Security

1. BE WARY WHEN SOMEONE INSTRUCTS YOU TO DOWNLOAD
   AN APP ON YOUR PHONE. A new scam has recently been unveiled where scammers create fake apps and trick you into downloading them to gain access to your device and information. Make sure any app you download is legitimate. When in doubt, do some research: visit the app website, check its ratings. Be aware that even legitimate apps can be used fraudulently so be cautious!
2. NEVER GIVE OUT YOUR ACCOUNT INFORMATION OR SECURITY CREDENTIALS, EVEN IF YOU THINK YOU KNOW WHO IS ASKING FOR IT. We cannot say this enough times! The Bank will never contact you by telephone, text or email requesting you provide personal information such as your account number, debit card number, online banking login information, social security number or personal identification number (PIN). If you call us, however, you will be asked to verify confidential information.
3. BE CAUTIOUS ABOUT CLICKING ON LINKS IN TEXTS, EMAILS, POP-UPS OR ADS, ESPECIALLY FROM SOMEONE PRETENDING TO BE YOUR BANK AND LINKS TITLED "URGENT" OR
   "WARNING. Scammers will attempt to lure you into clicking on fraudulent links that may allow them access to everything on your computer.
4. MAKE SURE YOUR DEVICES ARE UP TO DATE. For your financial security, it is important to keep your computers, tablets and phones updated with the latest operating system and security software available.
5. REVIEW YOUR ACCOUNTS REGULARLY FOR ANY UNAUTHORIZED OR SUSPICIOUS CHARGES. If you have online banking, it is easy to do! If you do not use online banking, please contact us to set it up.
6. PROPERLY DISPOSE OF BANK STATEMENTS AND OTHER PERSONAL INFORMATION. Senior centers and libraries often have shredders and the Bank hosts an annual community shred day every spring.

We want to ensure that you are doing everything you can to protect your funds and personal information. Please call Deposit Services at 978-462-3106 if you have any questions.

• We will never contact you by telephone, text or email requesting that you provide personal information such as your account number, debit card number, Online Banking login information, Social Security Number or Personal Identification Number (PIN). However, if you call us you will be asked to verify confidential information.
• When the Institution for Savings suspects fraud, a transaction alert will be sent via telephone, text, or email; however, we will never ask you to provide confidential information in your response.
• If you receive a telephone call, text or email and have any suspicion, do NOT respond. Instead, contact Deposit Services at 978-462-3106.

• Taking your money or belongings without your knowledge?
• Signing your name without permission?

• Never sign anything you don’t understand.
• Never give away property in exchange for care.
• Know your banker, attorney, or financial advisor.
• Document financial arrangements in writing.
• Check the references and credentials of anyone who wants to work in your home, including utility workers and town employees.
• Beware of door-to-door sales people and telephone sales pitches.
• Don’t give out your bank account number, credit card number, or other personal information over the phone or Internet.
• Stay socially active.

• Never sign anything you don’t understand.
• Plan ahead. Consider a trust or power of attorney.
• Don’t isolate yourself, keep up with friends.
• Get to know your bank personnel.
• Use Direct Deposit.
• Ask for help.

• Report the incident to the card issuer immediately
• Cancel your account and open a new one
• Review billing statements carefully after the incident
• If the statements show unauthorized charges, send a letter to the card issuer via regular mail (keep a copy) describing each questionable charge
• Schedule recurring transfers between accounts

• Report the theft to the bank as quickly as possible
• Cancel your account and open a new one

• Some phishing attacks use viruses and/or a 'Trojan Horse' to install programs called "key loggers" on your computer. These programs capture and distribute any information you type to the phisher, including credit card numbers, usernames and passwords, Social Security Numbers, etc.
• If this occurs, you likely may not be aware.
• To minimize this risk, you should:
  
  • Install and/or update anti-virus and personal firewall software
  • Update all virus definitions and run a full scan
  • If your system still appears compromised, fix it and then change your password again.

• Report the theft to the three major credit reporting agencies, Experian, Equifax and TransUnion Corporation, and do the following:
  • Request that they place a fraud alert and a victim's statement in your file
  • Request a FREE copy of your credit report to check whether any accounts were opened without your consent
  • Request that the agencies remove inquiries and/or fraudulent accounts stemming from the theft

• Criminals target victims by scams.
• Victim unknowingly installs software by clicking on a link or visiting an infected Internet site.
• Fraudsters began monitoring the accounts.
• Victim logs on to their Internet Banking.
• Fraudsters collect login credentials.
• Fraudsters wait for the right time and then -- depending on your controls -- they login after hours or if you are utilizing a token they wait until you enter your code and then they hijack
  the session and send you a message that Internet Banking is temporarily unavailable. 

• Malicious websites (including Social Networking sites)
• Email
• P2P Downloads (e.g. LimeWire)
• Ads from popular web sites
• Web-borne infections: According to researchers in the first quarter of 2011, 76% of web resources used to spread malicious programs were found in 5 countries worldwide: United States, Russian Federation, Netherlands, China, & Ukraine.

• Form of malware that deceives or misleads users into paying for the fake or simulated removal of malware.
• Has become a growing and serious security threat in desktop computing.
• Mainly relies on social engineering in order to defeat the security software.
• Most have a Trojan Horse component, which users are misled into installing.
  • Browser plug-in (typically toolbar).
  • Image, screensaver or ZIP file attached to an e-mail. 
  • Multimedia codec required to play a video clip.
  • Software shared on peer-to-peer networks 
  • A free online malware scanning service

• What may be relied upon today as an indication that an email is authentic may become unreliable as electronic crimes evolve.
• This is why it is important to stay abreast of changing security trends.
• Some experts feel e-mail is the biggest security threat of all. 
• The fastest, most-effective method of spreading malicious code to the largest number of users.
• Also a large source of wasted technology resources
• Examples of corporate e-mail waste:
  • Electronic Greeting Cards
  • Chain Letters
  • Jokes and graphics
  • Spam and junk e-mail

• Provide Security Awareness Training for Our Employees & Customers
• Review our Contracts
• Make sure that both parties understand their roles & responsibilities
• Make sure our Customers are Aware of Basic Online Security Standards
• Stay Informed
• Attend webinars/seminars & other user group meetings
• Develop a layered security approach

• Multi-factor Authentication
• Watermark image
• Monitoring of IP Addresses on login
• Challenge questions/phone verification on login and ACH/Wire generation
• User Authority Limits to control account entitlements
• Calendar File – Frequencies and Limits
• Dual Control Processing of files on separate devices –recommended
• Out of Band Confirmation on every wire transfer
• Monitoring of every ACH batch that is originated
• Secure Browser Key
• Secure Token requirement for Cash Management customers

• Education is Key. Train your employees! 
• Secure your computer and networks.
• Limit Administrative Rights. Do not allow employees to install any software without receiving prior approval.
• Install and Maintain Spam Filters.
• Verify system users are currently employees and their access privileges align with their job responsibilities.
• Work with IT consultants or dedicated IT staff to implement and maintain Network Segmentation.
• Review and update network security including patch management and access privileges frequently.
• Purchase Cyber Insurance to protect you against Cyber Crime Incidents.
• Surf the Internet carefully.
• Install & maintain real-time anti-virus & anti-spyware desktop firewall & malware detection & removal software. Use these tools regularly to scan your computer. Allow for automatic updates and scheduled scans.
• Install routers and firewalls to prevent unauthorized access to your computer or network. Change the default passwords on all network devices.
• Install security updates to operating systems and all applications as they become available.
• Block Pop-Ups.
• Do not open attachments from e-mail. Be on the alert for suspicious emails
• Do not use public Internet access points.
• Reconcile accounts daily.
• Note any changes in the performance of your computer.
• Dramatic loss of speed, computer locks up, unexpected rebooting, unusual popups, etc.
• Make sure that your employees know how and to whom to report suspicious activity to at your Company and the Bank.
• Contact the Bank if you:
  • Suspect a Fraudulent Transaction
  • If you are trying to process an Online Wire or ACH Batch & you receive a maintenance page.
  • If you receive an email claiming to be from the Bank and it is requesting personal/company information.