While Florence Bank has taken the necessary steps to secure your online banking, there are additional steps that you should take to safeguard your computer and online transactions. Together we can ensure that your financial information will remain safe and secure, while providing you with convenient, quality online banking services.

Keep your computer safe

  • Maintain active, up-to-date anti-virus, anti-spyware and firewall protection.
  • Keep your operating system, browser and other applications updated with the latest security patches.
  • Do not open emails from unknown sources.
  • Never respond to a suspicious email or click on any hyperlink embedded in an email.
  • Educate your staff about current scams and loss-prevention steps.
  • When your computer is not in use, shut it down or disconnect it from the Internet.
  • Consult with IT experts on how to best secure the computers in your business environment.
Know who you are doing business with

  • Check website addresses carefully. Never click on a website link from within an email.
  • If you land on a site that looks suspicious, close out of it immediately.
  • Beware of free websites and downloads.
  • Be alert for scam emails, even if they appear to come from a trusted source.
  • Open email attachments only when you know the sender and are expecting an attachment.
  • Never respond to an email that requests your login credentials or personal information.
  • Do not send sensitive personal or financial information via email or through a website unless it is encrypted.

 Safeguard your online banking

  • Use Dual Control for all ACH and wire transactions OR designate and restrict one computer dedicated to online banking transactions.
  • Review ACH and/or wire limits periodically to ensure they are appropriate for your activity level.
  • Monitor emails for ACH and wire transfer confirmations.Immediately report any unauthorized activity to the Bank.
  • Use a strong password and change it regularly.
  • Use a different password for each website.
  • Never reveal your confidential login IDs, passwords or answers to security questions to anyone. Never provide this information over the phone, by email or enter it online.
  • Never provide your token code or its serial number to anyone, over the phone, by email or online.
  • Regularly review authorized users and update online banking functions. Ensure authorized users are deleted from the system when job functions change or users leave the company.
  • Ensure the online banking website you are logging into is secure and starts with https://
  • Check website addresses carefully and set up favorites for frequently accessed websites.
  • Never use someone else's computer to access your account unless it has anti-virus protection.
  • Avoid logging into online banking at wireless hotspots and internet cafés.
  • Always use the sign off button to end your online banking session.
  • Check your account activity daily. Report any unauthorized transactions immediately.

Florence Bank will NEVER ask you for your passwords,account numbers, or other confidential information. Do not respond to these types of requests. Call the Bank immediately. 

Report Fraud

If you suspect that your Florence Bank account has been compromised, contact us at 413-586-1300 or reportfraud@florencebank.com immediately. 

Learn More

Warning Signs

Warning signs that your system/network may have been compromised include:

  1. Inability to log into online banking (thieves could be blocking customer access so the customer won't see the theft until the criminals have control of the money)
  2. Dramatic loss of computer speed
  3. Changes in the way things appear on the screen
  4. Computer locks up so the user is unable to perform any functions
  5. Unexpected rebooting or restarting of the computer
  6. Unexpected request for a one time password (or token) in the middle of an online session
  7. Unusual pop-up messages, especially a message in the middle of a session that says the connection to the bank system is not working (system unavailable, down for maintenance, etc.)
  8. New or unexpected toolbars and/or icons
  9. Inability to shut down or restart the computer
  10. Email account flooded with spam
  11. Unexpected email alerts related to password changes, new payees, or ACH/Wire initiation/approvals.

Incident Response Plan

Business Risk Assessment and Layered Security

Florence Bank joins FFIEC and the financial regulatory agencies in strongly urging business account holders to conduct internal assessments to ensure the highest level of security possible for your transactions. To ensure the safety and security of your account, we urge business account holders to:

  • Conduct periodic assessments of your internal controls
  • Use layered security for system administrators
  • Initiate enhanced controls for high-dollar transactions
  • Provide increased levels of security as transaction risks increase
  • Take advantage of additional verification procedures offered by the Bank

Business customers are also urged to create an incident response plan in the event fraud does occur. The incident response plan will be unique to each business, but at a minimum should include:

  • The direct contact numbers of key bank employees;
  • Steps the business should consider to limit further unauthorized transactions, such as:
  • Changing passwords;
  • Disconnecting computers used for Internet banking; and
  • Requesting a temporary hold on all other transactions until out-of-band confirmations can be made;
  • Information the business will provide to assist the bank in recovering their money;
  • Contacting their insurance carrier; and
  • Working with computer forensic specialists and law enforcement to review appropriate equipment.

While urging business account holders to conduct additional assessments and incident response plans, rest assured that Florence Bank uses multi-factor authentication to protect your online account(s). Whenever increased risk to your transaction security might warrant it, we have additional verification procedures such as:

  • Fraud detection and monitoring
  • Dual customer authorization
  • Out-of-wallet challenge questions for high risk transactions
  • Transaction value thresholds
  • Internet protocol reputation based tools
  • Policies and practices for addressing customer devices
  • Account maintenance controls

If you notice suspicious activity within your account or experience security-related events, please contact us immediately.

Resources

For more ways to learn about online safety and security, visit these websites:

The Better Business Bureau's website on Data Security Made Simpler

The Small Business Administration's (SBA) website on Protecting and Securing Customer Information

The Federal Trade Commission's (FTC) interactive business guide for protecting data

The National Institute of Standards and Technology's (NIST) Fundamentals of Information Security for Small Businesses

The jointly issued "Fraud Advisory for Businesses:Corporate Account Takeover" from the U.S. Secret Service, FBI, IC3, andFS-ISAC

NACHA – The Electronic Payments Association's website has numerous articles regarding Corporate Account Takeover for both financial institutions and banking customers

ICC Cyber Security Guide for Businesses (Guide can be accessed and downloaded by clicking here.)

Information Security Laws and Standards Affecting Business Owners

In addition to securing its own data and systems,businesses are required to safeguard its own customers' sensitive information.There are two major information security laws and standards affecting business owners today.

1. Effective March 1, 2010, the Office of Consumer Affairs and Business Regulation required full compliance with regulation 201 CMR 17.00 which sets out the standards for the protection of personal information of Massachusetts residents. Businesses that store, maintain, process or otherwise has access to personal information acquired in connection with employment or with the provision of goods or services to a Massachusetts resident has a duty to protect that information. Businesses are required to develop and maintain a Written Information Security Program ("WISP") to safeguard such information. For more information about this regulation, click here.

2. The Payment Card Industry Security Standards Council was launched in 2006 to manage security standards related to card processing.Any merchant that accepts credit or debit cards for payment is required to secure their data based on the standards developed by the council. The PCI Security Standards Council's website notes that noncompliance may lead to lawsuits, cancelled accounts, and monetary fines. The website provides information for small business compliance.