Deter - Take steps to reduce your risk
Don't allow yourself or your business to be an easy target for fraud. To reduce your risk, consider the following:
Tips for Individuals
Identity theft occurs when your personal information is stolen and used without your knowledge to commit fraud or other crimes. It can cost you time and money, destroy your credit and ruin your good name. Below are some practical tips that can go a long way toward protecting your identity.
- Documents: Shred documents containing personal and financial information before you dispose of them. Keep other personal information in a secure place at home, especially if you have roommates, employ outside help or are having work done in your house.
- Social Security Number: Don't carry your Social Security card in your wallet or write the number on a check. Give it out only if absolutely necessary or ask to use another identifier.
- Personal Information: Don't give out personal information on the phone, through the mail or over the Internet unless you know with whom you are dealing. We will never call or email you seeking personal information. However, there may be instances where you have contacted us about your account, and we need to confirm your identity. In these cases, we may ask for identifying information to ensure you are who you say you are.
- Links: Never click on links in unsolicited emails; this is a common source for potential viruses that can adversely affect your computer. Instead, stick with web addresses you know and trust. Use firewall, antispyware and antivirus software to protect your home computer (and keep this software updated).
- Passwords: Don't use an obvious password, such as your birthday, mother's maiden name or the last four digits of your Social Security number. Instead, use a combination of letters, numbers and symbols. For added security, change your password on a regular basis and avoid using the same password for multiple accounts. We also strongly urge you to use different passwords for financial sites and social media sites.
- Contact Information: Help us protect your account by ensuring we have your current address, phone number and email. If we suspect fraudulent debit card or ATM use, fraud detection specialists calling will contact you on our behalf to validate the legitimacy of your transactions (this may be from a person or an automated-calling system). To confirm your contact information is up-to-date, please call us at (800) 246-2415.
- Visa® Debit Card: Unless required for a legitimate business purpose, avoid sharing your card number and expiration date. When using your card in a store or at an ATM:
PIN: Remember that your personal identification number (PIN) is private, so never share it or write it on the back of your card.
Wallet: Don’t load your wallet or purse down with extra debit and credit cards. Refrain from carrying your Social Security card, and carry your passport only if necessary for travel
Mail: Remove mail from your mail box promptly, and have it held at the Post Office if you are away for a prolonged time. Deposit important outgoing mail in the Postal Service’s blue collection boxes.
- Do not let cashiers take your card out of your sight.
- Watch for mobile phone cameras, mirrors or other devices used to view cards and PINs.
- Go to another ATM if you notice any unusual activity.
Scams today use all kinds of methods to obtain your personal information, including email (“phishing”), text message (short message phishing or “smishing") and phone calls (voice phishing or "vishing").
Often, these scams try to create a feeling of urgency so you'll respond before you have time to think. Such messages typically include a threat, like cutting off a service or closing your account, if you don't "update" or "verify" personal or account information.
Other scams may pretend to be helpful, like offering a security update or helping you remove problematic pop-up messages, but require you to provide your personal or account information first. These red flags should alert you that the request may not be legitimate.
Common red flags include messages that:
- Ask for your account information because someone wants to transfer money to you.
- Claim you are owed a refund.
- Inform you that you have won a contest.
- Threaten to close or suspend your account if you do not take immediate action and provide personal or account information.
- Solicit your participation in a survey where you are asked to enter personal or account information.
- State your account has been compromised or there has been third-party activity on your account and requests you to enter or confirm personal or account information.
- State there are unauthorized charges on your account and requests your personal or account information.
- Ask you to enter your User ID, password, account numbers, PIN or card expiration dates into an email, non-secure webpage or text message.
- Ask you to confirm, verify or refresh your account, credit card or billing information.
Consider having your name and address deleted from marketing lists by contacting the following organizations:
- National Do Not Call Registry: Online at www.donotcall.gov or call (888) 382-1222 or TTY (866) 290-4236.
- Direct Marketing Association Mail Preference Service: Write to Direct Marketing Association, PO Box 643 Carmel, NY 10512.
- Direct Marketing Association Email Preference Service: Register online at www.dmachoice.org.
- Preapproved/Prescreened Credit offers: Visit www.optoutprescreen.com or call (888) 567-8688 or TTY (800) 821-9631.
- Credit Report Freeze: If you are a New York State resident, the Freeze Law allows you to place a “freeze” on your credit report and block access without your permission. For more information, contact the New York State Consumer Protection Board at: (800) 697-1220 or (518) 474-8583, or visit www.dos.ny.gov/consumerprotection.
If you think your personal or bank information has been compromised or shared with fraudsters, immediately call the toll-free number on the back of your credit/debit card or (800) 246-2415. We will take steps to help you secure your account. If you receive an email from Saratoga National Bank that doesn't appear to be legitimate, don't reply. Instead, call us and we will determine the legitimacy of the email.
To learn more about identity theft, visit identitytheft.gov or request copies of identity theft resources by writing to: Consumer Response Center Federal Trade Commission 600 Pennsylvania Ave., NW, H-130 Washington, DC 20580.
You can also visit OnGuardOnline.gov for tips.
Tips for Businesses
When it comes to protecting your business and its identifying information, you can never be too careful. Fortunately, even simple, basic precautions can dramatically reduce the risk of fraud, identity theft and other illicit activities.
Becoming a victim of cybercrime has little to do with the size or type of your business. If you answer “yes” to one or more of the risk-assessment questions below, you should take steps to review the security of your computers and networks:
- Is important company or personal information stored on a computer, including information relating to you or your employees, customers, contractors or partners?
- Do you or your employees access important information through an internal computer network, including banking, credit card, vendor or delivery information?
- Do you have a company website?
- Do you or your employees use the Internet at work?
- Do you or your employees use email at work?
- Could your company survive if it lost the use of its computers for several days or longer?
Most companies use similar tools for their information technology infrastructure: desktop computers, operating systems, networks, storage devices, web browsers, laptop computers, mobile computing devices and smartphones —all of which are potential targets for cybercriminals. Conducting a periodic evaluation of your online banking risk and controls is highly recommended for the security and safety of your business.
If you don’t have formal and documented computer security procedures, your business may be unnecessarily at risk. Establish basic security procedures and controls for your business, and update and distribute them to all employees on a regular basis. Here are some important measures to consider:
- Reconcile Transactions: Reconcile all banking transactions on a daily basis.
- Dual Controls: Initiate electronic transactions (such as payroll and wire transfers) under dual control; higher-risk transactions such as wire transfers and automated clearing house (“ACH”) file transfers should require additional, non-Internet authentication.
- Sharing: Prohibit the use of “shared” usernames and passwords.
- Passwords: Use a different password for each website that is accessed; never use the same passwords for online banking and social media sites. Create strong passwords that have at least 8 characters and include a combination of numbers, special characters and mixed-case letters; never use your Social Security number or business Federal ID number. Change passwords every 45 to 60 days.
- Educate: Educate employees and your customers on information security practices.
- Links: Use extreme caution when accessing websites from a link in an email, especially if personal information is requested.
- Email: Do not include personal or sensitive data in response to an email. Do not send emails to your business clients from your personal computer at home.
- Red Flags: Be suspicious of emails appearing to be from financial institutions, government agencies or other organizations requesting account information, account verification or banking-access credentials.
One of the most important things you can do is safeguard your sensitive proprietary business as well as financial data and client information. Below are some practical and simple steps that will help get you started in protecting your most valuable information and your business accounts:
- Software: Use firewall, antispyware and antivirus software to protect your office computers (and keep this software updated). Visit OnGuardOnline.gov for more information.
- Update: Ensure virus protection and security software are updated regularly.
- Vendors: Never share usernames or passwords with third-party vendors. Consider vendor confidentiality agreements.
- Admin Rights: Limit administrative rights on users’ workstations.
- Banking: Never access bank, brokerage or other financial services information at Internet cafés or public libraries, as harmful software may have been installed to capture login information, leaving you vulnerable to potential fraud. Perform online banking activities on a standalone computer system from which email and web browsing are not possible. In addition, make sure your browser is operating in a secure session (indicated in the web address bar by “https”) and don’t leave a computer unattended.
- Auto-Fill: Avoid using automatic login features that save usernames and passwords for online banking.
- Web History: Regularly clear your web browser’s “history” in order to eliminate copies of web pages stored on hard drives.
- Social Engineering Tests: Consider conducting social engineering testing with your staff.
- Training: Train your employees and customers on your safeguards.
- Documents: Shred financial documents and paperwork containing sensitive information before being discarded.
When it comes to safe computing and protecting your vital private and financial information, you can never be too careful! Even though the task can appear daunting, there are some very general, easy-to-institute precautions that will go a long way to mitigate your risk in this area and ensure the privacy and confidentiality of your most important information.
Below are some suggested computer and information security “Best Practices” for you to consider.
- Always use common sense: When in doubt, err on the side of safety. Be suspicious of tempting animations on unprofessional-looking sites, and avoid clicking on strange links or attachments.
- Scan incoming email/attachments: Scan each attached file from email or IM messages, even those from trusted sources. Most PC security software automatically performs this function.
- Avoid downloading files you’re unsure about: Be on the lookout for files such as freeware, screensavers, games or other executable programs. Internet news groups and websites may be full of potential threats.
- Using media devices: Scan them before use. This is typically done automatically through your virus protection software. However, if you do not regularly update your virus software you could infect your computer by inserting a CD, flash drive or other media device.
- Frequently update your antivirus software: Even the best antivirus software isn’t much help unless you keep it updated. New PC threats emerge daily – even hourly – and variations can often be engineered to slip by previous software versions. Most antivirus software allows easy online updating.
- Protect system startups: Make sure to configure antivirus software to launch automatically and run constantly, ensuring that you’re always protected.
- Don’t automatically open email/attachments: This may seem redundant, but it’s important. Make sure your email application doesn’t automatically open messages (check the program’s "Options" or "Preferences" menus).
- Use desktop firewalls: Windows and Macintosh computers have basic desktop firewalls as part of their operating systems. When properly set-up and updated, these firewalls protect your computer files from being scanned.
- Backup, Backup, BACKUP: Backing up your machine regularly can protect you from the unexpected. Keep a few months' worth of backups and make sure the files can be retrieved if needed.
- Control access to your machine: Don't leave your computer in an unsecured area, or unattended and logged on, especially in public places. The physical security of your machine is just as important as its technical security.
- Portable devices: Be especially careful about what data you store on portable devices, like laptops, flash drives and smartphones. These are more easily lost and stolen and may require extra protections, like encryption or remote file deletion
- Be careful what you share on Social Media: Services like Facebook and Twitter present powerful and exciting technological tools and resources; however, these services also present risks. Be aware that anything you share can be preserved online indefinitely and be rapidly shared beyond your original intentions.
- Stay informed: Stay current with the latest developments for Windows, Macintosh, Linux and Unix systems.
Click Here >> to return to the Security Center homepage for additional resources.