Online Security Tips
Sonabank is committed to providing secure online access to your accounts.
Keeping your financial and personal information confidential is one of our highest priorities. We will outline some of the ways Sonabank is protecting you, and some tips on how you can help protect yourself.
System Architecture: Sonabank utilizes many cutting-edge technologies to keep your information secure. This starts with a system architecture that ensures confidential account information is behind firewalls that block unauthorized access. Our dedicated IT security team uses sophisticated anti-intrusion and anti-malware systems to constantly monitor our network for potential malicious activity.
Encryption: If you are conducting a sensitive transaction on the internet, you should ensure that you have a secure SSL connection. How can I tell? The website should have "https://" in the address bar, as opposed to "http://" which is not a secure SSL connection. How is this secure if you are sending my account information over the Internet? We use at least 256 bit SSL encryption when sending account information from our servers to your computer's browser. What exactly does that mean? A unique 256 bit key is used to encrypt your information before it is sent over the internet, and you get a new session key every time you access Online Banking.
Login Procedures: We continuously monitor every attempted access to your account. If an incorrect password is entered too many times, our system will automatically lock that account and block any further access until a member of our Online Banking team can verify that the true account owner is attempting to access their account. Also, if our system does not recognize the computer that is accessing Online Banking we will automatically prompt additional security questions. As you can see, we take the security of your information seriously.
What can you do?
Anti-Malware Software: What is malware? Malware, malicious software, are programs or processes designed to take advantage of vulnerabilities in the Operating System, Browser or other programs on your computer. The type and purpose of the malware may cause it to be classified as a specific type such as virus, worm, trojan, adware, Man-in-the-Browser, Man-in-the-Middle, etc. Malware has nefarious purposes from disrupting your use, stealing user names, passwords, sending you to "fake" pages and more. You combat malware with specific software designed to detect and remove infections, known as Anti-Virus or Anti-Malware programs. Some options from well-known vendors:
System Updates: Computer malware such as viruses, trojans, worms, etc. are constantly evolving to take advantage of weaknesses in Operating Systems, Browsers, and other programs. As such, security patches and updates are released to close these exposed loopholes. Ensure that your systems are running on the most secure version(s) available. Be sure to keep your browser up-to-date; review our Browser Requirements.
Wireless Networks: With more powerful wireless routers providing greater network range it is imperative to ensure that your home's wireless network is secure. Some points to consider when setting up and securing a wireless network:
- Update the administrative password from the factory default to a more complex version with various letters, numbers, cases, and symbols.
- Disable remote administration and if possible block broadcasting the network SSID, the public name of the network.
- Enable WPA encryption, if WPA is not supported enable WEP encryption.
- If only specific computers will be accessing the network, you may consider enabling MAC filtering. Each computer network card has a unique MAC address, and MAC filtering can limit access to specific MAC addresses you configure.
Password, the phrase that lets you gain access to your sensitive financial information. With such importance, below are a few best practices to protect yourself:
- Do not use a password that can easily be guessed, and use a variety of symbols, characters, numbers and cases to maximize the effectiveness. Example: GH$21i!o0
- When selecting "secret questions" that allow an account to be reset or accessed from a new computer, use questions and answers that are not easily known or found. For example, with the proliferation of Social Networks and information sharing you should not choose "What is the name of your pet?" if you have shared multiple pictures visible to the public about you and "Roscoe" visiting the Veterinarian's Office.
- Never share your password or keep a written copy close to your computer in an unsecure location, such as an unlocked drawer or corkboard.
- Do not use the same password for all of your accounts. If your password is compromised from one of these locations, it could compromise all the other accounts.
- Change your password frequently
Online Banking is Safe
Though an Image and Pass Phrase will no longer be part of the login procedure, Sonabank's authentication feature three powerful levels of security to guard access to user accounts. This is a security system that uses more than one form of authentication to verify the legitimacy of a login attempt. The goal of Multifactor Authentication is to create a layered defense that makes it more difficult for an unauthorized person to access Online Banking.
Sonabank's authentication uses three layers of verification to prevent unauthorized access.
- The first level requires the correct entry of a User ID and Password. These must match system records or access will be refused.
- The second level of identification is the device the person uses to sign in. If the computer, phone or tablet is not recognized, the customer or member will be required to answer a challenge question or verify their registered email address to ensure their identity.
- The third level of authentication is based on geographic indicators. If a login attempt is made from a new geographic location, the user may be asked an additional challenge question or be required to verify their registered email address.
Fraudulent Websites & Emails
Criminals and fraudsters use websites and email to appear to be something that they are not, in order to collect your sensitive information. This can occur via impersonation to get you to directly divulge the information, or by sending you to a malicious website to inject malware onto your computer.
- First and foremost, if you ever have a doubt, question, or something does not appear right, call us at 888-464-2265 before proceeding.
- Fraudulent websites are designed to mirror the website which they are impersonating. By doing this they try to capture confidential information such as usernames, passwords, and more. Ensure that the web address in the URL bar of your browser has the proper domain such as "sonabank.com" for this website, or "web4.secureinternetbank.com" for Sonabank Online Banking.
- Fraudulent emails are also used to give the appearance of an official communication urging you to reply with confidential information, call a specific number, or instructing you to click on a link. This link could lead you to a malicious website that is waiting to install malware on your computer.
- Learn to spot fraudulent emails and websites by looking for common mistakes such as:
- Awkward or weird greetings
- Incorrect grammar or typos
- Links that lead to a different location than the displayed wording.
- "Urgent communication for your security or updating information immediately before account terminated"
- Sonabank logo or company name incorrect, i.e. "SonaBank"