Helpful Security Information for You and Your Business
Steps You Should take to Protect Yourself
From protecting your hardware devices, to keeping software updated, to restricting access to sensitive information, to maintaining strong passwords and securely storing or shredding sensitive documents – we all have a responsibility to take steps to ensure security. Identity theft can cost you time and money. When personal information is compromised, your credit can be destroyed and the recovery process can take years. Deter identity thieves by taking care to safeguard your information.
Shred financial documents and paperwork with personal information before you discard them.
Protect your Social Security number. Don’t carry your Social Security card in your wallet or write your Social Security number on a check. Give it out only if absolutely necessary in a secure manner, or ask to use another identifier.
Don’t give out personal information on the phone, online or through the mail unless you know who you are dealing with.
When accessing or sharing personal information online or through a mobile device, first ensure that the network connection is secure.
Never click on links sent in unsolicited emails. Instead, confirm the web address on your own, then type it directly into your browser window. Use up-to-date firewalls, anti-spyware, and anti-virus software to protect your personal computer or laptop. Visit www.onguardonline.gov for more information.
Don’t use an obvious password like your birth date, your mother’s maiden name, or the last four digits of your Social Security number.
Keep your personal information in a secure place at home, especially if you have roommates, employ outside help, or are having work done in your house.
Source: Torrington Savings Bank’s Operational Risk Management Team
Tips for Staying Safe Online
Computer-related crimes affecting businesses and consumers are frequently in the news. While federally insured financial institutions are required to have vigorous information security programs to safeguard financial data, financial institution business customers also need to know how to steer clear of fraudsters.
We recommend the following actions and resources for Torrington Savings Bank customers to protect their information:
Protect Your Computer
Install software that protects against malware, or malicious software, which can access a computer system without your consent to steal passwords or account numbers. Also, use a firewall program to prevent unauthorized access to your PC. While protection options vary, make sure the settings allow for automatic updates.
Take precautions with your tablet or smartphone
Consider opting for automatic updates for your device’s operating system and “apps” (applications) when they become available to help reduce your vulnerability to software problems. Never leave your mobile device unattended and use a password or other security feature to restrict access in case your device is lost or stolen. Make sure you enable the “time-out” or “autolock” feature that secures your mobile device when it is left unused for a certain period of time. Research any app before downloading it.
Be careful where and how you connect to the Internet
Only access the Internet for banking or for other activities that involve personal information using your own laptop or mobile device through a known, trusted, and secure connection. A public computer, such as at a hotel business center or public library, and free Wi-Fi networks are not necessarily secure. It can be relatively easy for cyber criminals to intercept the Internet traffic in these locations.
Use the strongest method available to log into financial accounts
Use the strongest authentication offered, especially for high-risk transactions. Use passwords that are difficult to guess and keep them secret. Create “strong” user IDs and passwords for your computers, mobile devices, and online accounts by using combinations of upper- and lower-case letters, numbers, and symbols that are hard to guess and then change them regularly. Although using the same password or PIN for several accounts can be tempting, doing so means a criminal who obtains one password or PIN can log in to other accounts.
Understand Internet safety features
You can have greater confidence that a website is authentic and that it encrypts (scrambles) your information during transmission if the web address starts with “https://.” Also, ensure that you are logged out of financial accounts when you complete your transactions or walk away from the computer. To learn about additional safety steps,review your web browser’s user instructions.
Be careful when using social networking sites
Cyber criminals use social networking sites to gather details about individuals, such as their place or date of birth, a pet’s name, their mother’s maiden name, and other information that can help them figure out passwords — or how to reset them. Don’t share your ‘page’ or access to your information with anyone you don’t know and trust. Cyber criminals may pretend to be your ‘friend’ to convince you to send money or divulge personal information.
Be suspicious of unsolicited messages
Be suspicious of unsolicited e-mails or text messages asking you to click on a link, download an attachment, or provide account information. It’s easy for cyber criminals to copy the logo of a reputable company or organization into a phishing email. When responding to a simple request, you may be installing malware. Your safest strategy is to ignore unsolicited requests, no matter how legitimate or enticing they appear.
Steps You Should Take to Protect Your Business
In addition to the types of good security practices you should follow as an individual, when it comes to your company, there are additional measures that we recommend to help prevent fraud and enhance your information security:
Protect computers and networks
Install security and antivirus software that protects against malware, or malicious software, which can access a computer system without the owner’s consent for a variety of uses, including theft of information. Also, use a firewall program to prevent unauthorized access. Protection options vary, so find one that is right for the size and complexity of your business. Update the software, as appropriate, to keep it current. For example, set antivirus software to run a scan after each update. If you use a wireless (Wi-Fi) network, make sure it is secure and encrypted. Protect access to the router by using strong passwords.
Require strong authentication
Ensure that employees and other users connecting to your network use strong user IDs and passwords for computers, mobile devices, and online accounts by using combinations of upper- and lower-case letters, numbers, and symbols that are hard to guess and changed regularly. Consider implementing multifactor authentication that requires additional information beyond a password to gain access. Check with vendors that handle sensitive data to see if they offer multifactor authentication to access systems or accounts.
Control access to data and computers and create user accounts for each employee
Take measures to limit access or use of business computers to authorized individuals. Lock up laptops when not in use as they can be easily stolen or lost. Require each employee to have a separate user account and prohibit employees from sharing accounts. Only give employees access to the specific data systems they need to do their jobs, and don’t let them install software without permission. Also, make sure that only employees who need administrative privileges, such as IT staff and key personnel, have them and regularly review their ongoing need for access.
Teach employees the basics
Establish security practices and policies for employees, such as appropriate Internet usage guidelines, and set expectations and consequences for policy violations. Establish a top-down corporate culture that stresses the importance of strong cybersecurity, especially when it comes to handling and protecting customer information and other vital data. Ensure that all employees know how to identify and report potential security incidents.
Train employees to be careful where and how they connect to the Internet
Employees and third parties should only connect to your network using a trusted and secure connection. Public computers, such as at an Internet café, hotel business center, or public library, may not be secure. Also, your employees shouldn’t connect to your business’s network if they are unsure about the wireless connection they are using, as is the case with many free Wi-Fi networks at public “hotspots.” It can be relatively easy for cyber criminals to intercept the Internet traffic in these locations.
Train employees about the dangers of suspicious emails
Employees need to be suspicious of unsolicited e-mails asking them to click on a link, open an attachment, or provide account information. It’s easy for cyber criminals to copy a reputable company’s or organization’s logo into a phishing e-mail. By complying with what appears to be a simple request, your employees may be installing malware on your network. The safest strategy is to ignore unsolicited requests, no matter how legitimate they appear.
Pay close attention to your bank accounts and watch for unauthorized withdrawals
Put in additional controls, such as confirmation calls before financial transfers are authorized with the financial institution. In recent years, there has been an increase in unauthorized electronic transfers made from bank accounts held by businesses. A common scam is an account takeover where cyber criminals use malicious software, such as keystroke loggers, to obtain the IDs and passwords for online bank accounts and then make withdrawals. Another scam called Business Email Compromise, targets businesses by forging payment requests for legitimate vendors and directing the funds to the cyber criminal’s account. Businesses are generally not covered by federal consumer protections against unauthorized electronic funds transfers. Therefore, your financial institution may not be responsible for reimbursing losses associated with theft if negligence on the part of your business, such as unsecured computers or falling for common scams, were factors in the loss.
Watch out for fraudulent transactions and bills
Scams can range from payments with a worthless check or a fake credit or debit card to fraudulent returns of merchandise. Be sure you have insurance to protect against risks. Additionally, ensure that you report any irregularities immediately. Our Positive Pay Service can help you proactively protect yourself from this kind of check and ACH fraud.
How to Spot and Avoid Scams
Scammers can be very convincing, so it’s helpful to know some of the types of tricks they may try so that you can avoid them. It is always better to err on the side of caution before divulging any information. Remember – Scammers may pose as government officials, law enforcement or even a Torrington Savings Bank employee. If you think you may have been approached by a bad actor, please contact us immediately at 860-496-2152
When you bank at Torrington Savings Bank, there are certain things you can count on:
Torrington Savings Bank will NOT request a customers’ personal information through regular email nor provide links within an email to update personal information. If you get such a request, do NOT click any links or use any information provided in the email to contact us.
Torrington Savings Bank employees will NOT ask for your Online Banking Password and we WON’T request that you send us unsecured emails containing your personal or financial information.
You should NEVER give out account numbers, social security numbers, credit card numbers, PINs, CVVs, passwords or passphrases to someone who contacts you claiming to be from Torrington Savings Bank.
Any request like those – whether made in person, over the phone or online from any source, and even if appearing to be Torrington Savings Bank – would NOT be within our policies and should be treated with suspicion, and reported to us immediately at 860-496-2152
Other Resources for Scam and Fraud Prevention Include:
This collaborative educational resource teaches consumers about staying safe online. The Federal Trade Commission (FTC) manages the website in partnership with 15 other governmental agencies.
The Federal Deposit Insurance Corporation can help you protect yourself from identity theft and fraud.
Deter. Detect. Defend. The Federal Trade Commission offers a comprehensive identity theft resource for consumers and businesses.
The FBI provides this resource with information about some of the most common fraud schemes. Getting educated and taking a few basic steps may well keep you from becoming a victim of crime and fraud.
How You Can Report Suspected Fraud Or Identity Theft
Defend against identity theft and fraud as soon as you suspect it. If you believe your Torrington Savings Bank account may be compromised and would like to report possible fraudulent activity, please call 860-496-2152.
Remember fighting crime is a team effort; report it to the Federal Trade Commission at https://reportfraud.ftc.gov even if you didn’t lose any money. It’s important to report a scam, so the FTC can use the information to build cases against scammers.
Additional Steps to Take if You Suspect Identity Theft
Place a “Fraud Alert” on your credit reports
The alert tells creditors to follow certain procedures before they open new accounts in your name or make changes to your existing accounts. The three nationwide consumer reporting companies have toll-free numbers for placing an initial 90-day fraud alert. You only need to call one company for the alert to be put in place: Equifax: 1.800.525.6285 Experian: 1.888.EXPERIAN (397.3742) TransUnion: 1.800.680.7289
Carefully review your credit report
Placing a fraud alert entitles you to free copies of your credit reports. Look for inquiries from companies you haven’t contacted, accounts you didn’t open, and debits on your accounts that you can’t explain.
Close accounts and keep good records of your actions
Close any accounts that have been tampered with or established fraudulently. Contact the security or fraud departments of each company where an account was opened or changed without your okay and follow up in writing, with copies of supporting documents. You can use the ID Theft Affidavit at www.ftc.gov/idtheft to support your written statement. Ask for verification that the disputed account has been closed and the fraudulent debits discharged. Keep copies of documents and records of your conversations about the theft.
File a police report
File a report with law enforcement officials to help you with creditors who may want proof of the crime.
Report the theft to the Federal Trade Commission
Your report helps law enforcement officials across the country in their investigations. Contact The FTC: Online: www.ftc.gov/idtheft By Phone: 1.877.ID.THEFT (438.4338) or TTY, 1.866.653.4261 By Mail: Identity Theft Clearinghouse, Federal Trade Commission, Washington, DC 20580