ONLINE BANKING CUSTOMER SECURITY AWARENESS


 

Scammers, hackers, and identity thieves are looking to steal your personal information – and your money.  Threats such as computer viruses, account takeovers, and identity theft increase with the use of the Internet.  But there are steps you can take to protect yourself, like keeping your computer software up-to-date and giving out your personal information only when you have a good reason.  Customers should implement the following controls to reduce the risk of these threats:

 

 

Computing Security Practices and Protection for customers accessing their account information via the Internet:

           Password Practices (All Customers)

  1. Change passwords at least every 90 days.
  2. Create a strong password with at least 10 characters that includes a combination of mixed case letters, numbers, and special characters.
  3. Ensure that your account information and security responses are not written where they can be seen or accessed by others.  If the information must be written down, it should be secured under lock and key when not being used.
  4. Never share your user ID or password with anyone for any reason.  If it is compromised, contact us to have the ID and/or password disabled or reset.
  5. Secure your computers with a password protected screensaver that has a timeout feature activated after no more than 15 minutes.
  6. Avoid using an automatic login feature that saves usernames and passwords for online banking.

           Operating System Protection (All Customers)

  1. Ensure that you use current anti-virus and anti-spyware products to protect yourself against malicious software that is created for the specific purpose of gathering information such as user ID, password, and other critical information that may be stored on your computer.
  2. Ensure that you have a patch management solution that keeps your computer software current and can further mitigate new vulnerabilities to which your computer may have been exposed.
  3. Install a dedicated, actively managed firewall, especially if you have a broadband or dedicated connection to the Internet, such as DSL or cable. A firewall limits the potential for unauthorized access to a network and to computers.
  4. Practice safe internet use. Never click on pop-up messages or links to applications contained in emails. Try to get into the habit of manually going to links that are sent to you. It is estimated that over 80% of malware is obtained from clicking on pop-up ads.
  5. Be suspicious of emails claiming to be from a financial institution, government department, or other agency requesting account information, account verification, or banking access credentials such as usernames, passwords, PIN codes and similar information.
  6. Use caution when opening attachments and ensure they were sent from a trusted source.
  7. Consider designating a "locked down" PC to accommodate only your online banking transactions. This computer should not be used for email or any other internet activities. This precaution should minimize the opportunity to download malware.
         General Business Practices (All Customers)
  1. Reconcile your banking transactions daily and look for unusual small amounts such as penny transactions. This may be an indication that your account has been compromised and a fraudulent plan is in progress.
  2. Never access bank, brokerage, or other financial services information at internet cafes, public libraries, etc. Unauthorized software may have been installed to trap account numbers and sign on information leaving you vulnerable to fraud.
  3. Immediately escalate knowledge of any suspicious transaction to the Bank, particularly if these transactions are ACH or wire transfers. There is a limited recovery window for these transactions and immediate escalation may prevent or minimize further loss.

General Business Practices (Commercial Customers)

  1. Review this information with your IT department or IT consultant and evaluate how your systems may be vulnerable to this risk. Perform a risk assessment periodically to determine if your organization is protected against identified threats.
  2. Dual control procedures should be in place for high risk transactions such as electronic funds transfers. This includes automated clearing house (ACH), Online Banking transfers, and wire transfers.
  3. Talk to your insurance provider about adding cyber insurance terms to your business insurance policy.
  4. Change passwords at least every 90 days and every time an employee leaves the company.


For more information on how you can be protected, visit http://www.onguardonline.gov.

             

 

Microsoft Support ending for Windows XP and Office 2003

What happens if I keep using my XP system?

Your computer will continue to operate as it does today. Only the support for security patches and software support will end.
After support ends for Windows XP, Microsoft will not release security patches for vulnerabilities in Windows XP. These vul-nerabilities are used by cybercriminals to compromise computers. You will not be able to patch for known vulnerabilities making your risk of a compromised computer much higher.
In addition, if you have issues with hard-ware and software running on the computer, Microsoft will not provide support to reme-dy those issues.
Your largest concern should be increased probability of a system compromise. It is reported that cybercriminals are storing up their Windows XP attacks to release after the support ends.

How will this affect my XP system?

Microsoft ended support for the windows XP operating system and Office 2003 prod-uct line on April 08, 2014. After this date, these products will no longer receive:
? Security patches which help protect PCs from harmful viruses, spyware, and other malicious software
? Assisted technical support from Mi-crosoft
? Software and content updates

Who should by concerned?
This issue effects anyone who uses a Win-dows XP computer or Office 2003. However, those who use their computer for the fol-lowing are at a higher level of risk:
? Business or consumers using online banking
? Store or transmit sensitive data
? Make online purchases


As a small business, what should concern me?
Computer systems running unsupported soft-ware are exposed to an elevated risk to cyber-security dangers, such as malicious attacks or electronics data loss. Government agencies and regulatory boards have issued statements warning businesses regarding security risks, legal compliance issues, and additional liabil-ity for data breaches.

What can I do to resolve these risks?
Microsoft suggests that you upgrade your soft-ware to a supported version, if your hardware meets the minimum requirements. Please review the Microsoft resources for more infor-mation and other frequent asked questions.

What should I do if I MUST continue to use an unsupported product?
If continued use is required, use safe networking practices, such as maintaining firewalls and other front line network protections. The SANs resource provided in this guide has excellent information regarding protective con-trols which can be used to reduce your risk.

How can I make migration as seamless as possible?
Microsoft is offering free file transfer services at their website, which can be found in the ad-ditional information section. This service will only work on folders and files, such as spreadsheets, documents, and images but will not transfer applications, such as Office.

What Operating System should I replace XP with?

[Microsoft Operating System Market Share Globally]


Migrating to Windows 8—8.1 is not required, but will offer the longest period of time without having to undergo another system migration.

Additional Information:
Microsoft Support Information: http://www.microsoft.com/en-us/windows/enterprise/endofsupport.aspx

US-CERT Notification: https://www.us-cert.gov/ncas/alerts/TA14-069A-0

SANS Securing The Human Newsletter: http://www.securingthehuman.org/newsletters/ouch/issues/OUCH-201403_en.pdf

Microsoft XP File Transfer Service:http://www.microsoft.com/windows/en-us/xp/transfer-your-data.aspx

Peoples Bank wants to help protect our customers and their valuable information by offering security awareness. Our goal is to educate employees and customers on the importance of protecting electronic data.
This is meant as an informational and awareness guide and does not provide absolute security by utilizing the provided information. Peoples Bank does not as-sume responsibility for information within this document or consequences for using said information. All logos and product trademarks are property of their respective owner.