system, internet browser, and add-on programs.
- Use personal firewall software or ensure the firewall is enabled on your home wireless router.
- Enable security on your home wireless router.
- Avoid clicking on links or downloading software from unverified or unknown sources.
- Educate yourself on good cyber security practices and how to avoid having malware installed on a computer and how to avoid phishing attacks. Helpful links are provided below.
Mobile Device Security
- When purchasing a smartphone, know the features of the device, including the default settings. Turn off features of the device not needed to minimize the attack surface of the device.
- Depending on the type of phone, the operating system may have encryption available. This can be used to protect the user's personal data in the case of loss or theft.
- With the growth of the application market for mobile devices, users should look at the reviews of the developer/company who published the application.
- Review and understand the permissions you are giving when you download applications.
- Passcode protect your mobile device. This is the first layer of physical security to protect the contents of the device. In conjunction with the passcode, enable the screen lock feature after a few minutes of inactivity.
- Obtain malware protection for your mobile device. Look for applications that specialize in antivirus or file integrity that helps protect your device from rogue applications and malware.
- Be aware of applications that enable geo-location. The application will track the user's location anywhere. This application can be used for marketing, but can also be used by malicious actors, raising concerns of assisting a possible stalker and/or burglaries.
- Jailbreak or rooting is used to remove certain restrictions imposed by the device manufacturer or cell phone carrier. This allows the user nearly unregulated control over what programs can be installed and how the device can be used. However, this procedure often involves exploiting significant security vulnerabilities and increases the attack surface of the device. Anytime an application or service runs in "unrestricted" or "system" level within an operation system, it allows any compromise to take full control of the device.
- If you decide to sell your device or trade it in, make sure you wipe the device (reset it to factory default) to avoid leaving personal data on the device.
- Smartphones require updates to run applications and firmware. If users neglect this, it increases the risk of having their device hacked or compromised.
- Use the same precautions on your mobile phone as you would on your computer when using the Internet.
Business Best Practices
- Download and install the Secure Browser required by us to perform your Cash Management transactions.
- Request an IP address restriction on your account so that only the computer(s) you authorize can perform transactions on your account.
- Enable email alerts to advise you of events such as ACH batches initiated, ACH batches processed and Wires transmitted.
- Perform transactions on a dedicated computer that is not used for email or Internet surfing.
- Follow recommendations from your network administrator and/or IT consultant.
Additional Best Practices
- Avoid using public computers or public wireless access points to perform transactions. If you must use a wireless network, only use a secure wireless connection.
- Enable email alerts to advise you of outgoing funds transactions.
- Monitor transactions on your accounts daily and immediately report any irregularity to your banker.