For your Protection
How safe is your computer and information?
Hudson Valley Bank is committed to the highest standards of privacy and security for our customers. Our goal is to work in partnership with individuals and business to safeguard your information. Cyber crimes are on the rise. It is important to be aware of possible threats against your computer and personal information. We have compiled a description of some of the most known common risks, along with some things you can do to help protect your computer and information. If you believe you have been a victim of identity theft please contact your local branch immediately,
According to the US Postal Inspection Service, Identity Theft is America's fastest-growing crime. In its simplest form, a perpetrator obtains personal information (e.g., bank account number, social security or date of birth), from an individual in order to access the victim's financial accounts and obtain funds. A more sinister form of identity theft called "criminal identity theft" occurs when the criminal identifies himself as another person for the purpose of eluding law enforcement official. A few helpful tips to prevent identity theft are:
- Check your bank and credit cards statements on a regular basis.
- Credit reports should be requested from the three credit bureaus (Equifax, Experian, and TransUnion) and reviewed annually for unusual activities.
- Protect your social security number at all times and do not use it as a system login.
The Federal Trade Commission (FTC) has a website with educational material for preventing and aiding victims of identity theft. http://www.ftc.gov/bcp/edu/microsites/idtheft/consumers/about-identity-theft.html#content
Passwords for information systems and Internet based financial and banking websites are the first line of defense. Passwords should be chosen carefully by the system user. You can help safeguard your password by making sure your password:
- Is at least eight alphanumeric characters long.
- Does not contain your user name, real name, or company name.
- It contains either a special character or an upper case letter.
- Does not contain a complete dictionary word.
- Is significantly different from previous passwords. Passwords that increment (Password1, Password2, Password3 ...) are not strong.
Passwords are private and should never be shared with other users. The US Computer Emergency Response Team (CERT) has published guidelines as an aide for choosing strong passwords.
Note: Hudson Valley Bank will never ask a customer for password information under any circumstance.
Currently, one of the more common forms of stealing information is through sending unsolicited emails or text messages to unsuspecting users for the purpose of acquiring sensitive information (e.g., usernames, passwords and personal account information). The phishing email disguises itself as an official email from a legitimate source attempting to trick the recipient into revealing confidential information at a bogus website. If you receive an email, you suspect might be phishing, or anytime you do not recognize the sender, you should take the following steps:
- Do not reply.
- Do not open any attachments; they may contain a virus, spyware or other system malware.
- Do not click on any web links in the email or download images.
- Delete the email immediately.
Additional information on Phishing can be found at http://www.onguardonline.gov/topics/phishing.aspx
Social Engineering threats or attacks are used by con artists to obtain or compromise information about a business organization or its computer system for the sole purpose of getting personal information in order to steal funds from a customer's bank account. Below are two brief examples:
- Pretexting is a telephone based form of social engineering where the caller impersonates an individual so that the targeted victim releases personal private information. (e.g., the service desk technician may be impersonated in order to obtain a system login or password from a system user)
- Nigerian 419 Scam (mostly an email or phone based form of deception) is a confidence trick where the target is offered advance sums of money (a reward) for their assistance in facilitating the retrieval of funds.
For additional information on these and other scams, see the FTC Identity Theft website
In addition to the steps noted above, the following security precautions should also be taken:
- Do not respond to any suspicious emails or phone calls.
- If in doubt about the identity of the caller or the origin of the email, contact the financial institution for guidance.
- Never reveal any personal identifiable information by email or phone.
Computers should contain licensed operating system software. In addition, the following suggestions will also help minimize the risk of a computer being compromised:
- Employ multiple and layered data security tools. Layering multiple security tools and customizing them to meet the needs of specific industries reduces the likelihood that data thieves will succeed
- Install and use anti-virus, anti-spam, anti-spying and anti-malware software, and update as recommended by the supplier.
- Employ either a third party or vendor recommended firewall protection
- Keep operating systems up to date on all recommended patches
- Security patches and system upgrades should be only downloaded from the vendor’s approved website
- Limit Internet access for business computers to websites approved for business use and block all other websites
- Educate your employees and customers on anti-phishing and fraud prevention measures
Not all e-mail communications are secure. Please do not include confidential information in your e-mails or attachments unless you are using secure e-mail. If you need to send us documents with non public personal information, please call your branch to learn about our secure-mail service.
- Paper documents containing personal information should be stored in a safe (fire resistant), and locked file cabinet. Data thieves are also known to search through a consumer garbage (dumpster diving) so a home paper shredder should be used as appropriate.
Other Useful Resources:
- Department of Homeland Security http://www.dhs.gov/files/cybersecurity.shtm
- Ready Gov (Cyber Security) http://www.ready.gov/
- New York State Cyber Security Website http://www.cscic.state.ny.us/
- Department of Justice http://www.cybercrime.gov/
- Federal Bureau of Investigation http://www.fbi.gov/cyberinvest/cyberhome.htm
- Connecticut Department of Consumer Protection: http://www.ct.gov/dcp/cwp/view.asp?a=1629&q=431552
- New York State Consumer Affairs http://www.consumer.state.ny.us/protecting/default.htm
For additional information on what you can do to protect you and your computer click here for Online Security Tips
Cyber Security Standards were developed and published by security professionals to provide safe security techniques and practices to prevent cyber security attacks on personal or business computers that contain private sensitive information. Two such standards are freely available from the USA National Institute of Standards (NIST) and the Information Security Forum (ISF). These security standards were designed for implementing cyber security to guard against identity theft. For additional Information visit: http://csrc.nist.gov or http://www.securityforum.org
Last Update: May 2014