Your Online Safety

Login Credentials

When it comes to guarding against cybercriminals and ensuring cybersecurity at all levels, it’s important to think of your login IDs and passwords as your first line of defense.

• Create different passwords for every account.
• Create passwords with at least 12 characters.
• Never share your passwords. 
• Always change your password directly at the site or through the app.
• Never click on weblinks in emails that state your password has been compromised and you need to change your password using the weblink.
• Change your passwords at least four times a year and whenever you think a password was compromised, never reusing a password that you used recently.
• Set up Multi-Factor Authentication (MFA) on sites that support it.
  • MFA allows you to supplement your password by having the system ask you for a randomly generated token sent to you via a text, phone call, or app that is outside of the system you are logging into.

Email

Email providers simply can’t guarantee your cybersecurity when you sign up for their services. Hackers know this to be true, and they strategically attack via email to gain access to user accounts.

• Obtain separate email accounts for each of your needs (personal, business, alerts, etc.).
• Avoid using the same password you use for email accounts on your banking website or any other site.
• Avoid opening or responding to emails that require an urgent response, threaten harm, and/or ask you to click on a weblink.
• Avoid opening email attachments that are unknown, unexpected, or suspicious.
• Never send sensitive personal information (i.e. a Social Security number) over email without encryption.
• When available, use Multi-Factor Authentication (MFA) in your email service. You’ll then receive an email and/or text when there’s a login from a new computer.
• Avoid accessing email accounts from public Wi-Fi hotspots.

Never provide your account information, password, or token number over the phone or by email. Citizens Business Bank will never ask you to enter personal or account information via email or to download an attachment from email, nor will we ever ask you for your password, token, or other security credentials via email or by telephone.

Phone Calls and Text Messages

We are always connected and readily accessible everywhere we go thanks to our mobile devices and technology in general. A cybercriminal may call you while impersonating a representative of your bank and ask you for sensitive information, or they may send you a text message asking you to click a link or respond with sensitive information.

• Always be cautious when receiving unsolicited phone calls or text messages, especially if they request personal or financial information. Treat all such communication with suspicion until you can verify its legitimacy.  It is always best to hang up and call the institution directly using a trusted phone number you already have on file.
• Be aware that caller ID can be spoofed, so do not rely on it as an indicator of a legitimate call.
• If you receive a call or text from an organization claiming to be your bank, government agency, or any other entity, do not provide sensitive information immediately. Instead, independently call or message them using a trusted phone number you already have on file.
• In text messages, be cautious about clicking on links, especially if they appear suspicious or if the sender is unknown. Instead of clicking, visit the website directly.
• If the call or text attempted to impersonate your financial institution, report it to your financial institution.

Browse the Internet

Every device on the internet can be hacked — many with minimal effort. A common tactic of today’s cybercriminals is to create “clones” of well-known websites, then use the site to capture user information and credentials. They use this stolen information to access your banking and/or other accounts.

• Keep your computer software up-to-date.
• Use a firewall and install antivirus and anti-malware software, always keeping them up to date.
• Avoid using public Wi-Fi (hotels, coffee shops, etc.) to access your bank accounts or other sensitive websites.
• Whenever possible, restrict online banking transactions to a computer that is not used for any other website transactions.
• Understand that millions of fake emails, fake social media users, fake Wi-Fi hotspots, fake websites, etc. are created every day, all intending to defraud internet users.

Home Networks

It’s only natural for us to feel especially safe and secure while we’re at home. But just as a home intruder might violate your real-world residence, a cybercriminal can “break into” your home network if he or she is skilled and determined enough. Once inside your home network, a cybercriminal can then “rob” you of valuable items like personal data, passwords, IDs, account information, and more.

• Every home internet router comes equipped with a factory-issued username and password. If possible, change the username and/or password.
• Change your home internet router’s wireless network name (SSID) and the wireless network password (network security key)
• Stop your home internet router from broadcasting your home wireless network’s name/SSID.
• Keep your router’s firmware up to date.
• Disable “Push-to-Connect” or “WPS” as well as “UPnP” options from your home wireless router.

Mobile Devices

From Apple to Android, you want to play it safe whenever you can — and wherever you go. Make sure your cybersecurity efforts extend well beyond your desktop or laptop computer with these strategic safety tips for smartphones and mobile devices:

• Update the operating system on your mobile device as soon as new versions become available (updates often include security patches).
• Only install mobile apps and updates directly from the Apple App Store or Google Play Store, avoiding malicious apps, repackaged legitimate apps, and fake security apps from rogue sites that often contain malware or ransomware.
• Keep your mobile devices locked and password-protected.
• Regularly back up your mobile devices.
• For Apple devices, enable location services and “Find My iPhone/iPad”; this will allow you to remotely wipe the device through Apple’s website if the device is lost or stolen.

Wi-Fi Hotspots

Free “hotspots” and other public Wi-Fi links make it easy for cybercriminals and hackers to collect your logins, emails, and payment information. In some instances, they help provide access to all your money. Hackers even set up fake hotspots with the same name as hotels, coffee shops, and other popular businesses to masquerade as those businesses and trick people into connecting directly to them.

• Never assume that a Wi-Fi hotspot is legitimate or secure.
• Never use a Wi-Fi hotspot for shopping or banking.
• Be aware of your surroundings when online in public spots (look out for “shoulder surfers” watching your screen).
• Before you connect to a Wi-Fi hotspot, make sure to enable a firewall and disable ad hoc networking.
• Do not allow automatic connections to non-preferred networks. Computers, tablets, and smartphones can have this setting enabled, please be sure to disable it.
• Before you connect to a Wi-Fi hotspot, be sure to always turn off file sharing.

Social Media

Social media sites can also serve as a gateway for all kinds of cybercriminals. Even if these various “social engineers” don’t steal information, prying online eyes can learn a lot about you via social media snooping. Be careful what you share on social media. 

• Ensure pictures and videos you share online do not contain sensitive items or documents, such as a credit card or other identifiable data.
• Be on the lookout for phishing emails telling you to change your password or notifying you that your account was compromised. Never click these links. Instead, go directly to the website, and perform the action from within the website.
• Avoid using the same password you use for social media websites on your online banking website.
• If you think your online banking account has been compromised, check for unknown charges, and contact your financial institution.
• Limit the amount of information you share on social networks.
• Limit who can view your information. You can often restrict who can view your information — from “anyone or public” to just “acquaintances or friends”.
• Be extremely wary of fake profiles and people who try to connect with you on social networks.
• Keep all your security software up-to-date.
• If you think any of your accounts have been compromised, change your passwords immediately.