Cyber Security Awareness
Knowing and understanding cyber security and the risks related to cyber security is vital in protecting yourself and your business. Quaint Oak Bank has implemented vigorous information security programs to safeguard your data, and continues to update and educate all employees on current security precautions. However, customers also must continually educate themselves to maintain their safety. The information below is intended for customers to view as guidelines for their cyber activities.
Regulation E
Regulation E provides guidelines for consumers, banks or other financial institutions related to electronic funds transfers (EFTs). It outlines rules and procedures for electronic funds transfers, and procedures consumers must follow when reporting EFT errors and the steps a bank must follow to provide recourse. Guidelines for issuers of electronic debit cards are also provided under Regulation E.
Regulation E was put forth by the Federal Reserve System and adopted in 1978 as an add-on to the Consumer Credit Protection Act. The law and regulation establish the basic rights, liabilities, and responsibilities of consumers who use electronic fund transfer services and of financial institutions that offer these services.
Commercial customers are not covered by Regulation E. Therefore, it is crucial that business customers implement their own security measures.
Account Communications
Quaint Oak Bank may contact a customer regarding his or her account or suspicious activities related to his or her account. However, Quaint Oak Bank will never ask the customer to provide his or her log-in credentials over the phone or via email. If log-in credentials are requested, do not respond. Immediately call 866.795.4499. Do not call or email a contact that was provided to you through the suspicious communication.
Password Protection Information
Never share your password with anyone. In the event that your password is requested via phone call or email, do not provide any information. Contact said person or business using a phone number or email which was used for prior communications. Below is a list of additional precautions for creating a password:
- Password should be at least 10 characters
- Password should include as many different characters as possible
- Password should include a combination of uppercase letters, lowercase letters, numbers and special characters
- Password should not include any personal information
- Password should not include any common words
- Change your password often – every 90 days is suggested
- Do not write down your password
- Never give your password to anyone
Identity Theft Protection Information
Below is a list of advice to protect yourself and your business from identity theft.
- Be aware of red flags:
- Trying to get you to move quickly
- Talking fast/trying to confuse you
- Using names to intimidate you or make you think you are on the same team
- Do not open links or attachments from unknown or unexpected senders
- Verify the sender of an email
- Consider is it logical
- Consider is it in line with their typical communications
What to do if Victim of Identity Theft
If you believe you may be a victim of identity theft, follow the steps below:
- Contact the banks and companies where known identity theft occurred
- Contact the credit reporting agencies listed below and place fraud alerts
Equifax
PO Box 105069 | Atlanta, GA 30349-5069
To order a report: 800.685.1111 | To report fraud: 800.525.6285
Experian
PO Box 2002 | Allen, TX 75013-0949
To order a report: 888.397.3742 | To report fraud: 888.397.3742
Trans Union
PO Box 1000 | Chester, PA 19022
To order a report: 800.916.8800 | To report fraud: 800.680.7289
- Request copies of your credit reports
- Place a security freeze on your credit report
- Report identity theft to the FTC
Federal Trade Commission
- Report identity theft to the police
- Remove fraudulent information from your credit report
- Change all passwords
- Replace your stolen identification
Information Security Awareness Topics
Below are common attacks related to information security:
- Social Engineering – Use of deception to manipulate individuals into divulging confidential or personal information
- Phishing – Fraudulent attempt to obtain sensitive information such as usernames, passwords and credit card details by disguising oneself as a trustworthy entity in an electronic communication. Constantly evolving to adapt new forms and techniques.
- Hacking – Gaining of unauthorized access to data in a system or computer
- Dumpster Diving – The practice of digging through one’s trash to gain information
Controls and Practices for Using Remote Financial Services
The list below provides recommended controls and prudent practices that should be implemented when using remote financial services:
- Research all applications (apps) before downloading
- Be sure the app you are downloading is the company’s official app, and not a fraudulent app designed to trick the user
- Avoid using public computers to access online banking
- Do not share your phone or computer when online banking/mobile app is opened
- Check your account regularly to monitor changes in account information and account balances
- Do not enter personal information on any websites that do not use encryption or other secure methods of protection
- Never give out your personal banking information (i.e. account number, username or password)
- Create strong passwords (see Password Protection Information section)
Business Customer Risk Assessment
One of the biggest threats to security is human error or wrong doing. Quaint Oak Bank suggests online business customers perform related risk assessments and evaluate controls periodically.
Business Customer Controls to Mitigate Risk
Below is a list of recommendations of technical and business controls that can be implemented to mitigate risks:
- Report lost or stolen checks or credit cards immediately
- Never share personal information (i.e. birth date, Social Security Number, password)
- Only keep what you need
- Lock any information that is essential and which contains personal information
- Shred all documents containing personal information
- Implement an email encryption system
- Know the nature and scope of your sensitive information
- Plan ahead for an event in which a security incident occurs
Additional Resources