Security Agreement

Winter Park National Bank is committed to keeping your privacy and financial information secure. We provide certain security features, policies, and procedures to provide you with multiple layers of protection when using our internet-based services.
 

Revealing Your Financial Information

Winter Park National Bank will NEVER request your personal information through e-mail or by requesting you follow a link. Criminals use a variety of attacks to attempt to steal information, including: 
 
Social Engineering
In a social engineering attack, an attacker uses human interaction to manipulate a person into providing them information. People have a natural tendency to trust. Social engineering attacks attempt to exploit this tendency in order to steal your information. Once the information has been stolen it can be used to commit fraud or identity theft. 
 
Website spoofing
The act of creating a fake website to mislead individuals into sharing sensitive information. Spoof websites are typically made to look exactly like a legitimate website presented by a trusted organization. 
 
Prevention Tips

  • Pay attention to the web address (URL) of websites. A website may look legitimate, but the URL may have a variation in spelling or use a different domain (ie: .net, .org) 
  • If you are suspicious of a website, close it and contact the company directly. 
  • Do not click links on social networking sites, pop-up windows, or non-trusted websites. Links can take you to a different website than the link indicates. Typing an address in your browser is a safer alternative. 
  • Do not open attachments or download files from unfamiliar sources. Files can contain viruses or other software that can penetrate your computer’s security. 
  • Only give sensitive information to websites using a secure connection. Verify the web address begins with “https://” (the “s” is for secure) rather than just “http://”. 
  • Avoid using websites when your browser displays certificate errors or warnings. 
 
Phishing:
Phishing is when an attacker attempts to acquire information by masquerading as a trustworthy source in an electronic communication. Phishing messages often direct the recipient to a spoof website. Phishing attacks are typically carried out through email, instant messaging, telephone calls, and text messages (SMS). 
 
Prevention Tips

  • Delete email and text messages that ask you to confirm or provide sensitive information. Legitimate companies don’t ask for sensitive information through email or text messages. 
  • Beware of visiting website addresses sent to you in an unsolicited message. Even if you feel the message is legitimate, type web addresses into your browser or use bookmarks instead of clicking links contained in messages. 
  • Install a Firewall via software or hardware. A firewall will prevent attacks on your computer through the internet be detecting if the connection is malicious. 
  • Keep your internet browser, anti-virus and anti-spyware update by visiting the manufacturer’s website regularly and checking for updates. 
  • Log off and/or lock your computer when not in use. Require a password to unlock.
 

Protect your Business from Corporate Account Takeover

What would you do if you suddenly noticed that huge chunks of money had been drained from your business account into overseas accounts? Online criminals are using increasingly sophisticated techniques to commit payments fraud against commercial business accounts.
 

Corporate Account Takeover

Corporate account takeover is a type of fraud where thieves gain access to a business’ finances to make unauthorized transactions, including transferring funds from the company, creating and adding new fake employees to payroll, and stealing sensitive customer information that may not be recoverable. Thousands of businesses have fallen victim to this type of fraud, and the losses have ranged from a few thousand to several million dollars.
 

Regulation E

What’s more, business bank accounts are NOT protected under Regulation E, so when business accounts are compromised, you may lose all, or at least some of the money lost. Today, security is a shared responsibility between you and Winter Park National Bank. Corporate account takeover attacks today are typically perpetrated quietly by introducing malware through a simple phishing email, a deceptive social engineering ploy, or an infected website. For a business that has low resistance to attack, they may remain undetected for weeks or even months.
 

Protect Your Business

The best way to protect your business is to develop a strong partnership with Winter Park National Bank and establish safeguards on your accounts to help the bank identify and prevent unauthorized access to your funds.
 
  • Develop a security plan. Each business should evaluate its risk profile and develop a security plan that includes sound business practices. The Federal Communications Commission provides a free and comprehensive Cyber Security Planning Guide to assist in developing or reviewing your comprehensive security plan.
  • Protect your online environment. Protect your computers just as you would your cash. Use appropriate tools to prevent and deter unauthorized access to your network and make sure you keep them up to date. Encrypt sensitive data and use complex passwords and change them regularly.
  • Create a secure financial environment. Dedicate one computer exclusively for online banking. This computer should not be connected to the business network, have email capability, or connect to the Internet for any purpose other than online banking.
  • Partner with Winter Park National Bank to prevent unauthorized transactions. Talk to your local Winter Park National Banker about programs that protect you from unauthorized transactions. Positive Pay and other services offer call backs, device authentication, multi-person approval processes and batch limits to help protect you from fraud.
  • Pay attention to suspicious activity and react quickly. Watch for unexplained account or network activity, pop ups, and suspicious emails. If detected, immediately contact Winter Park National Bank, stop all online activity and remove any systems that may have been compromised. And keep records of what happened.
  • Understand your responsibilities and liabilities. The account agreement with Winter Park National Bank explains what reasonable security measures are required in your business. You need to understand and implement these security safeguards. If you don’t, you could be liable for any losses.
  • Educate all employees about cybercrimes so they understand that even one infected computer can lead to an account takeover. One infected computer can compromise your entire network. All employees, even those with no financial responsibilities, should receive security awareness training.
  • Since cyber threats change rapidly, it’s important that you stay informed about the evolving threats and adjust your security measures accordingly. You and your employees are the first line of defense against corporate account takeover.