Trustco Bank
Corporate Sustainability
Trustco Bank makes it a priority to continuously educate our customers, employees and communities about the importance of data privacy and keeping confidential information secure. Knowledge and vigilance are essential in keeping your personal information safe. Trustco Bank recommends the following tips:
Creating a Strong Password
Use a long passphrase. According to National Institute of Standards and Technology (NIST) guidance, you should consider using the longest password or passphrase permissible. For example, you can use a passphrase such as a news headline or even the title of the last book you read. Then add in some punctuation and capitalization.
Don't make passwords easy to guess. Do not include personal information in your password such as your name or pets' names. This information is often easy to find on social media, making it easier for cybercriminals to hack your accounts.
Avoid using common words. Substitute letters with numbers and punctuation marks or symbols. For example, @ can replace the letter "A" and an exclamation point (!) can replace the letters "I" or "L."
Get creative. Use phonetic replacements, such as "PH" instead of "F". Or make deliberate, but obvious misspellings, such as "enjin" instead of "engine."
Keep your passwords on the down-low. Don't tell anyone your passwords and watch for attackers trying to trick you into revealing your passwords through email or calls. Every time you share or reuse a password, it chips away at your security by opening more ways with which it could be misused or stolen.
Unique account, unique password. Having different passwords for various accounts helps prevent cyber criminals from gaining access to these accounts and protect you in the event of a breach. It's important to mix things up—find easy-to remember ways to customize your standard password for different sites.
Double your login protection. Use multi-factor authentication (MFA) to ensure that the only person who has access to your account is you. Use it for email, banking, social media, and any other service that requires logging in. Enable MFA by using a trusted mobile device, such as your smartphone, an authenticator app, or a secure token—a small physical device that can hook onto your key ring. Read the Multi-Factor Authentication How-to-Guide for more information.
Utilize a password manager to remember passwords. The most secure way to store all your unique passwords is by using a password manager. With just one password, a computer can create and save passwords for every account that you have – protecting your online information, including credit card numbers and their three-digit codes, answers to security questions, and more.
Source: Cybersecurity & Infrastructure Security Agency (CISA)
Protect Your Mobile Device
12 Ways to Protect Your Mobile Device:
Use the passcode lock on your smartphone and other devices. This will make it more difficult for thieves to access your information if your device is lost or stolen.
Log out completely when you finish a mobile banking session.
Use caution when downloading apps. Apps can contain malicious software, worms, and viruses. Beware of apps that ask for unnecessary "permissions" and delete unused or rarely used apps.
Download the updates for your phone and mobile apps.
Avoid storing sensitive information like passwords or a social security number on your mobile device.
Tell your financial institution immediately if you change your phone number or lose your mobile device.
Be aware of shoulder surfers. The most basic form of information theft is observation. Be aware of your surroundings especially when you're punching in sensitive information.
Wipe your mobile device before you donate, sell or trade it using specialized software or using the manufacturer's recommended technique. Some software allows you to wipe your device remotely if it is lost or stolen.
Beware of mobile phishing. Avoid opening links and attachments in emails and texts, especially from senders you don't know. And be wary of ads (not from your security provider) claiming that your device is infected.
Watch out for public Wi-Fi. Public connections aren't very secure, so don't perform banking transactions on a public network. If you need to access your account, try disabling the Wi-Fi and switching to your mobile network. Consider using a Virtual Private Network (VPN) app to secure and encrypt your communications when connecting to a public Wi-Fi network. (See the Federal Trade Commission's tips for selecting a VPN app.)
Report any suspected fraud to your bank immediately.
Protect Yourself Online
Keep your computers and mobile devices up to date. Having the latest security software, web browser, and operating system are the best defenses against viruses, malware, and other online threats. Turn on automatic updates so you receive the newest fixes as they become available.
Establish passwords. A strong password is at least eight characters in length and includes a mix of upper and lowercase letters, numbers, and special characters.
Watch out for phishing scams. Phishing scams use fraudulent emails and websites to trick users into disclosing private account or login information. Do not click on links or open any attachments or pop-up screens from sources you are not familiar with.
Forward phishing emails to the Federal Trade Commission (FTC) at
[email protected] — and to the company, bank, or organization impersonated in the email.
Recognize and avoid bogus website links. Cybercriminals embed malicious links to download malware onto devices and/or/ route users to bogus websites. Hover over suspicious links to view the actual URL that you are being routed to. Fraudulent links are often disguised by simple changes in the URL. For example: www.ABC-Bank.com vs ABC_Bank.com
Keep personal information personal. Hackers can use social media profiles to figure out your passwords and answer those security questions in the password reset tools. Lock down your privacy settings and avoid posting things like birthdays, addresses, mother's maiden name, etc. Be wary of requests to connect from people you do not know.
Secure your internet connection. Always protect your home wireless network with a password. When connecting to public Wi-Fi networks, be cautious about what information you are sending over it. Consider using a Virtual Private Network (VPN) app to secure and encrypt your communications when connecting to a public Wi-Fi network. (See the Federal Trade Commission's tips for selecting a VPN app.)
Shop safely. Before shopping online, make sure the website uses secure technology. When you are at the checkout screen, verify that the web address begins with https. Also, check to see if a tiny locked padlock symbol appears on the page.
Read the site's privacy policies. Though long and complex, privacy policies tell you how the site protects the personal information it collects. If you don't see or understand a site's privacy policy, consider doing business elsewhere.
Protect Your Social Media Accounts
The Internet has made our lives easier in so many ways. However, you need to know how you can protect your privacy and avoid fraud. Remember, not only can people be defrauded when using the Internet for investing; the fraudsters use information online to send bogus materials, solicit or phish.
Phishing is the attempt to obtain financial or confidential information from Internet users. This phishing expedition usually begins with an email that looks as if it is from a legitimate source, often a financial institution. The email contains a link to a fake website that looks like the real site. Fraudsters want you to provide account and password information, and then they have access to your account.
Here's what you can do to protect yourself when using social media:
Privacy Settings: Always check the default privacy settings when opening an account on a social media website. The default privacy settings on many social media websites are typically broad and may permit sharing of information to a vast online community. Modify the setting, if appropriate, before posting any information on a social media website.
Biographical Information: Many social media websites require biographical information to open an account. You can limit the information made available to other social media users. Consider customizing your privacy settings to minimize the amount of biographical information others can view on the website.
Account Information: Never give account information, Social Security numbers, bank information or other sensitive financial information on a social media website. If you need to speak to a financial professional, use a firm-sponsored method of communication, such as telephone, letter, firm e-mail or firm-sponsored website.
Friends/Contacts: When choosing friends or contacts on a social media site, think about why you use the website. Decide whether it is appropriate to accept a "friend" or other membership request from a financial service provider, such as a financial adviser or broker-dealer. There is no obligation to accept a "friend" request of a service provider or anyone you do not know or do not know well.
Site Features: Familiarize yourself with the functionality of the social media website before broadcasting messages on the site. Who will be able to see your messages -- only specified recipients, or all users?
On-Line Security Tips:
As with all computer and web-based accounts, take precautions to keep your social media account information secure. Here are some security tips:
Pick a "strong" password, keep it secure, and change it frequently.
Use different passwords for different accounts.
Use caution with public computers or wireless connections. Try to avoid accessing your social media accounts on public or other shared computers. But if you must do so, remember to log out completely by clicking the "log out" button on the social media website to terminate the online session.
Be mindful of accessing your social media accounts on public wireless connections, such as at a coffee shop or airport. It is very easy to eavesdrop on Internet traffic, including passwords and other sensitive data, on a public wireless network.
Be extra careful before clicking on links sent to you, even if by a friend.
Secure your mobile devices. If your mobile devices are linked to your social media accounts, make sure that these devices are password protected in case they are lost or stolen.
ATM Safety Tips
Always protect your ATM card and keep it in a safe place, just like you would cash, credit cards or checks.
Do not leave your ATM card lying around the house or on your desk at work. No one should have access to the card but you. Immediately notify your bank if it is lost or stolen.
Keep your Personal Identification Number (PIN) a secret. Never write it down anywhere, especially on your ATM card.
Never give any information about your ATM card or PIN over the telephone. For example, if you receive a call, supposedly from your bank or possibly the police, wanting to verify your PIN, do not give that information. Notify the police immediately.
Be aware of your surroundings, particularly at night. If you observe or sense suspicious persons or circumstances, do not use the machine at that time.
Have your ATM card ready and in your hand as you approach the ATM. Don't wait to get to the ATM and then take your card out of your wallet or purse.
Visually inspect the ATM for possible skimming devices. Potential indicators can include sticky residue or evidence of an adhesive used by criminals to affix the device, scratches, damaged or crooked pieces, loose or extra attachments on the card slot, or noticeable resistance when pressing the keypad.
Be careful that no one can see you enter your PIN at the ATM. Use your other hand or body to shield the ATM keyboard as you enter your PIN into the ATM.
To keep your account information confidential, always take your receipts or transaction records with you.
Do not count or visually display any money you received from the ATM. Immediately put your money into your pocket or purse and count it later.
If you are using a drive-up ATM, be sure passenger windows are rolled up and all doors are locked. If you leave your car and walk to the ATM, lock your car.
Special Precautions for Using an ATM at Night
Park close to the ATM in a well-lighted area.
Take another person with you, if at all possible.
If the lights at the ATM are not working, don't use it.
If shrubbery has overgrown or a tree blocks the view, select another ATM and notify your bank.
Protect Your Small Business Account
Corporate account takeover is a type of fraud where thieves gain access to a business' finances to make unauthorized transactions, including transferring funds from the company, creating and adding new fake employees to payroll, and stealing sensitive customer information that may not be recoverable. The American Bankers Association recommends following these tips to keep your small business safe.
Educate your employees. You and your employees are the first line of defense against corporate account takeover. A strong security program paired with employee education about the warning signs, safe practices, and responses to a suspected takeover are essential to protecting your company and customers.
Protect your online environment. It is important to protect your cyber environment just as you would your cash and physical location. Do not use unprotected internet connections. Encrypt sensitive data and keep updated virus protections on your computer. Use complex passwords and change them periodically.
Partner with your bank to prevent unauthorized transactions. Talk to your banker about programs that safeguard you from unauthorized transactions. Positive Pay and other services offer call backs, device authentication, multi-person approval processes and batch limits help protect you from fraud.
Pay attention to suspicious activity and react quickly. Look out for unexplained account or network activity, pop ups, and suspicious emails. If detected, immediately contact your financial institution, stop all online activity and remove any systems that may have been compromised. Keep records of what happened.
Understand your responsibilities and liabilities. The account agreement with your bank will detail what commercially reasonable security measures are required in your business. It is critical that you understand and implement the security safeguards in the agreement. If you don't, you could be liable for losses resulting from a takeover. Talk to your banker if you have any questions about your responsibilities.
Please see our Security and Fraud Prevention and Fraud Prevention: Alerts webpages that contain additional tips and resources and are updated periodically.
