Community Bank, N.A., (CBNA) is a full-service financial institution and national banking subsidiary of Community Bank System, Inc. With locations across Upstate New York and Northeastern Pennsylvania, CBNA offers personal loans, mortgages, checking and savings accounts, credit and debit cards, online banking, mobile banking, commercial loans, cash management and more. In addition to a full range of retail and business banking services, the company offers comprehensive financial planning, insurance and wealth-management services.
Submit
Menu
Home > Resources > Privacy & Security > Online Security

Online Security

Safeguarding your account information from current cyber threats is one of our top priorities. We continue to identify new tools and implement features in our online systems to assist you in ensuring that your data and assets are protected.

Although these tools and features help, you are the most critical element in the protection of your assets and smooth operation of your online accounts. Please review the information below to learn more on how to better protect yourself, as well as your business, from current cyber threats.

Protecting Myself and My Business

How we help you bank on the web:

  • We require that you change your Online Banking password every 180 days.
  • We require a strong password that includes at least one letter, one number and one special character.
  • We only support the most recent version and one previous version of IE, Safari, and Firefox browsers.
  • We use HTTPS protocols for communicating across the Internet to our site.
  • Our Online Banking system requires you to use a browser that supports 128-bit encryption.

What you can do:

  • Use a home or personal computer to access your Online Banking account.
  • Avoid public computers and areas with wifi hot spots.
  • For your business, use a dedicated PC that is not used for web browsing, email, or any other purpose aside from accessing Online Banking.
  • A dedicated PC limits the exposure of that machine to malicious software and activities, providing a safer environment from which to conduct your banking.
  • Log into Online Banking from our website, not from a stored link. Always open your Internet browser, and in the address bar type our address: www.communitybankna.com 
    When entering your user ID and password you should only see two URL’s in the address bar of your screen: https://www.communitybankna.com/ or https://cm.netteller.com/
  • Use one of the secure Internet browsers that we support. This insures that you have the most up to date security and that your system remains compatible with ours.
  • User ID and Password security:
    • When you change your password every 180 days, choose something that is different each time. Don't just add a number or letter to your existing password.
    • Never include your account number or Social Security Number as part of your User ID or Password.
    • Don't write down your User ID, password, or the answers to your security questions.
    • Don't share your User ID or password with friends, family, or coworkers.
  • Verify your secure picture when logging in and choose an image that is unique to you.
  • Do not leave your Online Banking account open on your browser when not in use.
    • When you are finished with your Online Banking session, be sure to log off. Never simply close the browser as this does not end your Online Banking session.
  • Never provide your user ID, password or any form of account information in an email. Community Bank, N.A. will never ask for, or email you, requesting online banking credentials, account information, or credit or debit card information. If you do get such a request please contact us immediately at 1-866-764-8638.

Mobile Banking

  • Use the online banking app for your cellular device.
  • Store mobile device phone accordingly. Take care to keep it safe from theft.
  • Password protect phone.
  • Delete text messages and clear recent call history.
  • Log off your online banking app when finished.

General Computer Security Tips

  • Keep your PC operating system updated and turn on automatic updating.
  • Install Antivirus and update it frequently.
  • Use a Firewall.
  • Clear your cookies and cache from your browser frequently.
  • Password protect your PC.
  • Do not store personal log on credentials, Social Security numbers or your account numbers on your PC.
  • Turn your PC or Laptop off when not in use.
  • Avoid unknown Internet sites.
  • Delete suspicious emails. If you do open a suspicious email, do not click on any of the links or attachments as they may contain malicious malware or viruses.
Additional Security Features for my Business

Our Business Online service is a powerful Cash Management tool that provides online functionality, such as online wires and ACH Origination, not available with our retail Internet platform. When using these online tools, it's important to maintain network security and protect your business against cyber threats.

Online security tips:

  • IP Restrict
    • We can limit access to your online account, to specific IP addresses that you provide to us.
  • Time Restrict
    • We can limit access to your online account to certain hours.
    • You can modify these hours for the company, or just for certain users.
  • Dual Control
    • Dual control is available for online wires, ACH, and the Bill Payment feature.
    • Dual control requires two individuals, one to create the transaction, and another to approve it.
  • Tokens
    • A token is an access device issued to users with ACH, Wire, or Bill Pay functionality.
    • The token is required, in addition to the User ID and Password, in order to gain access to the system.
  • Alerts
    • Mandatory alerts are generated to each company user when an ACH is initiated. The alert is an email notification of the event.
    • Alerts are also available for other types of events and we strongly encourage their use.
  • Multiple User IDs
    • Business Online is appropriate when the business requires access for more than one employee.
    • Each employee has their own unique User ID, Password, and Token if appropriate. If an employee leaves, access can be removed.
  • Positive Pay is available and strongly encouraged.
    • Based on an issued check listing you provide, we will present any exception to you for your payment decision.
    • We will block all ACH debits or credits from your accounts, and present any items that come to us, to you for your payment decision.
  • Enhanced Real Time Monitoring:
    • Anomaly detection
    • Transaction limits

What you can do:

  • We strongly recommend that Business Online customers utilize a dedicated PC.
    • Establish a PC that is not used for other tasks such as Web browsing and email.
    • This limits the exposure of that machine to malicious software and provides a safer environment from which to conduct your banking.
  • Monitor your accounts daily and bring any unauthorized activity to our attention immediately.
  • Take advantage of our Positive Pay program to take control of the items that clear your account.

 

Cyber Security Terminology

Antivirus: Software that is designed to protect, monitor and eliminate computer viruses.

Backdoor Virus: Hidden software or hardware used to modify security controls to allow for the installation of malicious code or control of a user’s computer.

Denial of Service (DOS): A type of attack that prevents systems from operating correctly by exhausting various network and memory resources.

Encryption: The process of encoding messages or information in such a way that only authorized parties can read it.

Firewall: Security system that uses software or hardware or sometimes both to prevent unauthorized users from accessing an individual’s or organization’s computer network.

Identity theft: Occurs when someone illegally obtains personal information and uses it to open additional accounts and initiate transactions.

Keylogger: A piece of software that can log all keystrokes on a computer keyboard.

Malware: Malicious software that aims to damage or perform other unwanted actions on a computer system.

Phishing: A form of fraud typically received through email that aims to trick the individual into giving out personal information or clicking on malicious links or attachments.

Ransomware: A form of malicious software that encrypts the files on your machine and demands some form of payment to “unlock” them.

Spoofing: A fraudulent email that appears to originate from an alternate source.

Spyware: An application that collects information regarding computer activities which are then sent back to an attacker.

Threat: An action that is directed at a person or organization which seeks to gain access, compromise or destroy information.

Trojan: A form of malicious software that can potentially give a hacker remote access.

Unauthorized Access: Gaining access into a computer system or network without the permission of the actual owner.

Virus: Self-replicating malicious code that can spread by inserting itself into other programs or files.

Vulnerability: Any type of weakness in a computer system that can be exploited to gain access to confidential information.

Worm: Smaller, independent programs that can replicate from machine to machine across a network. Worms do not typically alter files on a machine and can spread without any user interaction.

Frequently Asked Questions

What is Cyber Crime?

Cyber Crime can be described as any criminal activity that can be committed through the use of a computer or the Internet. Such activity can range from stealing personal information to installing malicious software on a PC to cause harm to an individual or business.

What is Phishing?

Phishing is a form of fraud typically received through email that aims to trick the individual into giving out personal information or clicking on malicious links or attachments. It is a very common method of attack and can also be classified as social engineering.

Can Internet Cookies be Harmful?

Yes, internet cookies can be harmful if they are malicious as they can track online activity. Always be sure to clear cookies from your Internet Browser on a daily basis.

What is the difference between a public computer and private computer? Which is more at risk to having malware?

Public computers are computers that are open to the public such as ones that are found in a library or hotel.

Private computers are computers that are located in privately owned areas, like a business or a home. Usually a limited number of individuals have access to this type of computer.

Although private computers carry their own risks, public computers are more susceptible to having malware because of the fact that multiple people use these types of machines to check email, instant message with others and browse the internet with. If you must use a public computer, always clear your history once finished and avoid working on anything of a sensitive nature.

How can I tell if my PC is unprotected?

Your PC is considered to be unprotected if you do not have an Antivirus or Firewall software installed, appropriate user access controls in place, or regularly applied Operating System updates.

What are the signs that my computer may have been compromised?

Signs that your computer may have been compromised include a sudden decrease in response time when using applications or experiencing “frozen” programs that cause your computer to crash. Other signs include unexplained account lockouts, inability to connect to a network, and connecting or being redirected to unfamiliar sites to enter personal information.

Why should I use a Firewall?

Firewalls are an important security system that helps reduce the risk of unauthorized access to one’s PC. Having a firewall can help protect a user from Trojan viruses, backdoors and even keyloggers when configured correctly.

My web browser gave me the option to remember my password for a website, what should I do?

Although a convenient feature, saving credentials when prompted is not recommended as it potentially allows someone accessing your computer the ability to log into various websites without actually knowing your password. Many times these passwords are stored in clear text which means they are not encrypted as well.

I have an unsecured wireless connection, should I be concerned about hackers?

Yes, having an unsecured wireless connection allows easy access for anyone within range including an intruder to join your network. To make your connection secured, please set the protection to WPA2 if available. Please reference your router’s manual for details.

Should I have spyware/antivirus protection installed on my PC/Laptop/Tablet?

Yes, everyone should have some form of spyware/antivirus protection installed on their PC/Laptop/Tablet.

How does an attacker carry out fraudulent activities?

Fraudulent activities come in all forms but typically originate through Email, accessing compromised websites, phone calls, and/or postal mail

Who do I contact if I feel my Internet banking account has been comprised?

Call the Electronic Banking Helpdesk at 1.866.768.8638

Cyber Awareness Tips
  • If an offer is made to you that just seems too good to be true then it probably is.
  • An attacker will try to trigger an emotion, for example urgency or fear, in an attempt to get you to act fast.
  • Be careful with how much information you put in your social media profiles. An attacker can use these sites to collect valuable information and use it to commit fraud on you or family/friends.
  • Second guess unsolicited emails containing Word and Excel attachments, especially if they require you to enable macros as they are potentially malicious.
  • Keep in mind that a friend’s or family member’s email account could become compromised. If you receive a suspicious email from them, reach out to confirm whether or not they intended to send it.
  • Attackers can spoof a sender’s email address to appear to be from anyone they choose.
  • Some of the most common places where social engineering attacks take place are via email, text message or even by phone.
  • Tech Support scams begin with phone calls from an attacker who claims they are from a well‐known company. They will typically try to convince you that your computer is infected with viruses. You should hang up the phone immediately.
Browser System Requirements

The Community Bank, N.A. website is built to be used with Microsoft Internet Explorer, Mozilla’s FireFox and Apple’s Safari web browsers, each in its latest, final release version from its respective publisher. Community Bank, N.A. makes no warranty of website functionality or of proper viewing in any browser other than the supported browsers.

Get in Touch

Stop into a branch, pick up the phone or email us.

Locate a Branch Contact Us