Our website requires some cookies to function properly. We do not use cookies for advertisements or tracking purposes. Learn MoreAccept
Hometown Community Bank
Insite National Bank

Internet Security Information

Consumer Alert Information
MultiKey Login Information

Our bank is dedicated to making information security one of our highest priorities. We utilize the latest software, hardware and other technologies to prevent unauthorized users from accessing our computer systems.

Internet Security We have implemented many different levels of security including User ID, password, encryption of sensitive data, and others. We utilize a technology called SSL (Secure Socket Layer). SSL is software to secure and protect web site communication using encrypted transmission of data. The SSL creates a secure communications channel between our Internet Banking server and your browser.

The following are some of the technologies we have implemented to ensure all transactions are secure:

Username and Password Protection
To access account information, you must provide a username and a password to enter the secure area of the site. Your password is not displayed when entered. If you do not provide this information, we cannot establish an online banking service for you.

What can I do?
Don't let anyone else know your password. Never write it down where anyone can find it. We also recommend that you change your password every 30 days or sooner. Use letters (upper and lower case), numbers, symbols. Use a different password for different internet websites. Don't use the same password for all of your websites that require you to login. Never access the online banking site from a computer or terminal that an untrusted individual or the general public may have access to. You should also take the standard precautions to keep your computer free from viruses.

Always Log Out
You should always log out of the online banking site when you are finished or if you are going to be away from your computer for an extended period of time. The log out will end your session, and you will be required to enter your User ID and password before entering the online banking website again.

If you have not accessed the internet banking for a period of time, your login session will automatically timeout. To start a new session, you will be required to enter your User ID and password on the login page.

Remember that once you've downloaded the proper browser, you must install it on your computer. Follow the browser manufacturer's instructions that appear on your screen.

 

Secure Sockets Layer (SSL)

After you are connected with a website that is secure, you will see a padlock or key icon on your browser that shows being locked or connected. This icon will only appear after you have gone to the Login web page. The padlock or key icon may not appear locked on pages where you are not logged on and where general information is displayed about the site. However, you can be assured that any screen which displays or requests information about your account, username, password or any other sensitive information is encrypted.

If you would like to read more information about SSL encryption, we recommend you read

VeriSign's SSL Page

The FREAK Attack

For those that do not know, the FREAK acronym stands for “Factoring Attack on RSA-EXPORT Keys CVE-2015-0204.” There has been a clamor about what caused this vulnerability and what can be done about it.

The cause is from a set of decisions made years ago by the US Government to ban the export of high level cryptography keys outside of the USA. That meant that many servers and clients had to be able to negotiate to high and low levels of encryption. Those low levels of encryption were based on approved “export grade” ciphers. Many servers and clients still run these old low level ciphers. They are the vulnerability that allows a Man in the Middle (MITM) attack to be successful. Without going into all of the technical details, suffice it to say, you can check your own Online Banking Website and any other website for an indication of this weakness. Those banks that transfer files to and from a vendor such as a correspondent bank could also use this tool to attempt to verify the security of the web server at their vendor. We use the word “attempt” with intent in that the industry is not consistent in what a fix may entail. There are work arounds that disable a short list of protocols and other work arounds that specify a longer list.

The website for testing your server is: https://www.ssllabs.com.

Be sure to use the “Test your server” option and verify the exact name of the https (secure) website for the test. If there is a problem identified by the Qualys SSL Labs test, you need to discuss it with that vendor. We recommend checking the option “Do not show the results on the boards”.

Just as important in this situation if not more so is the browser or client test.

The website for testing your browser is: https://www.ssllabs.com.

Be sure to use the “Test your browser” option. It will test your browser to see if it is secure from this attack or if it needs to be reconfigured.

Previous to the public awareness of FREAK we had disabled the weak as well as “export” cipher protocols in the web servers of our Online Banking banks. That said, the online test sites only check for a list of weak ciphers. We are not aware of any that check for a downgrade negotiation which is the heart of the FREAK attack. As always, if you have questions, give us a call. We cannot, however, answer for your customers' browsers.

 

Network Security and Monitoring

Firewalls are an essential part of network security. They are used to protect your internal network from external threats that can compromise data and data transmissions. We are using our firewalls to monitor all transmissions from the internet. Our firewalls create logs of network traffic that allow for centralized auditing and security monitoring. We have also setup security policies on the firewall to stop any suspected malicious activity.