How we help you bank on the web:
- We require that you change your Online Banking password every 180 days.
- We require a strong password that includes at least one letter, one number and one special character.
- Our Online Banking system only supports the most recent version and one previous version of Microsoft Edge, Internet Explorer, Safari, Firefox and Chrome browsers.
- We use HTTPS protocols for communicating across the internet to our site.
- Our Online Banking system requires you to use a browser that supports 128-bit encryption.
What you can do:
- Use a home or personal computer to access your Online Banking account.
- Avoid public computers and areas with WiFi hot spots.
- For your business, use a dedicated PC that is not used for web browsing, email or any other purpose aside from accessing Online Banking.
- A dedicated PC limits the exposure of that machine to malicious software and activities, providing a safer environment from which to conduct your banking.
- Log into Online Banking from our website, not from a stored link. Always open your internet browser, and in the address bar type our address: cbna.com.
When entering your user ID and password, you should only see two URLs in the address bar of your screen: https://www.cbna.com/ or https://cm.netteller.com/. Use one of the secure internet browsers that we support. This ensures that you have the most up-to-date security and that your system remains compatible with ours.
User ID and password security:
- When you change your password every 180 days, choose something that is different each time. Don't just add a number or letter to your existing password.
- Never include your account number or social security number as part of your User ID or password.
- Don't write down your User ID, password or the answers to your security questions.
- Don't share your User ID or password with friends, family or coworkers.
- Verify your secure picture when logging in and choose an image that is unique to you.
- Do not leave your Online Banking account open on your browser when not in use.
- When you are finished with your Online Banking session, be sure to log off. Never simply close the browser as this does not end your Online Banking session.
- Never provide your user ID, password or any form of account information in an email. Community Bank, N.A. will never ask for, or email you, requesting online banking credentials, account information, or credit or debit card information. If you do get such a request, please contact us immediately at 1-866-764-8638.
- Use the online banking app for your cellular device.
- Store your mobile device phone accordingly. Take care to keep it safe from theft.
- Password protect your phone.
- Log off your online banking app when finished.
General Computer Security Tips:
- Keep your PC operating system updated and turn on automatic updating.
- Install Antivirus and update it frequently.
- Use a firewall.
- Clear your cookies and cache from your browser frequently.
- Password protect your PC.
- Do not store personal login credentials, social security numbers or your account numbers on your PC.
- Turn your PC or laptop off when not in use.
- Avoid unknown internet sites.
- Delete suspicious emails. If you do open a suspicious email, do not click on any of the links or attachments as they may contain malicious malware or viruses.
Our Business Online service is a powerful cash management tool that provides online functionality, such as online wires and ACH Origination, not available with our retail internet platform. When using these online tools, it's important to maintain network security and protect your business against cyber threats.
Online security features:
- IP Restrict: We can limit access to your online account to specific IP addresses that you provide to us.
- Time Restrict: We can limit access to your online account to certain hours. You can modify these hours for the company, or just for certain users.
- Dual Control: Dual control is available for online wires, ACH, and the Bill Payment feature. Dual control requires two individuals, one to create the transaction, and another to approve it.
- Tokens: A token is an access device issued to users with ACH, Wire, or Bill Pay functionality. The token is required, in addition to the user ID and password, to gain access to the system.
- Alerts: Mandatory alerts are generated to each company user when an ACH is initiated. The alert is an email notification of the event. Alerts are also available for other types of events and we strongly encourage their use.
- Positive Pay is available and strongly encouraged. Based on an issued check listing you provide, we will present any exception to you for your payment decision. You can also add ACH Debit Blocks and any ACH debits will also be presented to you for your payment decision.
- Multiple User IDs: Business Online is appropriate when the business requires access for more than one employee. Each employee has their own unique user ID, password, and token if appropriate. If an employee leaves, access can be removed.
- Enhanced Real-Time Monitoring: Performed for anomaly detection and transaction limits.
What you can do:
We strongly recommend that Business Online customers use a dedicated PC. Establish a PC that is not used for other tasks, such as web browsing and email. This limits the exposure of that machine to malicious software and provides a safer environment from which to conduct your banking. Monitor your accounts daily and bring any unauthorized activity to our attention immediately. Take advantage of our Positive Pay program to take control of the items that clear your account.
Antivirus: Software that is designed to protect, monitor and eliminate computer viruses.
Backdoor Virus: Hidden software or hardware used to modify security controls to allow for the installation of malicious code or control of a user’s computer.
Denial of Service (DoS): A type of attack that prevents systems from operating correctly by exhausting various network and memory resources.
Encryption: The process of encoding messages or information in such a way that only authorized parties can read it.
Firewall: Security system that uses software or hardware or sometimes both to prevent unauthorized users from accessing an individual’s or organization’s computer network.
Identity theft: Occurs when someone illegally obtains personal information and uses it to open additional accounts and initiate transactions.
Keylogger: A piece of software that can log all keystrokes on a computer keyboard.
Malware: Malicious software that aims to damage or perform other unwanted actions on a computer system.
Phishing: A form of fraud typically received through email that aims to trick the individual into giving out personal information or clicking on malicious links or attachments.
Ransomware: A form of malicious software that encrypts the files on your machine and demands some form of payment to “unlock” them.
Spoofing: A fraudulent email that appears to originate from an alternate source.
Spyware: An application that collects information regarding computer activities which are then sent back to an attacker.
Threat: An action that is directed at a person or organization which seeks to gain access, compromise or destroy information.
Trojan: A form of malicious software that can potentially give a hacker remote access.
Unauthorized Access: Gaining access into a computer system or network without the permission of the actual owner.
Virus: Self-replicating malicious code that can spread by inserting itself into other programs or files.
Vulnerability: Any type of weakness in a computer system that can be exploited to gain access to confidential information.
Worm: Smaller, independent programs that can replicate from machine to machine across a network. Worms do not typically alter files on a machine and can spread without any user interaction.
- If an offer is made to you that just seems too good to be true, it probably is.
- An attacker will try to trigger an emotion, for example urgency or fear, in an attempt to get you to act fast.
- Be careful with how much information you put in your social media profiles. An attacker can use these sites to collect valuable information and use it to commit fraud on you or family/friends.
- Second-guess unsolicited emails containing Word and Excel attachments, especially if they require you to enable macros, as they are potentially malicious.
- Keep in mind that a friend’s or family member’s email account could become compromised. If you receive a suspicious email from them, reach out to confirm whether they intended to send it.
- Attackers can spoof a sender’s email address to appear to be from anyone they choose.
- Some of the most common places where social engineering attacks take place are via email, text message or even by phone.
- Tech-support scams begin with phone calls from an attacker who claims they are from a well‐known company. They will typically try to convince you that your computer is infected with viruses. You should hang up the phone immediately.
The Community Bank website is built to be used with Microsoft's Edge and Internet Explorer, Mozilla’s Firefox, Apple’s Safari and Google’s Chrome web browsers, each in its latest, final release version from its respective publisher. Community Bank makes no warranty of website functionality or of proper viewing in any browser other than the supported browsers.
Frequently Asked Questions
Cyber crime can be described as any criminal activity that can be committed through the use of a computer or the internet. Such activity can range from stealing personal information to installing malicious software on a PC to cause harm to an individual or business.
Phishing is a form of fraud typically received through email that aims to trick the individual into giving out personal information or clicking on malicious links or attachments. It is a very common method of attack and can also be classified as social engineering.
Yes, internet cookies can be harmful if they are malicious, as they can track online activity. Always be sure to clear cookies from your internet browser on a daily basis.
Public computers are computers that are open to the public, such as ones that are found in a library or hotel.
Private computers are computers that are located in privately owned areas, like a business or a home. Usually, a limited number of individuals have access to this type of computer.
Although private computers carry their own risks, public computers are more susceptible to having malware because of the fact that multiple people use these types of machines to check email, instant message with others and browse the internet. If you must use a public computer, always clear your history once finished and avoid working on anything of a sensitive nature.
Your PC is considered to be unprotected if you do not have an antivirus or firewall software installed, appropriate user access controls in place or regularly applied operating system updates.
Signs that your computer may have been compromised include a sudden decrease in response time when using applications or experiencing “frozen” programs that cause your computer to crash. Other signs include unexplained account lockouts, inability to connect to a network, and connecting or being redirected to unfamiliar sites to enter personal information.
Firewalls are an important security system that helps reduce the risk of unauthorized access to one’s PC. Having a firewall can help protect a user from Trojan viruses, backdoors and even keyloggers when configured correctly.
Although a convenient feature, saving credentials when prompted is not recommended as it potentially allows someone accessing your computer the ability to log into various websites without actually knowing your password. Many times these passwords are stored in clear text, which means they are not encrypted as well.
Yes, having an unsecured wireless connection allows easy access for anyone within range, including an intruder, to join your network. To make your connection secure, please set the protection to WPA2 if available. Please reference your router’s manual for details.
Yes, everyone should have some form of spyware/antivirus protection installed on their PC/laptop/tablet.
Fraudulent activities come in all forms but typically originate through email, accessing compromised websites, phone calls and/or postal mail.
Call the Electronic Banking Help Desk at 1-866-764-8638