Mason City National Bank

Security Statement

The objectives of this security statement is to assure that Mason City National Bank’s security procedures are managed to obtain an appropriate level of continuous protection and to be consistent with safe banking practices. The safety of bank employees, customers, and all other persons on bank premises is paramount. It is the policy of this bank to:

  • To ensure the security and confidentiality of customer records and information.

  • To protect against any anticipated threats or hazards to the security or integrity of such records.

  • To protect against unauthorized access to or use of such records or information that could result in substantial harm or inconvenience to any customer.

The bank will conduct a risk assessment of existing products, services and procedures in order to:

  • Identify reasonably foreseeable internal and external threats that could result in unauthorized disclosure, misuse, alteration or destruction of customer information or customer information systems.

  • Consider potential damage that a compromise of customer information from an identified threat would have on that customer information, taking into consideration the sensitivity of the information to be protected in assessing the potential damage.

  • Conduct an assessment of the sufficiency of existing policies, procedures, customer information systems, and other arrangements intended to control the identified risks.

The bank will utilize the following security measures to ensure the safety and confidentiality of customer information:

  • AntiVirus Protection – Anti-Virus Software is used to protect data from corruption by fraudulent viruses. The definition file for antivirus is automatically updated continuously.

  • Access Controls - The bank has established access controls to address unauthorized access to customer information by anyone, whether or not employed by the institution. Passwords, PIN numbers and encryption are in place to keep any unauthorized persons from accessing account information.

  • Multifactor Authentication Controls – Layers of controls are established to provide two way authentication. The identity of the customer must be established before authorizing access to information. Passwords are required to be at least 6 digits long with numerical, alphabetic characters and a symbol.  The identification of the bank to the customer will also be confirmed.

  • Encryption – All customer information is encrypted when transmitted externally.

  • Firewall – An internal firewall is maintained to protect against intrusion to customer information

  • Testing - The bank regularly monitors key controls, systems, and procedures. The frequency and nature of testing is determined by the risk assessment and is adjusted as necessary to reflect changes in internal and external conditions.

  • Ongoing Program Adjustment - The bank will monitor, evaluate, and adjust it’s Security Program as necessary to reflect changes in technology and internal or external threats to information security, as well as the bank’s own changing business environment.