Alma Exchange Bank & Trust
recommends the following Computing Security Practices
accessing their account information via the Internet:
General Business Practices (Commercial Customers)
1. Review this information with your IT department
or IT consultant and evaluate how your systems may
be vulnerable to this risk. Perform a risk assessment
periodically to determine if your organization is protected
against identified threats.
2. Dual control procedures should be in place for high
risk transactions such as electronic funds transfers.
This includes automated clearing house (ACH), Online
Banking transfers, and wire transfers.
3. Talk to your insurance provider about adding cyber
insurance terms to your business insurance policy.
4. Reconcile your banking transactions daily and look
for unusual small amounts such as penny transactions.
This may be an indication that your account has been
compromised and a fraudulent plan is in progress.
5. Never access bank, brokerage, or other financial
services information at internet cafes, public libraries,
etc. Unauthorized software may have been installed
to trap account numbers and sign on information leaving
you vulnerable to fraud.
6. Immediately escalate knowledge of any suspicious
transaction to the Bank, particularly if these transactions
are ACH or wire transfers. There is a limited recovery
window for these transactions and immediate escalation
may prevent or minimize further loss.
Password Practices (All Customers)
1. Change passwords at least every 90 days and every
time an employee leaves the company.
2. Create a strong password with at least 10 characters
that includes a combination of mixed case letters,
numbers, and special characters.
3. Ensure that your account information and security
responses are not written where they can be seen or
accessed by others. If the information must be written
down, it should be secured under lock and key when
not being used.
4. Never share your user ID or password with anyone
for any reason. If it is compromised, contact us to
have the ID and/or password disabled or reset.
5. Secure your computers with a password protected
screensaver that has a timeout feature activated after
no more than 15 minutes.
6. Avoid using an automatic login feature that saves
usernames and passwords for online banking.
Operating System Protection (All Customers)
1. Ensure that you use current anti-virus and anti-spyware
products to protect yourself against malicious software
that is created for the specific purpose of gathering
information such as user ID, password, and other
critical information that may be stored on your computer.
2. Ensure that you have a patch management solution
that keeps your computer software current and can further
mitigate new vulnerabilities to which your computer
may have been exposed.
3. Install a dedicated, actively managed firewall,
especially if you have a broadband or dedicated connection
to the Internet, such as DSL or cable. A firewall limits
the potential for unauthorized access to a network
and to computers.
4. Practice safe internet use. Never click on pop-up
messages or links to applications contained in emails.
Try to get into the habit of manually going to links
that are sent to you. It is estimated that over 80%
of malware is obtained from clicking on pop-up ads.
5. Be suspicious of emails claiming to be from a financial
institution, government department, or other agency
requesting account information, account verification,
or banking access credentials such as usernames, passwords,
PIN codes and similar information.
6. Use caution when opening attachments and ensure
they were sent from a trusted source.
7. Consider designating a "locked down" PC
to accommodate only your online banking transactions.
This computer should not be used for email or any other
internet activities. This precaution should minimize
the opportunity to download malware.
For more information on how you can be protected, visit