Safeguarding your personal and financial information is a responsibility we take very seriously at Border State Bank. However, you should also remain vigilant against potential threats to "Identity Theft". Identity Theft affects millions of people each year.
Thieves can get your personal information by many means, both technology based and people based, including, but not limited to:
- Stealing your purse or wallet
- Pilfering information from your mail box such as bank statements and pre-approved credit card applications
- Obtaining your Driver's License number or Social Security number if imprinted on your personal checks
- Observing your transactions at ATMs or store check-out terminals to capture your personal identification number (PIN)
- Going through trash for credit card receipts or loan applications
- Utilizing different types of fraud (e.g. Phishing, Vishing or SMiShing scam)
- Operating other common fraud schemes and scams. The FBI maintains a current listing of these schemes and scams on its website: http://www.fbi.gov/scams-safety
Here are a few simple tips to always keep in mind:
- Get notified with Border State Bank Account Alerts* sent by text, email, or App for your personal accounts
- Border State Bank Online Banking and Mobile Banking are great resources for monitoring your accounts and transactions*
- Change your password at least every 90 days
- Never disclose personal information to anyone without authorization to access your accounts. Unless you initiate the contact or we are completing an application for you, Border State Bank will NOT request your personal information (e.g. account number, PIN, Social Security number, or mother’s maiden name) through email, U.S. mail or phone
- Do not print your driver’s license number or Social Security number on personal checks
- Report lost or stolen checks or bank cards immediately
- Store new and cancelled checks in a secure location
- Select and memorize a PIN that never uses information readily found in your wallet or purse (e.g. your house number or date of birth)
- Promptly review monthly financial statements yourself and report any discrepancies immediately. Never ignore suspicious charges on your statements. If regular bills or statements stop coming to you, call the company's customer service number to determine if someone has filed a false change-of-address notice to divert your mail
- Retain all receipts from ATM, debit and credit card transactions until they have been reconciled to your statements and ensure your account number is not readable when you dispose of them
- Be sure to sign new bankcards immediately
- Only carry important documents as needed (e.g. Social Security card, passport or birth certificate). If lost or stolen, a thief could use them
- Destroy cards you no longer use, making sure the numbers are not recognizable
- Shred unnecessary financial documents, including old bank statements, invoices, and unwanted pre-approved credit offers
- Never provide your financial information to an unfamiliar website
- Be careful in responding to “Work from Home” ads as this is a common method for fraudsters to attract money mules unknowingly. Money mules transfer money acquired illegally on behalf of others and are typically paid a small part of the money transferred for their services
- Report suspicious emails or phone inquiries (e.g. requesting account information to “award a prize” or “verify a statement”) to your phone company, Border State Bank or the local authorities. Call Border State Bank to report this activity.
- Forward any suspicious emails to firstname.lastname@example.org that appear to be from Border State Bank and request that you click on a link to enter your login credentials or personal information
- Consistently validate that each of your computers has up-to-date software installed including operating system, personal firewall, anti-virus, anti-spyware and current browser. Ensure your anti-virus and anti-spyware software is enabled and performing scans on a regular basis. Use reputable internet tools to scan your browser for known vulnerabilities.
If you believe you have been a victim of fraud related to your Border State Bank accounts, notify us immediately by calling your local Border State Bank, so we can take action to help you. A formal complaint can also be filed with the Internet Crime Complaint Center (IC3) at www.ic3.gov.
*Use of these features and services requires internet and/or data access through a computer or mobile device. Subject to availability and the same limitations as any service available through the internet. Border State Bank is not responsible for matters that are outside of its reasonable control that might impact availability and functionality. Border State Bank reserves the right to suspend service for any reason at any time. Your mobile carrier’s text messaging and data charges may apply.
Sun, Sand, and Cybersecurity
- Keep a clean machine: Before you hit the road, make sure all security and critical software is up-to-date on your mobile devices and keep them updated during travel. These protections are your best line of defense against viruses and malware.
- Lock down your login: Your usernames and passwords are not enough to protect key accounts like those you use for email, banking, and social media. Fortify your online security by turning on multi-factor authentication, commonly referred to as two-factor authentication, when available. This typically pairs your username and password (i.e. something you know) with a message sent to your phone (i.e. something you have) or your fingerprint (i.e. something you are).
- Password protect: Use a passcode or security feature like a finger swipe pattern or fingerprint to lock your mobile device. Also set your screen to lock after a short period of time by default. If you do choose to use a finger swipe, make sure it has at least one turn (preferably two) and that a pin code has at least 6 numbers!
- Think before you use that app: New apps are tempting! It is important to always download new apps from only trusted sources like the Apple App Store or the Google Play Store. Additionally, consider limiting your apps access to services on your device, like location services.
- Own your online presence: Set the privacy and security settings on social media accounts, web services, and devices. It is okay to limit how and with whom you share information – especially when you are away.
- Get savvy about what you do on other peoples’ Wi-Fi and systems: Do not transmit personal info or make purchases on unsecure or public networks. Instead, use your phone carrier internet service for these needs. For laptops/tablets, it is easy to use your phone as a personal hotspot to surf more securely using carrier data. Also, never use a public computer or device to shop, log in to accounts, or do anything personal.
- Turn off Wi-Fi and Bluetooth when idle: When Wi-Fi and Bluetooth are on, they may connect and track your whereabouts. Only enable Wi-Fi and Bluetooth when required, and disable your Wi-Fi auto-connect features.
- Protect your $$$: Be sure to shop or bank only on secure sites. Web addresses with ‘https://’ and a lock icon indicate that the website takes extra security measures. However, an “http://” address indicates your connection is not secure (not encrypted) and you should not transmit payment or sensitive information over to such a site.
- Share with care: Think twice before posting pictures that signal you are out of town. Knowing you are away from home is a great piece of information for a criminal to have and they may target your home for physical crime. Also consider limiting your social media apps’ access to location services on your device, and omit location information while making your posts and sharing your pictures.
- Keep an eye on your devices: Laptops, smartphones, and tablets are all portable and convenient, making them perfect for a thief to carry away! Keep your devices close to you and hold onto them if strangers approach you to talk, as a common scam consists of a stranger distracting you and placing a map or newspaper over your device and walking away with it when finished talking.
- Know your destination’s laws: If you are heading out of the country, check up on any specific laws on internet and device usage. Additionally, bring as few devices as possible and consider using a device specifically purchased for international travel.
Small Business Security 101
Smaller businesses are attractive targets to attackers because most small businesses rely on technology to perform day-to-day operations. Many businesses would not be able to thrive without the ability for customers to view its website, make online transactions, or even the ability for employees to send an email to employees or customers around the globe. Small businesses must realize that the technology that allows you to grow and be profitable can also pose the greatest threat to your business if not properly managed.Without training your employees to identify and understand the risk of cyber attacks, many businesses are sitting ducks for an attacker to simply harvest customer information. That’s what we call a low-risk, high-reward opportunity. The reputational damage caused by a cyber attack could very well force your business to close its doors completely.
An understanding of information security and how a well-managed program operates significantly reduces the risk of data being lost or stolen due to a cyber attack. In 2017, Manta conducted a poll of 1,420 small business owners and found that 87% felt they were at risk of experiencing a data breach. Additionally, only a 17% noted that they had basic IT security controls in place. Basic security controls like antivirus and a firewall are critical to the health of the organization and its responsibility of protecting the customer information it possesses. Below are five (5) areas that any organization that utilizes the Internet NEEDS and is EXPECTED to have in place. If your business has not addressed these five (5) security control areas, stop what you’re doing and figure out how to protect your organization immediately.
- A business-class firewall: Home routers can be inexpensive and are great for simple tasks such as streaming online videos. Focus on investing in something that is made for businesses and allows you to change default settings.
- Anti-virus/anti-malware: You can choose either or both; just make sure you pay for the subscription and use its features.
- Email filtering: 93% of all data breaches begin with a phishing email. A single phishing email has the potential to cause significant damage to a business and is the most widely attack used; make sure you do everything you can to keep junk and phishing emails our of your environment.
- User access controls: Not limited to just strong and unique passwords; user access controls should be based on the principle of least privilege. Administrator accounts should never be used for regular duties. Reducing privileges for users drastically reduces the risk of an employee accidentally installing a malicious program onto their workstation.
- Patch management: It is paramount that systems are patched in a timely manner as soon as new patches are available. Be sure your third-party programs are included in your patch plan.
IT security is not something you put in place and never touch or think about again. It is a continual process of improvement to stay one step ahead of the bad guys. Proactive security keeps businesses mindful of new threats and how you can protect yourself vs. reactive security where businesses are running to catch up with threats after they have happened. Now that some basic areas of security have been defined, businesses need to continue to grow their security posture for the future. Here are five (5) additional controls that businesses can implement to improve security:
- Vulnerability scanning: This is an excellent way for a business to understand and measure how successful the patch management program is or if there are additional vulnerable programs on the network.
- Password managers: These are a powerful tool that can be used to create extremely strong and unique passwords for all employee’s accounts. One master password is used to unlock a digital vault where passwords to websites can be securely stored and viewed. Password vaults can stop employees from using the same password for everything and worrying about remembering 200 different passwords (the number of unique websites that today’s consumer logs into on average).
- Ongoing security awareness training: Social engineering attacks are the most common way a network is compromised today. Continued education for employees about the dangers of phishing emails and how to identify them is critical. Additional training covering ransomware, customer identification, and other common social engineering attacks will dramatically reduce the risk of a successful cyber attack.
- Phishing testing: Phishing assessments provide insight into how the business will fair during a simulated phishing attack. Testing provides employees a chance to see how authentic phishing emails can seem and the results can be used to further increase employee education and awareness.
- Back up your information: Backups can also make or break a business. Ransomware, viruses, and hardware failures can cause everything that a business is storing digitally to be lost in an instant. A business should follow the 3-2-1 strategy, meaning at least three (3) total copies of your data are available, stored on two (2) differed mediums (backup tape AND external hard drive, for example), and at least one (1) copy stored offsite.