Common use of Security Recommendations Clause in Contracts

Security Recommendations. The upward trend of more and more customers using online channels for banking and financial services has expanded the opportunities for criminals and cyber-crime. Cybercriminals using malware, keystroke loggers and/or Trojan viruses can capture customer information such as login credentials and Multi-Factor Authentication challenge questions/answers and can highjack the user’s computer using their IP address so that the criminal will appear to be the end-user. Some of the most common approaches for criminals to compromise end-user data is to take advantage of end- users signing on to unsecured networks, not having up to date virus protection and security patches, visiting compromised web sites or opening attachments with embedded malware or Trojan software. Due to the sophisticated nature of this crime, there is not one single solution for online security. The best approach is a multi-layered approach. The Bank recommends the use of a stand-alone computer to perform Cash Management activities ensuring that the computer is hardened, is not used for web-surfing or email, and that anti-virus software and security patches are installed and kept current. The Bank is not responsible for any electronic virus or viruses that you may encounter. We suggest that you routinely scan your PC using a continually updated virus protection product that also scans Internet and e-mail files. An undetected virus may corrupt and destroy programs, files, and your hardware, and may even affect portions of the software used for The Bank’s online banking. Customer authorizes the Bank to take on the Customer’s behalf any action necessary to complete any transaction initiated through the Services. This authority includes, without limitation, the withdrawal of funds from any of Customer’s Accounts or the obtaining of a loan or new deposit account both of which are effective as though the Customer had signed a check or withdrawal form to make the withdrawal or signed a direct loan check to obtain the loan. New services may be introduced for Online Banking from time to time. The Bank will notify you of the existence of these new services. By using these services when they become available, you agree to be bound by the rules governing the use of such services, which will be made available to you concerning these services.

Security Recommendations. The upward trend of more and more customers using online channels for banking and financial services has expanded the opportunities for criminals and cyber-crime. Cybercriminals Cyber criminals using malware, keystroke loggers and/or Trojan viruses can have the ability to capture customer information such as login Login credentials and Multi-Factor Authentication challenge questions/answers and can highjack the user’s computer using their IP address so that the criminal will appear to be the end-user. Some of the most common approaches for criminals to compromise end-end user data is to take advantage of end- end users signing on to unsecured networks, not having up to date virus protection and security patches, visiting compromised web sites or opening attachments with embedded malware or Trojan software. Due to the sophisticated nature of this crime, there is not one on single solution for online security. The best approach is a multi-layered approach. The In addition to the information mentioned in the Use of Your Security Password; Authorization section: We require an alpha-numeric password that is 8-10 characters in length. We recommend that you create a password that utilizes both upper and lower case alpha characters. While it may seem like an inconvenience to change your password, this is an essential piece of the multi–layered security approach. We require you to change your password from time to time and do not allow you to use one of your previous four (4) passwords. Your password should not be associated with any commonly known or easily accessible personal identification, such as social security numbers, address, date of birth, names of children, and should be memorized rather than written down. As an enhanced online security feature, the System utilizes the RSA Multi-Factor Authentication Solution. RSA Authentication provides you added safety by helping ensure that only you can access your bank account. RSA Authentication remembers which computer(s) you normally use, preventing potential fraudsters from logging into your account even if they somehow obtain your login information. When the computer you are using to access the System is not recognized, you must verify your identity by responding correctly to the Challenge Questions that you established during the User enrollment process before you can proceed to access the System. We recommend that Cash Management Administrators establish a series of valid days of the week and/or time limitations for each User within the User settings. If a User attempts to log in and the day or time does not match what is enabled, they will receive a message indicating that they cannot login. Catskill ▇▇▇▇▇▇ Bank recommends the use of a stand-alone computer to perform Cash Management activities ensuring that the computer is hardened, is not used for web-surfing or email, and that anti-virus software and security patches are installed and kept current. The Catskill ▇▇▇▇▇▇ Bank is not responsible for any electronic virus or viruses that you may encounter. We suggest that you routinely scan your PC using a continually updated virus protection product that also scans Internet and e-mail files. An undetected virus may corrupt and destroy programs, files, files and your hardware, and may even affect portions of the software used for The Catskill ▇▇▇▇▇▇ Bank’s online banking. Customer authorizes the Bank to take on the Customer’s behalf any action necessary to complete any transaction initiated through the Services. This authority includes, without limitation, the withdrawal of funds from any of Customer’s Accounts or the obtaining of a loan or new deposit account both of which are effective as though the Customer had signed a check or withdrawal form to make the withdrawal or signed a direct loan check to obtain the loan. New services may be introduced for Online Banking from time to time. The Bank will notify you of the existence of these new services. By using these services when they become available, you agree to be bound by the rules governing the use of such services, which will be made available to you concerning these services.

Security Recommendations. The upward trend of more and more customers using online channels for banking and financial services has expanded the opportunities for criminals and cyber-crime. Cybercriminals Cyber criminals using malware, keystroke loggers and/or Trojan viruses can have the ability to capture customer information such as login credentials and Multi-Factor Authentication challenge questions/answers and can highjack the user’s computer using their IP address so that the criminal will appear to be the end-user. Some of the most common approaches for criminals to compromise end-end user data is to take advantage of end- end users signing on to unsecured networks, not having up to date virus protection and security patches, visiting compromised web sites or opening attachments with embedded malware or Trojan software. Due to the sophisticated nature of this crime, there is not one single solution for online security. The best approach is a multi-layered approach. The Bank recommends the use of a stand-alone computer to perform Cash Management activities ensuring that the computer is hardened, is not used for web-surfing or email, and that anti-virus software and security patches are installed and kept current. The Bank is not responsible for any electronic virus or viruses that you may encounter. We suggest that you routinely scan your PC using a continually updated virus protection product that also scans Internet and e-mail files. An undetected virus may corrupt and destroy programs, files, files and your hardware, and may even affect portions of the software used for The Bank’s online banking. Customer authorizes the Bank to take on the Customer’s behalf any action necessary to complete any transaction initiated through the Services. This authority includes, without limitation, the withdrawal of funds from any of Customer’s Accounts or the obtaining of a loan or new deposit account both of which are effective as though the Customer had signed a check or withdrawal form to make the withdrawal or signed a direct loan check to obtain the loan. New services may be introduced for Online Banking from time to time. The Bank will notify you of the existence of these new services. By using these services when they become available, you agree to be bound by the rules governing the use of such services, which will be made available to you concerning these services.