At Two River Community Bank, the security of your personal information is our priority. As identity theft and privacy invasions become more complicated and prevalent online, it is important to understand the basics of cybersecurity to keep your device, your finances and your identity safe. Consider the following tips as you browse, communicate and work online.
Remember that if you suspect fraudulent activity related to your Two River Community Bank account, please contact us as soon as possible.
- Be Suspicious of Unsolicited Communications: If you are unsure whether an email or phone call requesting any of your information is legitimate, try to verify it by contacting the company directly. Do not use contact information provided on a website connected to the request or communication; instead, check previous statements or another trusted source for contact information.
- Protect Yourself from Phishing: Never open emails from unknown senders. If you open a questionable email, do not click on links. Verify the legitimacy of emails by visiting the company’s website or contacting the company using contact information outside of the questionable email. If you think you’ve received a phishing scam, delete the email message.
- Protect Yourself from Ransomware: Ransomware is a type of malware that can lock you out of your system or encrypt your files until you pay a “ransom” to resolve the issue. Secure your data by backing up your information on an external or cloud drive.
- Invest in Security Tools: Have security software installed and regularly updated. With thousands of new malware variants running every day, having a set of old virus definitions is almost as bad has having no protection. Regular system scanning through your security tool is also a best practice to identify any issues early.
- Keep Software Updated: This includes the operating system, the browser and all of the plug-ins that a modern browser typically uses. One of the most common infection vectors is a malicious exploit that leverages a software vulnerability. Keeping software up-to-date helps minimize the likelihood that your system has an exposed vulnerability on it.
- Limit the Personal Information You Share Publicly: It can be tempting to share vacation plans or other personal details on social media, but criminals can leverage your schedule or routine to their advantage. If a friend posts information about you, make sure the information is something that you are comfortable sharing with strangers.
- Use Privacy and Security Settings: Many programs, apps and websites give you control of the information you share (or the company shares) with the general public online. It may not be exciting, but reviewing these settings and all fine print should be regular practice.
- Be Mindful of Your Network: Do not make any transactions or access any personal information while on a public network. You can view network information on most major operating systems. Maintain the same vigilance you would on your computer with your mobile device.
- Be Selective with Apps: Download apps only from reputable sources or marketplaces. If app reviews from other users are available, consider other users’ experiences while remaining aware that not all reviews may be objective. In all cases, carefully review app permissions before installation.
- Secure Your Mobile Device: Use a passcode or another verification system to unlock your mobile device. Consider downloading a finder app or talking to your carrier about options available to locate and disable your device in the event it becomes lost. If selling your device, be sure to restore the device to factory setting before it changes hands.
- Practice Good PIN and Password Security: When selecting a Personal Identification Number (PIN) or password, never use important numbers associated with anniversaries, birth dates, social security numbers and the like. Your answers to security questions should also not be commonly known.
Small Business Cybersecurity Tips
In addition to the tips above, the following tips can help protect you, your coworkers and your customers as you perform business functions.
- Understand Business Email Compromise (BEC): BEC is a sophisticated scam targeting businesses working with foreign suppliers and/or businesses that regularly perform wire transfer payments. In a BEC, legitimate business email accounts are compromised through social engineering or computer intrusion techniques and are then used to conduct unauthorized transfers of funds. Minimize your risk of BEC with the following steps.
• Create intrusion detection system rules that flag emails with extensions that are similar to company email. For example, legitimate email of abc_company.com would flag fraudulent email of abc-company.com.
• Register all company domains that are slightly different than the actual company domain.
• Verify changes in vendor payment location by adding additional two-factor authentication, such as a secondary signoff by company personnel.
• Confirm requests for transfers of funds. When using phone verification as part of the two-factor authentication, use previously known numbers, not the numbers provided in the email request.
• Know the habits of employees and customers, including the details of, reasons behind, and amount of payments.
• Carefully scrutinize all email requests for transfer of funds to determine if the requests are out of the ordinary.
- Assume Everyone Can See Your Browsing History: In fact, many employers will actively monitor browsing activity. Only visit websites for which you have a legitimate need when doing work for your organization.
- Do Not Fall Victim to Social Engineering: Do not give out information about fellow employees, remote network access, organizational practices, or business strategies to people you do not know without verification.
- Have a Plan: Cyberattacks and destructive malware present threats to an organization’s daily operations and business continuity. Having a continuity plan is as important as proactively preventing malware and other cyberattacks. Consider including the following items in your plan:
• Regular data backups and system scans.
• Scheduled software updates and patches.
• Structured dissemination of cybersecurity policies to employees.
• Instructions for employees to continue operations, as well as instructions to address or route inquiries from the press.
• Procedures to verify third-party providers are protected. One of the ways companies are most vulnerable to cyberattacks is through an insecure third-party service provider. Additional information is below.
- Manage Third Party Risks: Leverage your contract and regulatory requirements. Key areas of concern include:
• Performing regular due diligence of your third party service providers, as well as their outsourced vendors.
• Verifying vendor controls. Validate that the controls are in line with your written contract meeting your requirements.
• Certifying that the service provider is adhering to the agreed upon contingency plan that outlines the required operating procedures in the event of business disruption.
• Enforcing the right of the institution and its regulatory agencies to obtain the results of audits in a timely manner. Vendor managers should closely monitor the financial, technical and competiveness of their vendors.
Again, if you suspect fraudulent activity related to your Two River Community Bank account, please contact us as soon as possible.