Customer Care Center

Your home computer is a popular target for intruders because intruders want what you have stored there. They look for credit card numbers, bank account information, and anything else they can find. By stealing that information, intruders can use your money to buy themselves goods and services. But it's not just money-related information they're after. Intruders also want your computer's resources, meaning your hard disk space, your fast processor, and your Internet connection. They use these resources to attack other computers on the Internet. In fact, the more computers an intruder uses, the harder it is for law enforcement to figure out where the attack is really coming from. If intruders can't be found, they can't be stopped, and they can't be prosecuted

Here are some of the most common terms that will help you understand why your computer is at risk:

• Attack - An attempt to gain unauthorized control of someone's computer.
• Vulnerability - Typically, a software bug or misconfiguration which affects the operation of an operating system or other program run on a computer allowing it to be more easily accessed. Hackers, worms, viruses, and trojans use vulnerabilities to gain access to computer systems without the user's knowledge.
• Virus - Malicious software that spreads by attaching itself to files or creating files that may be executed in some way. Usually it is sent to users as an email attachment. It may require a computer software vulnerability to spread depending on the type of program it uses to spread.
• Worm - Spreads without the user taking any action and usually exploits a bug (or vulnerability) in an operating system or some other program that may be running on a computer. This requires a computer software vulnerability to spread.
• Trojan - A program which is usually given away for free which has a hidden purpose. It may be some type of file such as a video that user's may be interested in. The user would normally install and run this program although the installation would be so simple the user would be unaware of it. This program may or may not use a vulnerability to spread.
• Hacker - A person who deliberately attempts to manually break into other systems and use them without the knowledge of the owner. Usually hackers exploit computer software vulnerabilities on the victim's computer; however once they have control of a system it is not possible to be sure they are denied access again without reformatting the hard drive and re-installing the operating system.
• Spyware - Spyware is not as serious a security concern as viruses, trojans, worms, and even hacker attacks, but many free programs contain spyware. Spyware is mainly a privacy concern than a security concern. Spyware does not take control of a computer system, but sends information to the spying entity about how the computer system is being used such as what web sites are being visited. The biggest concern with spyware or any other potentially malicious software is that it may download other code and install it on the user's system. Additionally it may hide itself from the user to prevent it from being removed.
• Firewall - Firewalls in simple terms are used to limit remote access to specific parts of the operating system or programs running on the system. They may block incoming attempts to connect to an application or exploit a vulnerability. Firewalls remove many of the possible methods of breaking into a computer without permission. It will help prevent hackers, viruses, worms, and trojans. It may also block spyware from contacting the spying entity.
• Backdoor - A program which allows an unauthorized user to have access to a victim's computer.

Here are some steps you can take to protect your computer and minimize the risk of someone gaining access to your information:

Step 1: Use a Hardware Firewall
A firewall prevents unauthorized access to your computer by monitoring incoming and outgoing traffic from your computer's network and keeps out unwanted web traffic. Use a router to connect a network to the Internet. All routers come with some form of firewall automatically providing a layer of security to the network, however advanced Firewall protection is highly recommended. No firewall can detect or stop all attacks, so it's not sufficient to install a firewall and then ignore all other security measures, and don't forget to enable wireless network security on your wireless router to safeguard against unauthorized network access to your wireless network devices.

Step 2: Use Anti-Virus Programs
Download and install anti-virus and anti-malware software to protect your computer from being infected with malicious trojans, worms and viruses. Keep your software updated. This software inspects every file your computer accesses and determines if it is a malicious application. They also scan your computer for files that may have malicious intent. Additionally, always install licensed software and download patches and updates soon after their release. Vendors will usually release patches for their software when a vulnerability has been discovered. Most product documentation offers a method to get updates and patches.

Popular Brands: Norton Anti-Virus, McAfee, ZoneAlarm Whether your run Windows, an Apple OS, or Linux, keeping up with security patches is an essential part of home computer security.

• For PCs/Windows visit: http://windowsupdate.microsoft.com
  
• For Apple/Mac Computers visit: http://www.apple.com/downloads/macosx/apple/security_updates/

Step 4: Back up important Files

There are many ways an import file can be lost, human error such as accidental deletion, computer failure, water damage, fire damage, theft.

Here are some simple ways to protect yourself:

• Purchase and keep a copy of important files on removable media such as ZIP disks or recordable CD-ROM disks (CD-R or CD-RW disks).or an external USB Drive, Copy files to the drive, and store in a safe place. These drives are less than $100. Store the backup disks somewhere away from the computer.

Step 5: Use Strong Passwords and change them regularly.

There are passwords that:

• Cannot be easily guessed by someone
• Cannot be easily guessed by a computer

This means your passwords should always be:

• At least 8 characters long
• Include numbers and letters Ð Using upper & lower case letters is recommended
• Do not include a known word
• Should not be easy for someone who knows you to guess

Step 6: Surf, Download and Open emails with Care

Anti-Virus software is helpful, but it is not perfect. Viruses and other types of malicious code are often spread as attachments to e-mail messages or even chat messages. Here are some simple rules to remember when opening emails with attachments:

• Is the email from someone that you know?
• Have you received email from this sender before?
• Were you expecting email with an attachment from this sender?
• Does email from the sender with the contents as described in the Subject line and the name of the attachment make sense?

Because many chat programs allow for the exchange of attachments, they present risks similar to those of e-mail attachments. As with e-mail, care should be taken when using chat programs and messages especially with unknown parties.

Step 7: Use a File Encryption Program to protect important files

Does a file contain information you don't wish to share with others who may have physical access to your computer? These could be work or personal documents. Encryption software allows you have a personal passkey that protects your files.

Step 8: Turn off your computer or disconnect from the network when not in use

Turn off your computer or disconnect its Ethernet interface when you are not using it. An intruder cannot attack your computer if it is powered off or otherwise completely disconnected from the network.

A few simple and inexpensive steps can go a long way towards protecting your computer and your personal and confidential information. To learn more visit the site below.

Country Bank will never email, call, text or otherwise ask you for your user name, password or other electronic banking credentials.

Liability Protection
The Federal Reserve Board's Regulation E provides consumers with some protections for electronic fund transfers. Regulation E establishes limits on a consumer's liability for unauthorized electronic funds transfers and generally applies to accounts with Internet access. There are specific procedures you need to follow to help resolve errors with your account. In order to take advantage of the protections afforded by the Regulation, you must act in a timely manner. You need to notify us immediately if you believe that your account access information has been stolen or compromised. You also need to review your account activity and periodic statement and report any errors or unauthorized transactions immediately. Refer to the Electronic Fund Transfers - Your Rights and Responsibilities disclosures that were provided at account opening for more information or ask us for a copy and we will gladly provide you with one.

Wireless computer systems pose numerous security issues, therefore, it is important to take extra safety precautions to secure your home wireless computer network. At a minimum, home computers whether hard wired or wireless need to have personal firewall and anti-malware software and up-to-date virus protection to remove viruses, spyware, Trojans and other malware. Users should refer to our section on "Home Computer Security" which also applies to wireless computers. Hackers can easily intercept Wi-Fi network traffic over the open air and extract information like passwords and credit card numbers. Therefore, additional security is required for wireless computing. Someone who lives close by or are in close proximity to your home can access your network if you do not protect it. The recommendations below summarize the steps you should take to improve the security of your home wireless computer.

Step 1: Change Default Administrator Passwords (and Usernames)

At the core of most Wi-Fi home networks is an access point or router. To set up these pieces of equipment, manufacturers provide Web pages that allow owners to enter their network address and account information. These Web tools are protected with a login screen (username and password) so that only the rightful owner can do this. However, for any given piece of equipment, the logins provided are simple and very well-known to hackers on the Internet. Change these settings immediately and make sure to use strong passwords. (A minimum or 8 characters using both upper and lower case letters & symbols)

Step 2: Turn on (Compatible) WPA / WEP Encryption

All Wi-Fi equipment supports some form of encryption. Encryption technology scrambles messages sent over wireless networks so that they cannot be easily read. Several encryption technologies exist for Wi-Fi today. Use the highest level of encryption available to your network. New models use Wi-Fi Protected Access (WPA), and older versions use Wired Equivalent Privacy (WEP). However, the way these technologies work, all Wi-Fi devices on your network must share the identical encryption settings. Therefore you may need to find a "lowest common denominator" setting. Refer to the router manual for more information.

Step 3: Change the Default SSID

Access points and routers all use a network name called the SSID. Manufacturers normally ship their products with the same SSID set. For example, the SSID for Linksys devices is normally "linksys." Knowing the SSID does not by itself allow someone to break into your network, but it is a start. More importantly, when someone finds a default SSID, they see it is a poorly configured network and are much more likely to attack it. Change the default SSID immediately when configuring wireless security on your network. When changing your SSID, don't use your address or your last name. The SSID shouldn't identify who or where you are.

Step 4: Enable MAC Address Filtering

Each piece of Wi-Fi gear possesses a unique identifier called the physical address or MAC address. Access points and routers keep track of the MAC addresses of all devices that connect to them. Many such products offer the owner an option to key in the MAC addresses of their home equipment, and restrict the network to only allow connections from those devices. You should implement this control, but also be aware that the feature is not as foolproof as it may seem. Hackers and their software programs can fake MAC addresses easily.

Step 5: Disable SSID Broadcast

In Wi-Fi networking, the wireless access point or router typically broadcasts the network name (SSID) over the air at regular intervals. This feature was designed for businesses and mobile hotspots where Wi-Fi clients roam in and out of range. In the home, this roaming feature is unnecessary, and it increases the likelihood someone will try to log in to your home network. Fortunately, most Wi-Fi access points allow the SSID broadcast feature to be disabled by the network administrator. You should disable the SSID feature on your computer.

Step 6: Do Not Auto-Connect to Open Wi-Fi Networks

Connecting to an open Wi-Fi network such as a free wireless hotspot or your neighbor's router exposes your computer to security risks. Although not normally enabled, most computers have a setting available allowing these connections to happen automatically without notifying you (the user). This setting should not be enabled except in temporary situations.

Step 7: Assign Static IP Addresses to Devices

Most home networkers gravitate toward using dynamic IP addresses. DHCP technology is indeed easy to set up. Unfortunately, this convenience also works to the advantage of network attackers, who can easily obtain valid IP addresses from your network's DHCP pool. Turn off DHCP on the router or access point, set a fixed IP address range instead, then configure each connected device to match. Use a private IP address range (like 10.0.0.x) to prevent computers from being directly reached from the Internet.

Step 8: Enable Firewalls on Each Computer and the Router

Modern network routers contain built-in firewall capability, but the option also exists to disable them. Ensure that your router's firewall is turned on. For extra protection, consider installing and running personal firewall software on each computer connected to the router.

Country Bank will never email, call, text or otherwise ask you for your user name, password or other electronic banking credentials.

Liability Protection

The Federal Reserve Board's Regulation E provides consumers with some protections for electronic fund transfers. Regulation E establishes limits on a consumer's liability for unauthorized electronic funds transfers and generally applies to accounts with Internet access. There are specific procedures you need to follow to help resolve errors with your account. In order to take advantage of the protections afforded by the Regulation, you must act in a timely manner. You need to notify us immediately if you believe that your account access information has been stolen or compromised. You also need to review your account activity and periodic statement and report any errors or unauthorized transactions immediately. Refer to the Electronic Fund Transfers - Your Rights and Responsibilities disclosures that were provided at account opening for more information or ask us for a copy and we will gladly provide you with one.

Business Computer Security

Business computer security is essential to protecting your company from viruses, spyware, hackers, and other threats. Your network provides access to critical applications, and houses sensitive company and customer data. A single network security breach can shut down your operations for days, or allow a hacker to steal vital business data. The FBI estimates that US businesses lose US$67.2 billion annually due to computer-related crime. In order to protect your computer or network, you need to know about the threats that your business could face. Awareness allows you to prepare for these threats and have an action plan in place.

Here are some threats that could impact your business computer systems along with important steps we recommend to help protect your business:

Viruses and worms: These small but malicious programs are commonly spread by e-mail. They come in the form of cleverly disguised attachments to messages that trick your employees into clicking on them. Once installed, viruses can infect programs and files, destroy your data and effectively force you to close your business while you disinfect your computers. An e-mail virus can spread by e-mailing itself to people in your address book - maybe even to your business partners. Worms are a type of self-replicating virus that uncontrollably spread over networks.

Phishing: Some e-mail messages are "phishing" for valuable information. Phishing is a very specific type of cybercrime designed to trick you into disclosing personal financial details. Cybercriminals create a fake website that looks similar to a legitimate website. (Bank websites, the FDIC, the IRS, and ebay are common targets.). They then try to trick you into visiting this site and typing in your confidential data, such as your login, password or PIN. Typically, cybercriminals send out a large numbers of e-mails containing a hyperlink to the fake site which asks you to enter your data (i.e., bank account information, passwords, social security number). The thieves now have the information needed to get into your computer system and access company data.

Trojans: The term Trojan refers to the wooden horse used by the Greeks to sneak inside the city of Troy and capture it. The classic definition of a Trojan is a program that poses as legitimate software but when launched will cause harm. Trojans can't spread by themselves, which is what distinguishes them from viruses and A worm is a computer program that has the ability to copy itself from machine to machine. Worms use up computer processing time and network bandwidth when they replicate, and often carry content that can do considerable damage

Keylogging: These are programs which record key presses (i.e. what a user types on the keyboard) and can be used by a hacker to obtain confidential data (login details, passwords, credit card numbers, PINs, etc.). Backdoor Trojans typically come with an integrated keylogger.

Important Steps to protect your computer system:

Step 1: Update Your Software

To help keep your company PC's and network more secure and reliable, we highly recommended that you install new updates as soon as they're available. The easiest way to install updates is to use the Windows Update service and make sure automatic updating is turned on. If you do not wish to use automatic updating you should at a minimum, create a regular schedule to update all security software installed on your business computer system. Viruses and other threats are constantly evolving on a daily basis. An infected computer can quickly compromise client data, financial records and other pertinent information needed to make your business run smoothly and protect your customers and employees.

Step 2: Current Virus and Spyware Protection

Antivirus software is used to prevent, detect, and remove malware, including computer viruses, worms, and trojan horses and are designed to prevent unwanted hackers from compromising your computer and gaining access to your data. Many of them also prevent and remove adware, spyware, and other forms of malware.

Your employees may be visiting multiple websites and opening unfamiliar attachments which are two of the most common ways of picking up an unexpected virus or spyware, so you may want to limit employees from browsing to unfamiliar websites that could possibly contain viruses and other malware.

Step 3: Develop Policies & Internal controls

Policies on company internet use are a must, and regular screening of employee's computers for internet history is also suggested. When you set up a policy for internet use, discuss exactly what employees are allowed to use the Internet for, when they can use it for personal use, how the company monitors use and what level of privacy to expect. You may also want to set up an Internet system that only gives them access to preset websites that won't place your business at risk. We recommend that you educate your employees about computer security and opening email attachments that seem suspicious. Microsoft's Internet Safety at Work toolkit teaches employees how to protect company information, customer data, and their own personal information. You can download the toolkit at www.uschamber.com/cybersecurity.

Step 4: Set Up a Firewall

Make sure you have a firewall on your network before connecting to the Internet. Each computer that operates on the same network will have access to this protection and reduce the risk of virus infestation. Firewall applications are the most popular ways of hiding a computer's presence on the internet. Usually, you'll be instantly notified if an unidentified computer tries to connect to your network. The firewall will automatically block all attempts made by the unwanted user or application. It also works in conjunction with an antivirus program to protect your system from a virus attack.

Step 5: Back Up Your Data

Backing up your files is one of the most important controls you can do to safeguard the data you create and store on your computer. You should back-up your important files regularly and keep this data on a separate file system. You can purchase software that backs up and restores data and applications for a variety of operating systems. They often come with data protection, disaster recovery and business continuity planning capabilities.

Step 6: Secure Your Private Network

Network Security consists of computer network infrastructure policies to protect the network and the network accessible resources from unauthorized access and misuse. We recommend you designate a person to handle security and preparedness, and create a system administrator account with administrative privileges that only you or your system administrator can access. This enables you to operate as the "traffic cop" of your network, where you can monitor all Internet traffic and control who has access to your network. You can also manage any media downloaded or installed onto your computer(s). This role may be part time or full time depending on the scope and complexity of your business operations. You should have a process for consistent and continuous monitoring of all events occurring on your system or network and analyze them for signs of possible incidents, violations of computer security policies, acceptable use policies, or standard security practices.

You can visit www.microsoft.com/windowsxp/using/setup/winxp/accounts.mspx for guidance on creating and customizing user accounts such as those mentioned above.

Step 7: Set Up Internal Controls

Implement strong internal controls such as: separating the person/department writing the checks from the person/department reconciling the bank statement, requiring dual control over the initiation and approval of payments, limiting administrator access, requiring administrators to have another user ID for general transactions, and conducting annual reviews/audits for security controls. By requiring multiple individuals to be involved with certain functions, a system of checks and balances is created which creates an environment where fraud is less likely to occur.

Step 8: Increase Security of Passwords

These steps apply to both self-generated passwords and default passwords. We highly recommend ALWAYS changing default passwords that come with any type of software or program. A secure password contains a combination of upper and lower case letters, numbers, and symbols (!, @, #, $, %, etc.). Passwords should not contain your user name, real name, Social Security number, company name, or a complete dictionary word. Business passwords should be distributed strictly on a need-to-know basis and should NEVER be shared. Employees who must access certain programs or files on a regular basis should be the only people granted access to the applicable business passwords. In addition, it is critical that you protect your business passwords by removing employee access immediately when an employee is terminated or voluntarily separates from the business. The use of multi-factor authentication is highly recommended for very sensitive transactions. Multi-factor Authentication is the process of adding additional steps to accurately identify someone when they log into a website or need access to highly confidential data. This is often required for things like online banking transactions.

Step 9: Safeguard Controls for your Wireless Network

Use the same basic computer security practices that you would for any computer connected to the internet.

Use anti-virus and anti-spyware software, and a firewall. Change the name of your router from the default. The name of your router (often called the service set identifier or SSID) is likely to be a standard, default ID assigned by the manufacturer. Change the name to something unique that only you know.

Change your router's pre-set password. The manufacturer of your wireless router probably assigned a standard default password that allows you to set up and operate the router. Hackers know these default passwords, so change it to something only you know. Use passwords that are at least 8 characters long: the longer the password, the tougher it is to crack.

Turn off your wireless network when you know you won't use it. Hackers cannot access a wireless router when it is shut down. By turning the router off you limit the amount of time that it is susceptible to a hack.

Step 10: Create a Security Plan

All businesses benefit from having a security plan. Creating a security plan helps identify risks relevant to your business, and gives you a checklist to follow in training staff. Any comprehensive security plan should take into account a company's unique needs, restrictions, resources and other considerations. Remember, every desktop PC, laptop, or handheld digital device can be vulnerable to attack.

You should also be aware that all businesses must comply with the Massachusetts Data Security Regulations*. Click here to download the "Massachusetts Small Business Guide for Formulating a Comprehensive Written Information Security Program" the "Small business checklist." Both documents have helpful information for complying with the security regulations.

With this in mind, basic protection of your business is easy, and definitely beats trying to relocate and recover sensitive information or to expose yourself to legal issues. Protect your networks and your servers, and you are on your way to better protecting the security and integrity of your company!

* 201 CMR 17.00: STANDARDS FOR THE PROTECTION OF PERSONAL INFORMATION OF RESIDENTS OF THE COMMONWEALTH

Here are some other resources that may prove helpful for increasing your business computer security:

http://www.uschamber.com/issues/technology/internet-security-essentials-business

http://www.microsoftbusinesshub.com/Products

Keep in mind that liability Protection is a shared responsibility!

Country Bank employs commercially reasonable security controls to safeguard your information. However, security is a shared responsibility between the business and the bank. Businesses need to implement strong controls, conduct periodic risk assessments, monitor account activity daily, train employees on acceptable use, and report suspicious activity promptly. Business accounts have more liability than consumer accounts. Business accounts are governed by the Uniform Commercial Code Article 4A whereas consumer accounts are governed by Federal Reserve Board Regulation E. While banks are under no obligation to reimburse commercial accounts of cyber fraud, Country Bank will evaluate each reported incident on a case-by-case basis. Remember: The best defense is a strong offense.

Please be aware that Country Bank will never email, call, text or otherwise ask you for your user name, password or other electronic banking credentials.