Emergency Situations
Where can you find an Emergency Management Guide?
In the vault room, above the fire extinguisher in the hallway and in the red folders in our 2nd drawers
Where are Workstation Security Reference Cards located?
Every workstation should have the yellow card displayed.
What should you do before allowing a service provider access to non-public areas?
Ask the individual to identify him/herself and the company being represented then look for a pre-authorization e-mail from Facilities to confirm access is authorized. If you can’t find the email, do not provide access until you or another staff member has contacted Facilities and confirmed authorization.
D you have to report suspected elder abuse even if you're not sure that is the case?
Yes, it’s the law! Kansas and Missouri require CapFed to report any suspected or known cases of adult abuse, neglect or exploitation.
What does OFAC stand for?
The Office of Foreign Assets Control
What are our primary and secondary evacuation locations in the event of a fire?
Hog Wild and Spear's
How many characters should a strong password be?
At least 12 characters long and utilize at least one alphabetic character and either one number or special character.
What do we call it when suspicious individuals try to gain access to secure spaces by following an authorized employee through a door or elevator?
Piggybacking
What do you do if a customer appears to be in immediate danger?
Call 911
Do we run OFAC on non-customers?
Yes, OFAC checks are performed during profile creation for Over the Counter Customers
What are Ident-A-Card forms used for and where are they located?
They are used for recording anything that you can remember about a robber, located in the red Emergency Management folders in our 2nd drawers
What should you do if you think you've clicked on a phishing e-mail?
Immediately contact IT Support Services (ext. 6411) and inform your supervisor.
How do you use a duress code while disarming the security system?
By increasing the last digit of a user’s normal system code by one.
What is "the failure or omission to supply or provide goods or services by one’s self, caretaker, or other person with a duty to provide such care" called?
Neglect
How do we know if an individual is on the SDN list?
eFunds at new account opening checks for OFAC matches.
What are the 3 possible courses of action if there is an active shooter in the branch?
Run – If there is an accessible escape path, attempt to evacuate the area.
Hide – If evacuation is not possible, find a place to hide where the assailant is least likely to find you.
Fight – This should be a last resort, if your life is in imminent danger.
Name 2 ways to inspect an e-mail and detect phishing red flags.
“From” Line- Sender’s e-mail address is unknown, misspelled, or unreasonable given who the sender is (e.g., a national company will not use a Gmail account)
“To” Line-Includes undisclosed or unaffiliated (non-CapFed) recipients.
Subject- Similar subjects/topics are not typically received at your work e-mail.
Message content- Contains spelling/grammar errors, missing information, a sense of urgency, or unexpected requests for information or transactions.
Links- Hovering the mouse over a link displays an unrelated or unfamiliar URL (remember to only hover over links, don’t click them).
Attachments Unexpected or unusual files are attached.
What is our SOS security/panic app called?
What is "misappropriation of a resident’s or adult’s property or intentionally taking unfair advantage of an adult’s physical or financial resources for another individual’s personal or financial advantage by the use of undue influence, coercion, harassment, duress, deception, false representation, or false pretense" called?
Exploitation
What does OFAC call their list of individuals and companies owned or controlled by, or acting for or on behalf of, targeted countries?
"Specially Designated Nationals" or "SDNs."
If there is an extortion attempt over the phone, what should you do?
Subtly display the red extortion card located on the back of each phone and follow it's instructions.
Name 2 types of Malware.
Ransomware: encrypts (locks) and holds data ransom for money.
Trojan: masquerades as a legitimate program but contains malicious programming.
Spyware: spies on the user, such as monitoring key strokes or accessing video camera.
Virus: alters computer operations; spreads from host to host (device to device) like the flu.
Adware: displays unwanted advertisements on your web browser.
When should the lights be turned off in the vault room?
NEVER
Where do you find the form on CFnet to report elder abuse?
Adult Abuse Referral Form found on CFnet under Document Center / Find a Form / Department: Retail
What is the first thing we should do if there is an OFAC failure for the SDN list?
1. Contact BSA Compliance to review the possible matches immediately.
2. If you cannot reach BSA Compliance immediately and branch staff is able to confirm that the alert is an exact match to the SDN list, the account should not be opened and a report should be sent to BSA Compliance.
3. If you cannot reach BSA Compliance immediately and branch staff is unable to determine if the match to the SDN list is valid, the account may be opened but no deposits or transactions may be completed until the alert is reviewed by BSA Compliance.