We take security seriously.
You should too.
Maintaining strong security practices is a responsibility we have as provider and which you must also participate in as a customer. By working together to make security a priority, we can safeguard your important information.
Helpful Security Information for You and Your Business
In addition to serving your financial needs, it is also our job to safeguard your sensitive and confidential information. Torrington Savings Bank takes all necessary steps to protect the security, privacy and use of your personal and financial information, including:
- Delivering our products and services using secure environments.
- Safeguarding our systems to meet federal and state regulatory expectations.
- Limiting employee access to your information.
For more detailed information, please review the Torrington Savings Bank Privacy Pledge
Lost or Stolen Card?
Debit Cards: 1-888-856-1868
Outside to the United States: 1-888-856-1868
Personal Credit Card: 1-800-558-3424
Business Credit Card: 1-866-552-8855
Here to Help
For more information or questions please contact us by phone at (860) 496-2152, email, or visit the branch location closest to you.
Card Controls
Instantly control your debit card to help protect yourself against fraud.
Act Swiftly to Protect Yourself
The internet has been called the information superhighway. But with scammers, hackers, and other bad guys trying to steal your personal information online, it’s a good idea to know how to lock down your devices, network, and information. That way, your passwords, Social Security number, or account numbers don’t go speeding along the superhighway to the scammers.
- Secure Your Device
- Secure Your Accounts
- Peer-to-Peer File Sharing
- Protect Your Home Network
- Protect Yourself While on Wi-Fi
Secure Your Devices
Keep your security software, internet browser, and operating system up to date.
Criminals look for weak points to exploit before the software companies can fix them. But updating your software regularly — as soon as possible when a newer version comes out — helps make sure you have critical patches and protections against security threats.
For information on how to update your security software, operating system and internet browsers and apps, go to the developer’s website. They usually have a way to sign up for email updates or set them up to update automatically. Don’t ignore reminders to make updates. You don’t want to leave a door open so hackers can get your information.
Be sure to update:
- Security software. Your antivirus or firewall programs must be up to date to work, whether they came pre-installed or you loaded them onto your device.
- Operating system software. This could be Windows, Apple OS, or Chrome, for example.
- Internet browsers and apps. Developers often provide updates to address security issues, to fix bugs, or add new features.
Secure Your Accounts
Once your computer, tablet, and phone are secure, next take steps to protect your accounts — particularly those with personal information, like your bank, email, and social media accounts.
Create and Use Strong Passwords
That means at least 12 characters. Making a password longer is generally the easiest way to increase its strength. Consider using a passphrase of random words so that your password is more memorable, but avoid using common words or phrases. For more tips, check out this Password Checklist.
Use Multi-Factor Authentication
Some accounts offer extra security by requiring two or more credentials to log in to your account. This is called multi-factor authentication. These additional credentials fall into two categories:
- Something you have, like a passcode you get via an authentication app or a security key.
- Something you are, like a scan of your fingerprint, your retina, or your face.
Multi-factor authentication makes it harder for scammers to log in to your accounts if they do get your username and password.
Choose Security Questions Only You Know the Answer to
Many security questions ask for answers to information available in public records or online. So, when you can, avoid questions like your zip code, mother’s maiden name, and birth place. And avoid using questions with a limited number of responses that attackers can easily guess — like the color of your first car. You can even put in random answers to make guessing more difficult. If you do that, though, you’ll have to remember the answers you use.
Back up your data to protect it. Backing up your data means making an extra copy of all your files. That way, if something happens — say a virus, your device crashes, or you’re hacked — you still have your files. It’s important to do it once a week so you don’t lose important data, like your photos, documents, and files. If you do need to restore a backup, it will only be as current as the last time you backed up.
Here are two options, and a few things to consider when choosing how to back up your files.
- Save your files in the cloud. There are many cloud storage services that let you save files and data online. You may be familiar with some, like Google Drive, Evernote, Dropbox, OneDrive, or iCloud, but there are many others out there. Many of these services come with some free storage space, and you can pay for more storage. When you save your information in the cloud, you’re trusting someone else to keep that information safe. If you’re thinking about using cloud storage, find out what level of privacy or security the different services offer.
- Save your files to an external storage device. A USB flash drive is an affordable option that offers a moderate amount of storage. Another option is an external hard drive. It might cost a little more than a USB drive, but it can give you more storage capacity, transfer data faster, and be more reliable. You can decide which files or folders to back up, and you may be able to schedule automatic backups.
Peer-to-Peer File Sharing
Peer-to-peer file-sharing programs can give you access to free music and videos, but they come with risks. For example:
- strangers might be able to see and share your personal files
- the program might share files and folders you didn’t plan on sharing
- you might unknowingly download malware, pirated or copyrighted material, or pornography.
If you decide to use a peer-to-peer program, use your security software to scan any files before you open them, and before you play any downloaded files. Avoid any peer-to-peer program that asks you to disable or change the settings of your firewall. Disabling or changing these settings could weaken your computer’s security.
One important way to protect your information is to protect your network at home. Think of your router as the connecting point between your devices and the internet. If malware gets onto any of your connected devices, it can spread to the other devices connected to your network. Your devices, accounts, and whole network are only as secure as your router.
See this article on Securing Your Home Network to learn how to quickly make your router and your network more secure.
You can control how secure your home network is — but you can’t do the same for public Wi-Fi. It’s always best to assume it’s not secure.
The easiest solution? Save your online shopping, banking, and other personal transactions for when you’re on your home network. Or use your mobile data, as that data is typically encrypted.
If you do use public Wi-Fi, read more about protecting your personal information while you’re online in public.
Source: FTC Protect Your Personal Information and Data
Security Benefits at Your Fingertips
Download the TSB Mobile App and bank with peace of mind.
- Lock & Unlock: Instantly disable your TSB Mastercard debit card if it is stolen or misplaced. Once you find it, you can easily enable it again.
- Locations: Stop fraudulent purchases outside of your regular geographic location. You can limit your card’s usage by zip code, city or state.
- Set -Up Account Alerts: Customize email, text, and notification alerts to stay aware of card use activities. Learn More
- Biometric Authentication: Use your fingerprint or facial features to quickly and easily sign on to our mobile app, available on select devices.
- Merchant Categories and Transaction Types: Select the merchant categories your card can be used at. For example, you could choose to allow purchase at all merchants except gas stations. Or block certain types of transactions, such as ATM transactions or online purchases.
- Travel Notifications: Help us know you and your card are traveling together. If you are already an Online Banking user, setting up Mobile Banking is easy.
How to Report Identity Theft
Defend against identity theft and fraud as soon as you suspect it. If you believe your Torrington Savings Bank account may be compromised and would like to report possible fraudulent activity, please call (860) 496-2152.
Report identity theft to the Federal Trade Commission (FTC)
If you suspect identity theft, you can: call the FTC at 1-877-438-4338 to speak with an identity theft counselor or write Identity Theft Clearinghouse, Federal Trade Commission, Washington, DC 20580. You can also submit a complaint online by visiting the Federal Trade Commission’s website at www.ftc.gov/idtheft.
File a police report
Contact your local law enforcement agency to file a report involving identity theft. Give a copy of the FTC theft complaint to law enforcement when you file the report.
Follow these additional steps to take action and protect yourself:
Place a “Fraud Alert” on Your Credit Reports
The alert tells creditors to follow certain procedures before they open new accounts in your name or make changes to your existing accounts. The three nationwide consumer reporting companies have toll-free numbers for placing an initial 90-day fraud alert. You only need to call one company for the alert to be put in place:
- Equifax: 1-800-525-6285 or www.equifax.com
- Experian: 1-888-397-3742 or www.experian.com
- TransUnion: 1-800-680-7289 or www.transunion.com
Carefully Review Your Credit Report
Placing a fraud alert entitles you to free copies of your credit reports. Look for inquiries from companies you haven’t contacted, accounts you didn’t open, and debits on your accounts that you can’t explain.
Close Accounts and Keep Good Records of Your Actions
Close any accounts that have been tampered with or established fraudulently. Contact the security or fraud departments of each company where an account was opened or changed without your okay and follow up in writing, with copies of supporting documents. You can use the ID Theft Affidavit at www.ftc.gov/idtheft to support your written statement. Ask for verification that the disputed account has been closed and the fraudulent debits discharged. Keep copies of documents and records of your conversations about the theft.
When you bank at Torrington Savings Bank, there are certain things you can count on:
Torrington Savings Bank will NOT request a customers’ personal information through regular email or text nor provide links within an email or text to update personal information. If you get such a request, do NOT click any links or use any information provided in the email to contact us.
Torrington Savings Bank employees will NOT ask for your Online Banking Password and we will NOT request that you send us unsecured emails containing your personal or financial information.
You should NEVER give out account numbers, social security numbers, credit card numbers, PINs, CVVs, passwords or passphrases to someone who contacts you claiming to be from Torrington Savings Bank.
Any request like those – whether made in person, over the phone or online from any source, and even if appearing to be Torrington Savings Bank should be treated with suspicion, and reported to us immediately at (860) 496-2152 or via email to fraud@torringtonsavings.bank..
How to Spot and Avoid Scams
Scammers can be very convincing, so it’s helpful to know some of the types of tricks they may try so that you can avoid them. It is always better to err on the side of caution before divulging any information. Remember – Scammers may pose as government officials, law enforcement or even a Torrington Savings Bank employee. If you think you may have been approached by a bad actor, please contact us immediately at (860) 496-2152, or you can email us at fraud@torringtonsavings.bank.
Download our “IT MAY BE A SCAM IF… FLYER” to help you spot common scams.
Other Resources for Scam and Fraud Prevention Include:
This collaborative educational resource teaches consumers about staying safe online. The Federal Trade Commission (FTC) manages the website in partnership with 15 other governmental agencies.
The Federal Deposit Insurance Corporation can help you protect yourself from identity theft and fraud.
Deter. Detect. Defend. The Federal Trade Commission offers a comprehensive identity theft resource for consumers and businesses.
The FBI provides this resource with information about some of the most common fraud schemes. Getting educated and taking a few basic steps may well keep you from becoming a victim of crime and fraud.
Business Security
Steps You Should Take to Protect Your Business
In addition to the types of good security practices you should follow as an individual, when it comes to your company, there are additional measures that we recommend to help prevent fraud and enhance your information security:
- Cybersecurity Basics
- Protect Your Wireless Network
- Make Smart Security Your Business as Usual
- Ransomware
- Phishing
Cyber Criminals Target Companies of All Sizes
Knowing some cybersecurity basics and putting them in practice will help you protect your business and reduce the risk of a cyber attack.
Protect Your Files & Devices
Update your software
This includes your apps, web browsers, and operating systems. Set updates to happen automatically.
Secure your files
Back up important files offline, on an external hard drive, or in the cloud. Make sure you store your paper files securely, too.
Require passwords
Use passwords for all laptops, tablets, and smartphones. Don’t leave these devices unattended in public places.
Encrypt devices
Encrypt devices and other media that contain sensitive personal information. This includes laptops, tablets, smartphones, removable drives, backup tapes, and cloud storage solutions.
Use multi-factor authentication
Require multi-factor authentication to access areas of your network with sensitive information. This requires additional steps beyond logging in with a password — like a temporary code on a smartphone or a key that’s inserted into a computer.
Protect Your Wireless Network
Secure your router
Change the default name and password, turn off remote management, and log out as the administrator once the router is set up.
Use at least WPA2 encryption
Make sure your router offers WPA2 or WPA3 encryption, and that it’s turned on. Encryption protects information sent over your network so it can’t be read by outsiders.
Make Smart Security Your Business as Usual
Require strong passwords
A strong password is at least 12 characters that are a mix of numbers, symbols, and capital and lowercase letters.
Never reuse passwords and don’t share them on the phone, in texts, or by email.
Limit the number of unsuccessful log-in attempts to limit password-guessing attacks.
Train all staff
Create a culture of security by implementing a regular schedule of employee training. Update employees as you find out about new risks and vulnerabilities. If employees don’t attend, consider blocking their access to the network.
Have a Plan
Have a plan for saving data, running the business, and notifying customers if you experience a breach. The FTC’s Data Breach Response: A Guide for Business gives steps you can take
Someone in your company gets an email.
It looks legitimate — but with one click on a link, or one download of an attachment, everyone is locked out of your network. That link downloaded software that holds your data hostage. That’s a ransomware attack.
The attackers ask for money or cryptocurrency, but even if you pay, you don’t know if the cybercriminals will keep your data or destroy your files. Meanwhile, the information you need to run your business and sensitive details about your customers, employees, and company are now in criminal hands. Ransomware can take a serious toll on your business.
How it Happens
Criminals can start a ransomware attack in a variety of ways.
Scam emails
with links and attachments that put your data and network at risk. These phishing emails make up most ransomware attacks.
Server vulnerabilities
which can be exploited by hackers.
Infected websites
that automatically download malicious software onto your computer.
Online ads
that contain malicious code — even on websites you know and trust.
How To Protect Your Business
Have a plan
How would your business stay up and running after a ransomware attack? Put this plan in writing and share it with everyone who needs to know.
Back up your data
Regularly save important files to a drive or server that’s not connected to your network. Make data backup part of your routine business operations.
Keep your security up to date
Always install the latest patches and updates. Look for additional means of protection, like email authentication, and intrusion prevention software, and set them to update automatically on your computer. On mobile devices, you may have to do it manually.
Alert your staff
Teach them how to avoid phishing scams and show them some of the common ways computers and devices become infected. Include tips for spotting and protecting against ransomware in your regular orientation and training.
What To Do If You’re Attacked
Limit the damage
Immediately disconnect the infected computers or devices from your network. If your data has been stolen, take steps to protect your company and notify those who might be affected.
Contact the authorities
Report the attack right away to your local FBI office.
Keep your business running
Now’s the time to implement that plan. Having data backed up will help.
Should I pay the ransom?
Law enforcement doesn’t recommend that, but it’s up to you to determine whether the risks and costs of paying are worth the possibility of getting your files back. However, paying the ransom may not guarantee you get your data back.
Notify customers
If your data or personal information was compromised, make sure you notify the affected parties ― they could be at risk of identity theft. Find information on how to do that at Data Breach Response: A Guide for Business
You Get an Email That Looks Like it’s From Someone You Know
It seems to be from one of your company’s vendors and asks that you click on a link to update your business account. Should you click? Maybe it looks like it’s from your boss and asks for your network password. Should you reply? In either case, probably not. These may be phishing attempts.
How Phishing Works
You get an email or text
It seems to be from someone you know, and it asks you to click a link, or give your password, business bank account, or other sensitive information.
It looks real
It’s easy to spoof logos and make up fake email addresses. Scammers use familiar company names or pretend to be someone you know.
It’s urgent
The message pressures you to act now — or something bad will happen.
What happens next
If you click on a link, scammers can install ransomware or other programs that can lock you out of your data and spread to the entire company network. If you share passwords, scammers now have access to all those accounts.
What You Can Do
Before you click on a link or share any of your sensitive business information:
Check it out
Look up the website or phone number for the company or person behind the text or email. Make sure that you’re getting the real company and not about to download malware or talk to a scammer.
Talk to someone
Talking to a colleague might help you figure out if the request is real or a phishing attempt.
Make a call if you’re not sure
Pick up the phone and call that vendor, colleague, or client who sent the email. Confirm that they really need information from you. Use a number you know to be correct, not the number in the email or text.
How to Protect Your Business
Back up your data
Regularly back up your data and make sure those backups are not connected to the network. That way, if a phishing attack happens and hackers get to your network, you can restore your data. Make data backup part of your routine business operations.
Keep all security up to date
Always install the latest patches and updates. Look for additional means of protection, like email authentication and intrusion prevention software, and set them to update automatically on your computers. On mobile devices, you may have to do it manually.
Alert your staff
Share with them this information. Keep in mind that phishing scammers change their tactics often, so make sure you include tips for spotting the latest phishing schemes in your regular training.
Deploy a safety net
Use email authentication technology to help prevent phishing emails from reaching your company’s inboxes in the first place.
What To Do If You Fall For a Phishing Scheme
Alert others
Talk to your colleagues and share your experience. Phishing attacks often happen to more than one person in a company.
Limit the damage
Immediately change any compromised passwords and disconnect from the network any computer or device that’s infected with malware.
Follow your company’s procedures
These may include notifying specific people in your organization or contractors that help you with IT.
Notify customers
If your data or personal information was compromised, make sure you notify the affected parties ― they could be at risk of identity theft. Find information on how to do that at Data Breach Response: A Guide for Business.
Report it
Forward phishing emails to reportphishing@apwg.org (an address used by the Anti-Phishing Working Group, which includes ISPs, security vendors, financial institutions, and law enforcement agencies). Let the company or person that was impersonated know about the phishing scheme. And report it to the FTC at https://reportfraud.ftc.gov/#/assistant.
