Security Statement
Our Security Policy
At Blue Ridge Bank and Trust Co., we value the safety and privacy of your personal information. In doing so, we want to remind you of our policies regarding nonpublic, personal information.
When you call us, come to a branch, or visit us online, we will ask for some information to verify your identity. But, we want to assure you that we will never call you or send you an email asking you to send us a response containing personal or private information.
In the past several months, several “scams” have been centered around phone calls or emails asking a customer to reveal account numbers, ATM or Debit Card numbers, passwords or other personal, private, nonpublic information. In some cases, scammers are sending fraudulent emails claiming to be from certain banks or banking agencies and then asking customers to visit a fraudulent web site identical to the bank’s authentic web site in order to have customers provide their personal information.
We want to remind you never to disclose ANY personal identifying information if requested via an unsolicited email or phone call. This includes:
- Blue Ridge Bank and Trust Co. account numbers or credit card numbers
- Personal Identification Numbers (PIN) or passwords
- Social Security Number
- Mother’s maiden name
- Other private information
Additionally, if you use Blue Ridge Bank and Trust online, log out when finished and close your browser before leaving your computer. Never leave your computer unattended during a Blue Ridge Bank and Trust online session.
If you ever get an unsolicited phone call or email claiming to be from Blue Ridge Bank and Trust asking you for personal identifying or account information, please do not respond. Call us at 816-358-5000 to let us know and to be sure you are communicating with Blue Ridge Bank and Trust Co. Also, be wary of any email asking you to log into Blue Ridge Bank and Trust online if it does not link to the official Blue Ridge Bank and Trust site located at https://www.blueridgebank.com.
Online Security Tips
- Never click on suspicious links in emails, tweets, posts, or online advertising. Links can take you to a different website than their labels indicate. Typing an address in your browser instead of clicking a link in an email is a safer alternative.
- Ensure your information is protected as it travels across the Internet by only submitting sensitive information to websites that use encryption. Verify the web address begins with “https://” (the “s” is for “secure”) rather than just “http://”. Some browsers also display a closed padlock. Do not trust sites with certificate warnings or errors. These messages could indicate your connection is being intercepted or the web server is misrepresenting its identity.
- Avoid using public computers or public wireless access points for online banking and other activities involving sensitive information, when possible.
- Always “Sign Out” or “Log Off” of password protected websites when finished to prevent unauthorized access. Simply closing the browser window may not actually end your session.
- Be cautious of unsolicited phone calls, emails, or texts directing you to a website or requesting information.
- Look beyond the logo. Scammers often use actual logos and corporate imagery on their sites. They also press you to provide, update or verify account information claiming access to your accounts will be suspended if you don't comply.
General PC Security Tips
- Maintain active and up-to-date antivirus protection provided by a reputable vendor. Schedule regular scans of your computer in addition to real-time scanning. This simple task makes it more difficult for scammers to access your confidential information and accounts. Anti-virus and anti-spyware software are available for purchase at major retail stores or on the Internet.
- Update your software frequently to ensure you have the latest security patches. This includes your computer’s operating system and other installed software (e.g., web browsers, Adobe Reader, Java, Microsoft Office, etc.).
- Automate software updates, when the software supports it, to ensure it’s not overlooked. If you suspect your computer is infected with malware, discontinue using it for banking, shopping, or other activities involving sensitive information. Use security software and/or professional help to find and remove malware.
- Use Firewalls on your local network to add another layer of protection for all the devices that connect through the firewall (e.g., PCs, smart phones, and tablets).
- Require a password to gain access. Log off or lock your computer when not in use.
- Use a cable lock to physically secure a laptop when the device is stored in an untrusted location.
Mobile Device Security Tips
- Configure your device to require a passcode to gain access. It is important to use the security measures available to you if you prefer mobile banking from your phone. Most phones will allow you to "lock" your phone with a PIN or security code, which makes it more difficult for others to access the device. If you leave it at the coffee shop or in your car, and it's stolen, your data is safer.
- Avoid storing passwords or sensitive information. Mobile devices have a high likelihood of being lost or stolen, so you should avoid using them to store sensitive information. Enter your password every time you need to access accounts rather than storing them automatically. Manually entering user IDs and passwords might be more time-consuming, but you'll thank yourself if your phone is ever stolen.
If sensitive data is stored, enable encryption to secure it. - Keep your mobile device’s software up-to-date. Review the privacy policy and data access of any applications (apps) before installing them. Disable features not actively in use, such as Bluetooth, Wi-Fi, and infrared. Set Bluetooth enabled devices to “non-discoverable” when Bluetooth is enabled.
- Turn off your Wi-Fi and Bluetooth. If you aren’t actually using them it’s a good idea to turn off Wi-Fi and Bluetooth. Disable automatic connections to your wireless profiles, and save only wireless profiles that you actually need to save. When your Wi-Fi and Bluetooth are turned on your device is constantly searching and sending out requests for those profiles and essentially advertising the name of every network you have connected to. Disabling them will decrease risk, increase privacy, and also improve your battery life.
- Delete all information on a device before the device changes ownership. Use a “hard factory reset” to permanently erase all content and setting stored on the device.
- “Sign Out” or “Log Off” when finished with an app, rather than just closing it.
- Utilize antivirus software where applicable (i.e., Androids, Windows, etc.).
- Do not jailbreak or otherwise circumvent security controls. There are numerous articles on the Internet detailing how to hack your device, but this is a bad idea if you're using mobile banking. Hacks create vulnerabilities in the security system of your device, which could leave it open to hackers who wouldn't have otherwise been able to gain access.
Subscribe to Remote Wiping Programs. Some phones have remote wiping services that can be used to erase all data if your phone is ever lost or stolen. Since banking on your cell phone can leave personal information on the device, these services create peace of mind. - Don't use online banking in a crowded area where anyone could look over your shoulder. If you must do this in public, sit or stand with your back to a wall, and look up from time to time. Maintaining awareness of your surroundings could help protect sensitive data.
- Download mobile application only from reputable stores authorized by the device manufacturer and only download apps or documents from trusted sources—that is, no file-sharing websites.
- Beware of Unknown Text messages. A lot of fraudsters are turning to texting as a way of gaining information for Identity Fraud. Be cautious in clicking on any links in a text message. It is always better to enter a known website address than to click a link!
Passwords
- Create a unique password for all the different systems/websites you use. Otherwise, one breach leaves all your accounts vulnerable.
- Never share your password over the phone, in texts, by email, or in person. If you are asked for your password, it’s probably a scam.
- Use unpredictable passwords with a combination of lowercase letters, capital letters, numbers, and special characters.
- The longer the password, the tougher it is to crack. Use a password with at least eight (8) characters. Every additional character exponentially strengthens a password.
- Avoid using obvious passwords such as:
- Names (e.g., your name, family members’ names, business name, user name, etc.)
- Dates (e.g., birthdays, anniversaries, etc.)
- Dictionary words
- Choose a password you can remember without writing it down. If you do choose to write it down, store it in a secure location.
Avoiding Social Engineering Attacks
In a social engineering attack, an attacker uses human interaction to manipulate a person into disclosing information. People have a natural tendency to trust. Social engineering attacks attempt to exploit this tendency in order to steal your information. Once the information has been stolen, it can be used to commit fraud or identity theft. Criminals use a variety of social engineering attacks to attempt to steal information, including:
- Website Spoofing - the act of creating a fake website to mislead individuals into sharing sensitive information. Spoofed websites are typically created to look exactly like a legitimate website published by a trusted organization.
- Phishing Emails or Phone Calls - when an attacker attempts to acquire information by masquerading as a trustworthy entity in an electronic communication. Phishing attacks are typically carried out through email, instant messaging, phone calls, and text messages (SMS).
Don't become a victim of social engineering! Follow these prevention tips:
- Pay attention to the web address (URL) of websites. A website may look legitimate, but the URL may have a variation in spelling or use a different domain.
- If you are suspicious of a website, close it and contact the company directly.
- Do not click links on social media sites, pop-up windows, or non-trusted websites. Links can take you to a different website than their labels indicate. Typing an address in your browser is a safer alternative.
- Delete email, text, and social media messages that ask you to confirm or provide sensitive information. Legitimate companies don’t ask for sensitive information this way.
- Beware of visiting website addresses sent to you in an unsolicited message. Even if you feel the message is legitimate, type web addresses into your browser instead of clicking links.
- Try to independently verify any details given in a message directly with the company.
- Utilize anti-phishing features available in your email client and/or web browser. Also, utilize an email SPAM-filtering solution to help prevent phishing emails from being delivered.
- Do not open attachments from unknown senders or unexpected attachments from known senders. Be cautious of the amount of personal data you make publicly available through social media and other methods.