Your Business.Your Bank.

Is your business at risk for a Corporate Account Takeover?Corporate Account Takeover — a type of fraud where thieves gain access to your business finances to make unauthorized transactions and transfers — is one of the fastest growing threats for small business. But what exactly is a corporate account takeover? And more importantly, how can you protect your business from falling victim to one?

How it worksWith a corporate account takeover, fraudsters use phishing, phone calls, social media, and other means to get you to provide personal information or download malicious software that allows them to obtain your Online Banking login credentials. Once they gain access to your accounts, they can fraudulently transfer funds, steal your information and more.

The methods they use to gather your credentials are becoming more and more sophisticated and may include:

• Fake emails from your bank about “a problem with your account.”

• False complaints from the Better Business Bureau about your business.

• Emails or messages from the Internal Revenue Service about “money you owe.”

• Fake updates about delivery problems with UPS packages.

• Error alerts from NACHA that there is “a problem with an electronic transaction.”

What to do if you suspect fraud In the unfortunate event your company falls victim to corporate account takeover, follow these important steps:

• Stop using Online Banking and unplug your computer immediately.

• Contact your bank as well as the proper authorities.

• File a police report.

We’re here for you

Jewett City Savings Bank is committed to ensuring that your account information — and your money — is protected. If you believe you may have been impacted by a corporate account takeover or other type of fraud, we urge you to contact us immediately. We will work with you to review your account activity and, if possible, prevent any unauthorized transactions.

In this issueProtecting your company from a corporate account takeover

Creating a Secure Corporate Culture

10 Tips for a More Secure Online Banking Experience

5 Cybersecurity Trends to Be Aware of in 2018

2018Security Update

Visit our Security CenterFor more information on cyber threats and ways to protect your business, visit our Security Center at jcsbank.com.

10 Tips for a More Secure Online Banking Experience 1. Use and update Online Banking

passwords regularly. Do not write down your passwords or make them easy to discern.

2. Install and maintain the latest ant-virus, anti-spam, and anti-malware protection.

3. Do not leave computers unattended. Make sure they are turned off or locked when not in use and that they require a password to unlock or start up.

4. Do not bank online using public networks.

5. Never open attachments or click on any links from senders you don’t recognize.

6. If something doesn’t make sense, such as a strange pop-up message or email from your bank, report it immediately.

7. Set account alerts to be notified about account activity.

8. To ensure a secure experience, make sure that “https” appears in the browser for secure Online Banking.

9. Keep your computer’s operating system up to date by downloading security and other updates.

10. If the Online Banking application looks different, stop using it and contact your bank immediately.

Protecting your company from a corporate account takeover There are some important steps you can take to greatly reduce the chances of a corporate account takeover:

Review your vulnerabilities. Do you have several employees who manage your Online Banking access activities? Are they using several different computers? Are those computers used for other activities, such as web surfing and sending and receiving emails? Every “yes” answer makes you more susceptible to corporate account takeover. Take a look at the process you use for Online Banking and assess your vulnerabilities.

Educate your employees. The best defense against fraudsters is knowledge. Take the time to educate your employees about corporate account takeovers. Make sure they know what to look for, such as suspicious emails or pop-up messages, and know not to download attachments or click on links from unknown or suspicious sources.

Use a designated computer for banking online. One way to minimize risk is to limit the number of computers used for Online Banking activities. For best practices, try not to use the same computers for Online Banking, surfing the web, or sending and receiving email. And make sure all your computers are running anti-virus and anti-spam software, and that all sensitive data on your computer is encrypted.

Ensure your network is secure. Online Banking should never be accessed using a public network, such as those often available at coffee shops or airports.

Monitor account activity every day. Check your account activity regularly and set account alerts to notify you when specific account activity occurs, such as an account login or an electronic debit from your account.

Communicate with your bank. If you notice suspicious account activity or have concerns about emails or pop ups, contact us immediately.

Know your rights and responsibilities. Review our Online Banking agreement to understand your responsibilities in protecting and safeguarding your accounts, which will help you determine liability in the event of fraud.

Conduct ongoing risk assessments. Regularly review your security procedures as well as the latest updates on new and potential scams. Review policies with new and existing employees. Even employees with no financial responsibilities should be educated about potential threats.

Security Update

Creating a Secure Corporate Culture

With the increase and sophistication of cyber attacks, it’s important for business owners to make cyber security a priority — at all levels of an organization. Here are some suggestions for creating a secure corporate culture in your company:

Assign cyber security responsibilities. Cyber security involves all levels of an organization, not just IT staff. Create a security committee that includes all departments and levels of your organization. For example, representatives from Human Resources should be involved to ensure employees have proper training on security procedures and practices.

Create and document security policies. All employees — new and existing — should receive and be familiar with your company’s security policies.

Incident reporting. Provide a forum or process for employees to report potential security threats or incidents, such as an internal IT hotline number.

Offer ongoing information and training. Ensure employees are informed about new threats, as well as any changing company-wide security practices.

Risky Business…5 Cybersecurity Trends to Be Aware of in 2018Cyber criminals are constantly coming up with new and innovative ways to attack unsuspecting companies. The best defense is to stay informed about the latest fraud trends and scams. Here are some new trends to be aware of in 2018:

1 Artificial Intelligence (AI) fraud. Artificial intelligence software can be a great tool for data security managers to predict when cyber attacks may occur. However, it may also allow fraudsters to automate the collection of information from multiple sources, such as social media and online forums.

2 Increase in Ransomware. With this type of fraud, hackers threaten victims, usually by denying data access if they don’t pay a financial ransom. Data security managers should never underestimate the impact or scope of danger that Ransomware can create as some cyber criminals may target critical systems, such as power grids.

3 Sandbox Malware. As IT attacks become more sophisticated, more and more data security managers are utilizing sandboxes for detecting and preventing malware attacks. However, cyber criminals are becoming increasingly adept at utilizing technology to detect when they are operating in a sandbox, allowing them to implement malware attacks outside the sandbox.

4 Multi-factor Authentication. In an effort to make the user experience easier, many companies have avoided using multi-factor authentication. However, with so many cyber attacks involving weak or stolen passwords, an increasing number of companies are introducing multi-factor authentication.

5 State-sponsored attacks. An alarming trend in cyber fraud involves the increase in state-sponsored cyber attacks. These attacks are often implemented for political reasons to acquire information to negatively impact political parties. These attacks frequently occur in countries, such as China, Russia, Iran, Israel, North Korea and the United States.

For more information on cyber threats and ways to protect your business, visit our Security Center at jcsbank.com.

2018

180JCN000FMember FDIC

Your Business.Your Bank.

LocationsBrooklyn490 Providence Road Brooklyn, CT 06234860-774-8558

Dayville560 Hartford PikeDayville, CT 06241860-779-1444

Jewett City111 Main StreetJewett City, CT 06351860-376-4444

Plainfield48 Norwich Road Plainfield, CT 06374860-564-3375

Preston353 Route 165Preston, CT 06365860-204-9944

Online atwww.JCSBank.com

The Password is SECURE.You’ve heard it over and again — the importance of choosing strong passwords to access your bank and other accounts online. But what exactly makes up a good password? Here are some guidelines for a good and cryptic password:

• Your passwords should use a mixture of upper and lowercase letters, numbers, and symbols.

• Your passwords should be at least 8 characters in length.

• Your passwords should be changed regularly.

• Your passwords should not be easy to discern, and should never include easy-to-guess information such as birthdays, the names of your pets, etc.

• Make sure your passwords are easy for you to remember, eliminating the need for you to write them down.

Important ReminderJewett City Savings Bank will never call you or email you asking for business or account information, such as your tax identification number or Online Banking password. If you receive such requests, do not provide the information and contact us immediately.