What to do about the online security threats

What to do about the online security threatsOver the past several months, much has been written about the advanced, persistent threats to computer security. It seems as though each brings news of security breaches where passwords, credit card numbers and other personal information are possibly exposed to bad guys.

Peoples Bank is constantly monitoring its defenses to protect your sensitive data. The bank’s network and computers are always being tested and strengthened to avoid a data breach. And, we think about ways to help you protect yourself. The Bank’s “defense in depth” strategy includes customer education about the threats and how to address them.

Since data security is a critically important part of our standard business practice, as important to businesses as is managing the balance sheet, we are happy to share what we know with our business banking customers.

While new threats will continue to surface, the defense strategy remains unchanged. Thinking about vulnerabilities and being proactive to protect what is important – even when doing so is inconvenient – are the two things anybody can do to be safe. In this article, we include some reminders that we hope are helpful to you in taking those two steps to protect your financial and personal information online.

Train yourself how to think about online security

Answering questions related to online security is one way to prove to yourself that you are thinking like a person with important information to protect. So… what do you think would be the security implications in the hypothetical situations below? No cheating and reading ahead. These scenarios are written to help you think in terms of risk, access and control in the context of computers and networks. Can you think of some threats and risks? More important, by considering the bigger picture, can you think of a way to still move forward with technology while reducing or removing the risk?

  1. Your kids buy you a treadmill that needs a wireless connection to your home’s wireless router in order to post your work-out results to your online fitness page. Scenario One Solution
  2. Your wife manages the finances online and uses a 4-digit unlock code on her iPad. Scenario Two Solution
  3. Your husband thinks shredding check images from the bank statement is a hassle and makes too much noise. Scenario Three Solution
  4. Yahoo sends you an email with a link requesting you change your password because of the Heartbleed scare. The email reads in part something like “you need to change your password now. Please click here to conveniently and easily change your Yahoo! account password.” Scenario Four Solution
  5. You or someone who lives with you hates carrying keys. Those new door locks that can be controlled remotely with a smart phone look like a great solution… Scenario Five Solution
  6. Bonus question for business people: Vendors, customers, employees gripe about not having open internet access at your office. Often they need it to get something important done for you. The nephew of one of the employees has volunteered to help you set up a wireless network at the office to solve this problem. What risk(s) can you think of, and how can you mitigate them while solving the need? Scenario Six Solution

Let’s go through them. The 1st scenario would require that the wireless access point SSID and password be entered into a device on the treadmill that probably has no security features built in. Which means your secure router now has an unlocked door. A good way to mitigate this risk is to have 2 wireless networks, one that’s available with password but not connected to important assets like hard-drives or desktop computers. But what about the user account credentials that are used to post to the health web site? If the user id and password are unique to that site, there isn’t much to worry about. But, if you are in the habit of using the same user ID and password for lots of other sites, then you have a problem. Somebody could quite easily get that information off the treadmill and try to access other online accounts that have your credit card on file. Amazon, for example. Or the Wall Street Journal. Now you have a larger security risk. Mitigate that by never having the same password on multiple sites. The same thought process should happen when you considered scenario #5, the one about the remote door-lock app.

The 2nd scenario contains an obvious risk. The iPad that has access to financial sites is protected by a 4-digit code that would take a hacker only minutes to get past if he had the iPad in his hands. The ability to log into various websites via the iPad may or may not be easy for a hacker to accomplish; the bigger vulnerability in this case is the email app. If a bad guy has access to the email account, he can change passwords at will, including the password to your own email account(s) and thus gain access to an important part of your security defense. Mitigate the risk of the tablet (and other smart device) by requiring a better than 4-digit passcode, and make sure you have a way to wipe your iPad remotely when you need to.

Since your bank statement contains images of your signature on checks, there is an obvious risk if these statements are readily available at your home. The same is true if these check images are stored as digital files on your computer. Mitigate the risk of someone abusing your signature by deleting those files, or masking the signatures.

HeartbleedIn the 4th scenario, the bad guys are trying to deceive you into responding to a bogus, though topical, offer to correct a known problem. Recall that in April 2014 Yahoo! announced some of their sites were affected by the Heartbleed vulnerability and that users should change passwords. In this example, the bad guys are “phishing”, or trying to get you to click on a link that looks legit but is really a link to a nefarious web server. If you hover your mouse over the link (Email link example for this scenario – http://www.yahoo.com.passwordcorrection.com/password.aspx) you will see that it looks like a Yahoo address, but read further. The last two elements “passwordcorrection.com” just before the forward-slash or “/” tell you all you need to know. The site you end up at is not yahoo.com, it is passwordcorrection.com. It is doubtful that Yahoo would use a site other than their own to handle such an important matter. In fact, reputable companies would never ask you to change your password in an email. Never. (See more about phishing, the popular method used by bad guys to get your password, on our online security page.)

The 5th scenario poses an interesting problem. What does the door-lock need to know about you and your network in order to work properly? How secure is it? What happens when the batteries die or there is a power failure? In some cases, power failure causes the lock to release. Therefore the risk of unwanted physical access is that there is a power fault. Or that the system relies on an open wireless network that could be accessed and changed by a bad guy who could lock you out of your own home.

The 6th scenario is relevant to those who own or operate a business. These days, being in any office for any length of time that doesn’t have internet access is viewed as a nuisance, if not a problem. There is a reputational risk if not a business risk. For example, your salesman or saleswoman may not be able to adjust their quote with additional discount because they can’t get access to their corporate quotation system via the internet. But the risk of providing access to anybody means that a hacker could get a toehold into the corporate network and cause trouble if not harm. Especially if that router uses OpenSSL to manage encryption certificates. A hacker could easily grab corporate user accounts and passwords if the router hasn’t been patched. There are many tools out there to solve this problem affordably and with due caution. One way is to provide a small portion of the company internet access via a separate public network. But it’s important to keep the public access completely separate from the private corporate network. This isn’t hard to do, but does require a commercial-grade router that can be managed and monitored

There are far more vulnerabilities than these 6 little scenarios can feature. But, if you have Security Top of Mind Awareness, you won’t need a long list of “what-to-do’s” when presented decisions; you automatically will think in terms of risk, access, control to valuable network resources. And, act appropriately.

Be proactive in protecting your data

Nobody needs to tell you the advantages of being proactive rather than reactive. Proactive people are ahead of things and seem to have a much better quality of life – both for themselves and their family. A proactive person is “reactive in advance.” Such a person typically avoids the knee-jerk or reflexive and irrational response that others experience from having to deal with identity theft, because, for example, they put their online banking password on a post-it note attached to the computer.

Proactive steps you can take have been itemized in these pages before. A summary of these steps would be:

  1. Educate yourself about online security. Know what the threats are (even if you don’t understand how they work) and try to stay up-to-date. The online security suggestions from the Bank’s blog can help you with this. We provide topical suggestions and provide links to sources for expert advice.
  2. Create a good online banking password that is not used for any other web site and change it from time to time.
    1. Keep that password safe. Don’t write it down. Memorize it. Memorizing things is good for your brain, and, in this case, good for protecting your sensitive personal and financial information.
    2. A good password manager can help you keep track of passwords and other sensitive information.
    3. Do not click on any links in the emails asking you to change your password. Instead go directly to the company’s website to access your account and update your passwords.
  3. Protect your computer and mobile devices (tablets, smart phones, etc.).
    1. Make sure your computer’s operating system (OS) is updated and patched. Same for your mobile devices.
    2. Install good anti-malware software protection.
    3. ALWAYS use a passcode lock so that a stranger can’t easily use the computer or device. For computers, this means requiring a password to log in to the computer and to get past the screen saver. For mobile devices, this means adding a special code or fingerprint scan to unlock and use the device.
  4. Don’t give out your social security number, bank account number, your mother’s maiden name or other facts used to verify your identity to unauthorized people. Legitimate people would never ask for such information via email or social networks such as Facebook and Twitter. Peoples Bank would never do this and we encourage you not to include such facts in your communication with the bank via social networks or email.
  5. Make sure your home and office networks are secure. This means requiring a password to access the wireless network. It also means that the default administrator ID and password of the home or office router should be changed from a factory default setting.
  6. Know who to contact when something goes wrong. For example, keep track of your credit card providers’ phone number.

Peoples Bank is thinking of the vulnerabilities, and is proactive, too

We appreciate the trust you place in our ability to protect your money and make your dreams financially possible. We respect that opportunity. Peoples Bank goes to extraordinary lengths to help you conduct banking safely, securely and conveniently at our many branch offices or via the internet.

One of the things we offer to you that can have real value is the security solution Rapport by Trusteer. The bank has made this software available to its customers free of charge, but don’t let that no-cost feature put you off. The software can provide a high level of confidence that online transactions between your computer and the banks’ are protected and private. Browse our Online Security page to learn more about it.

We urge you to do your part to be cautious and wise in protecting your sensitive information. Together we can present a unified, strong defense against those who would do you harm. And, perhaps as important, together we can thrive, overcoming and dismissing those who would limit our opportunity to grow.

No matter what new technological threats may appear in the days to come, we are fairly certain that having and maintaining a mental awareness of the overall threat and a proactive defense is the way of success.

Be assured of our best wishes for your continued success!

Medicare Prescription Drug Coverage

Medicare Prescription Drug CoverageIf you’re covered by Medicare, here’s some welcome news—Medicare drug coverage can help you handle the rising cost of prescriptions. If you’re covered by original Medicare, you can sign up for a drug plan offered in your area by a private company or insurer that has been approved by Medicare. Many Medicare Advantage plans will also offer prescription drug coverage in addition to the comprehensive health coverage they already offer.

Although prescription drug plans vary, all provide a standard amount of coverage set by Medicare. Every plan offers a broad choice of brand name and generic drugs at local pharmacies or through the mail. However, some plans cover more drugs or offer a wider selection of pharmacies (for a higher premium) than others, so you’ll want to choose the plan that best meets your needs and budget.

prescription drugs
You should compare the details of each plan available in your area before choosing one. You can get personalized plan information at the Medicare website, www.medicare.gov, or by calling a Medicare counselor at 1-800-MEDICARE.

How much will it cost?

What you’ll pay for Medicare drug coverage depends on which plan you choose. But, here’s a look at how the cost of Medicare drug coverage is generally structured in 2014:

A monthly premium: Most plans charge a monthly premium. Premiums vary, but average $31. (Source: Centers for Medicare and Medicaid Services.) This is in addition to the premium you pay for Medicare Part B. You can have the premium deducted from your Social Security check, or you can pay your Medicare drug plan company directly.

An annual deductible: Plans may require you to satisfy an annual deductible of up to $310. Deductibles vary widely, so make sure you compare deductibles when choosing a plan.

A share of your prescription costs: Once you’ve satisfied the annual deductible, if any, you’ll generally need to pay 25% of the next $2,540 of your prescription costs (i.e., up to $635 out-of-pocket) and Medicare will pay 75% (i.e., up to $1,905). After that, there’s a coverage gap; you’ll need to pay 100% of your prescription costs until you’ve spent an additional $3,605. (Some plans offer coverage for this gap.) However, once your prescription costs total $6,455 (i.e., your out-of-pocket costs equal $4,550—you’ve paid a $310 deductible + $635 + $3,605 in drug costs—and Medicare has paid $1,905), your Medicare drug plan will generally cover 95% of any further prescription costs. For the rest of the year, you’ll pay either a coinsurance amount (e.g., 5% of the prescription cost) or a small co-payment for each prescription.

Again, keep in mind that all figures are for 2014 only—costs and limits may change each year, and vary among plans.

Prescription ChartNote: Health-care legislation passed in 2010 gradually closes the prescription drug coverage gap. In 2014, if you have spending in the coverage gap, you’ll receive a 52.5% discount on covered brand-name drugs, and a 28% discount on generic drugs. Other changes will take effect in future years.

What if you can’t afford coverage?

Extra help with Medicare drug plan costs is available to people who have limited income and resources. Medicare will pay all or most of the drug plan costs of seniors who qualify for help. If you haven’t already received an application for help, you can get one at your local pharmacy or order one from Medicare.

When can you join?

Seniors new to Medicare have seven months to enroll in a drug plan (three months before, the month of, and three months after becoming eligible for Medicare). Current Medicare beneficiaries can generally enroll in a drug plan or change drug plans during the annual election period that occurs between October 15 and December 7 of each year, and their Medicare prescription drug coverage will become effective on January 1 of the following year. If you qualify for special help, you can enroll in a drug plan at anytime during the year.

Note: Medicare beneficiaries can switch to a 5-star Medicare prescription drug plan during a Special Enrollment Period that runs from December 8, 2013 through November 30, 2014 if one is available in their area (limited to one plan change per year). A 5-star plan is one that has been rated as excellent by Medicare. Beneficiaries whose Medicare Part D drug plan fails for three straight years to achieve at least a 3-star quality rating will also be offered a special enrollment period that will allow them to move to a higher-rated plan.

Choosing a Medicare Prescription Drug Plan

doctor and mature patient

  • Start by making a list of all the prescription drugs you currently take and the price you pay for them to see how much you’re spending on prescription drugs.
  • Next, compare plans. Does each plan cover all of the drugs you currently take?
  • What deductible and co-payments does each plan require?
  • What monthly premium will you pay?
  • What pharmacies are included in each plan’s network?
  • Finally, ask for help if you need it. A family member or friend can help you find information, or you can call a Medicare customer representative at 1-800-MEDICARE.

 
If you already have Medicare drug coverage, remember to review your plan each fall to make sure it still meets your needs. Before the start of the annual election period, you should receive a notice from your current plan letting you know of any important plan modifications or additional plan options. Unless you decide to make a change, you’ll automatically be re-enrolled in the same drug plan for the upcoming year.

Do you have to join?

No. The Medicare prescription drug benefit is voluntary. However, when deciding whether or not to enroll, keep in mind that if you don’t join when you’re first eligible, but decide to join in a future year, you’ll pay a premium penalty that will permanently increase the cost of your coverage. There’s an exception to this premium penalty, though, if the reason you didn’t join sooner was because you already had prescription drug coverage that was at least as good as the coverage available through Medicare.

What if you already have prescription drug coverage?

Like many people, you may already have prescription drug coverage through the Medicare Advantage program, private health insurance such as Medigap, or your employer or former employer’’s health plan. You can generally opt either to keep that coverage or join a Medicare prescription drug plan instead. If you already have other prescription drug coverage, you’ll receive a notice from your current provider explaining your options.

What happens after you join?

Once you join a plan, you’ll receive a prescription drug card and detailed information about the plan. In order to receive drug coverage, you’ll generally have to fill your prescription at a pharmacy that is in your drug plan’s network or through a mail-order service in that network. When you fill a prescription, show the card to the pharmacist (or provide the card number through the mail) even if you haven’t satisfied your annual deductible, so that your purchase counts toward the deductible and benefit limits.

What if you have questions?

If you have questions about the Medicare prescription drug benefit, you can get help by calling 1-800-MEDICARE (1-800-633-4227) or by visiting the Medicare website at www.medicare.gov. Look for information in the mail from Medicare and the Social Security Administration (SSA), including a copy of this year’’s “Medicare and You” publication that will give you details about the prescription drug plans available in your area.

Contact our Peoples Investment Services, Inc. representative at 828-464-5620 or  www.raymondjames.com/PeoplesInvSvcs. 

This information, developed by an independent third party, has been obtained from sources considered to be reliable, but Raymond James Financial Services, Inc. does not guarantee that the foregoing material is accurate or complete. This information is not a complete summary or statement of all available data necessary for making an investment decision and does not constitute a recommendation. The information contained in this report does not purport to be a complete description of the securities, markets, or developments referred to in this material. This information is not intended as a solicitation or an offer to buy or sell any security referred to herein. Investments mentioned may not be suitable for all investors. The material is general in nature. Past performance may not be indicative of future results. Raymond James Financial Services, Inc. does not provide advice on tax, legal or mortgage issues. These matters should be discussed with the appropriate professional.

Securities offered through Raymond James Financial Services, Inc., member FINRA/SIPC, an independent broker/dealer, and are not insured by FDIC, NCUA or any other government agency, are not deposits or obligations of the financial institution, are not guaranteed by the financial institution, and are subject to risks, including the possible loss of principal.

Prepared by Broadridge Investor Communication Solutions, Inc. Copyright 2014

Adjustable Rate Mortgages – Friend or Foe?

Adjustable Rate Mortgage - Friend or Foe?With the changing rate environment, some have wondered about whether an Adjustable Rate Mortgage (ARM) is a better alternative to the traditional fixed-rate mortgage loan. Here are some tips to help you decide if an ARM would be right for you.

As with any loan, it is important to balance the risk against the reward. ARMs typically come with a lower initial rate that is variable, meaning it can go up if a certain index rate increases, but only to a certain level, and usually with caps on how much it can go up at a time. So with that uncertainty, how to decide if it is more to your advantage than a fixed-rate loan? Ask yourself the following questions:

  • How long are you going to stay? Generally, if you plan to move out of a home within a few years, you are more likely to benefit from an adjustable rate mortgage loan.
  • Which bank has the best features? Some ARMs may have a fixed rate for 10 years before the interest rate can change, others may reset after three. One may be better for you than another, depending on your circumstances. Also, the maximum rate increases during the interval and the life of the loan can be different from one lender to the next. Some lenders “discount” the initial rate of the ARM, which means that your payments are likely to increase A LOT beginning with the first reset period (when the 1st rate adjustment takes place).
  • Am I OK with the loan payment if the rate soars to its highest level while I still own the home? Your lender has to disclose the worst-case scenario with respect to rates, so assess the implications of that situation. Remember to factor the possibility of increasing property tax and insurance, because while your income may not increase, the property expenses probably will.

There are other factors to consider when evaluating whether an ARM represents a good opportunity. Your lender can help you decide which loan type makes the most sense, too. The FDIC has a helpful resource on its website, along with links to additional information. Read “The Comeback of the Adjustable Rate Mortgage” or to get the audio recording of the text.

Be In Charge of Your Credit Cards

Be In Charge of Your Credit CardsEver noticed how some people seem to manage their credit cards better than others? Perhaps that’s because managing credit cards starts before you even open the credit account.

Any purchase that is made with a credit card is a loan. It must be repaid. And as with any loan, the payment terms are very important considerations. As important as it is to use credit cards wisely, it is very important to choose a credit card that meets your needs and your financial circumstances. Choose wisely.

Take Charge and Pick the Right Card

Too often people are tempted to simply choose the credit card that came in the mail with the best offer, or the one at the store that offered such a discount on the purchase. But such a convenient circumstance may not represent the appropriate circumstance.

  • Think about how you will use the card. Do you expect to pay your card balance off in full every month? If so, the price discounts and even the points applied to charges may be a worthwhile feature. If not, you may be better off choosing a card with a lower Annual Percentage Rate (APR).
  • Shop and compare. Don’t assume that the credit card offers that come addressed just to you are the best deals for you. Take the time to compare current offers from several lenders. Their websites can help you make that decision. Some websites offer to make the comparison for you, but beware that sometimes the credit cards listed are there because they paid for advertising on the site.
  • Understand the key terms and conditions. The FDIC has published a very handy reference that describes APR, Fees and Rewards. Read that important summary.

A good manager understands the inner-workings of the process and controls what things are possible to control. Be a good manager of your credit cards. Choose wisely, use wisely, to avoid the trap of out-of-control debt.

For more tips and information, start at the FDIC Web page “How to Choose and Use a Credit Card”. Another resource is a set of questions and answers developed by the Consumer Financial Protection Bureau.