Protect Your “Cyber Home” With a Solid Foundation
Simple steps to secure your computers and mobile devices for Internet banking and shopping
Your home has locks on the doors and windows to protect your family and prevent thieves from stealing cash, electronics, jewelry and other physical possessions. But do you have deterrents to prevent the loss or theft of your electronic assets, including bank account and other information in your personal computers, at home and when banking or shopping remotely online?
“Think about all of the access points to and from your computer — such as Internet connections, email accounts and wireless networks,” said Michael Benardo, manager of the FDIC’s Cyber-Fraud and Financial Crimes Section. “These always need to be protected. Otherwise, it’s like leaving your front door wide open while you are away so that anyone could come in and take what they please.”
Courtesy of FDIC Consumer News – Winter 2016
- KEEP YOUR SOFTWARE UP TO DATE. SOFTWARE MANUFACTURERS CONTINUALLY UPDATE THEIR PRODUCTS TO FIX VULNERABILITIES OR SECURITY WEAKNESSES WHEN THEY FIND THEM. "All of your software should be checked and updated as generally recommended by the manufacturer or when flaws are found," explained Kathryn Weatherby, a fraud examination specialist for the FDIC. "This advice goes for everything from your operating system to your word processing software, Internet browsers, spreadsheet software, and even your digital photography applications. A vulnerability in one piece of software, no matter how insignificant it may seem, can be exploited by a hacker and used as a pathway into your whole computer."Some software manufacturers may issue "patches" that you need to install to update a program. Others may simply provide you with a completely new version of the software. "Before installing any update you receive, make sure it is legitimate, especially if it is emailed to you," said Michael Benardo, manager of the FDIC’s Cyber-Fraud and Financial Crimes Section. "Check the software manufacturer's website or contact the company directly to verify the update's validity. Criminals have been known to imitate software vendors providing a security update when, in fact, they are distributing malware. Once you confirm that an update is legitimate, install it as soon as possible to correct whatever security flaw might exist."
- INSTALL ANTI-VIRUS SOFTWARE THAT PREVENTS, DETECTS AND REMOVES MALICIOUS PROGRAMS. Crooks and computer hackers are always developing new malware that can access computers and steal information, such as account passwords or credit or debit card numbers. These programs also may be able to destroy data from the infected computer's hard drive.Malware can enter your computer in a variety of ways, perhaps as an attachment to an email, a downloaded file from an infected website, or from a contaminated thumb drive or disk. Fight back by installing anti-virus software that periodically runs in the background of your computer to search for and remove malware. Also be sure to set the software to update automatically so that it can protect you from the latest malware. (For more information see the fifth tab on this page, "Beware of Malware: Think Before You Click!").
- USE A FIREWALL PROGRAM TO PREVENT UNAUTHORIZED ACCESS TO YOUR PC. A firewall is a combination of hardware and software that establishes a barrier between your personal computer and an external network, such as the Internet, and then monitors and controls incoming and outgoing network traffic. In simple terms, a firewall acts as a gatekeeper that helps screen out hackers, malware and other intruders who try to access your computer from the Internet.
- ONLY USE SECURITY PRODUCTS FROM REPUTABLE COMPANIES. Some anti-virus software and firewalls can be purchased, while others are available free. Either way, it's a good idea to check out these products by reading reviews from computer and consumer publications. Look for products that have high ratings for detecting problems and for providing tech support if your computer becomes infected. Other ways to select the right protection products for your computer are to consult with the manufacturer of your computer or operating system or to ask someone you know who is a computer expert.
- TAKE ADVANTAGE OF INTERNET SAFETY FEATURES. When you are banking online, shopping on the Internet or filling out an application that requests sensitive personal information such as credit card, debit card, and bank account numbers, make sure you are doing business with reputable companies. You also can have greater confidence in a website that encrypts (scrambles) the information as it travels to and from your computer. Look for a padlock symbol on the page and a Web address that starts with "https://." The "s" stands for "secure."Also, current versions of most popular Internet browsers and search engines often will indicate if you are visiting a suspicious website or a page that cannot be verified as trusted. It's best not to continue on to pages with these kinds of warnings. Review your Internet browser's user instructions and explore the "tools" and "help" tabs to learn more about the security settings and alerts offered.
- BE CAREFUL WHERE AND HOW YOU CONNECT TO THE INTERNET. A public computer, such as at an Internet café or a hotel business center, may not have up-to-date security software and could be infected with malware. Similarly, if you are using a portable computer (such as a laptop or mobile device) for online banking or shopping, avoid connecting it to a wireless (Wi-Fi) network at a public "hotspot" such as a coffee shop, hotel or airport. Wi-Fi in public areas can be used by criminals to intercept your device's signals and as a collection point for personal information.The bottom line, especially for sensitive matters such as online banking and activities that involve personal information, is to consider only accessing the Internet using your own computer with a secure, trusted connection, and to only connect laptops and mobile devices to trusted networks.For more tips on computer and Internet security for bank customers, visit www.onguardonline.gov for information from the federal government on how to be safe online. The site includes videos from the Federal Trade Commission on what to do if your email is hacked or if malware attacks your computer.Courtesy of FDIC Consumer News – Winter 2016
- Use long passwords. 20 characters or more is recommended. Hint: think of a favorite song lyric and use that as a starting place.
- Use a strong mix of characters. Include numbers and special characters like dollar signs and exclamation points.
- Never use the same password for multiple sites.
- Don’t share your passwords. And if you must write them down, put them in a secure place, not on a sticky note attached to your monitor.
- Update your passwords periodically, at least once every 6 months (90 days is better).
- A password management program can help you to maintain strong unique passwords for all of your accounts. These programs can generate strong passwords for you, enter credentials automatically and remind you to update your passwords periodically. There are several online password management services available, and many offer free versions.
- Enable two-factor authentication on services that support it, such as Gmail, Twitter and Facebook. Most of the time this service will send a unique one-time code to your phone, that you will confirm online. This way, if someone manages to sniff out your password while on a public Wi-Fi network, you have an extra layer of protection.
- Avoid apps that may contain malware. Buy or download from well-known app stores, such as those established by your phone manufacturer or cellular service provider. Consult your financial institution's website to confirm where to download its official app for mobile banking.
- Keep your device’s operating system and apps updated. Consider opting for automatic updates because doing so will ensure that you have the latest fixes for any security weaknesses the manufacturer discovers. "Cybercriminals try to take advantage of known flaws, so keeping your software up to date will help reduce your vulnerability to foul play," said Robert Brown, a senior ombudsman specialist at the FDIC.
- Consider using mobile security software and apps to protect your device. For example, anti-malware software for smartphones and tablets can be purchased from a reputable vendor.
- Use a password or other security feature to restrict access in case your device is lost or stolen. Activate the "time out" or "auto lock" feature that secures your mobile device when it is left unused for a certain number of minutes. Set that security feature to start after a relatively brief period of inactivity. Doing so reduces the likelihood that a thief will be able to use your phone or tablet.
- Back up data on your smartphone or tablet. This is good to do in case your device is lost, stolen or just stops working one day. Data can easily be backed up to a computer or to a back-up service, which may be offered by your mobile carrier.
- Have the ability to remotely remove data from your device if it is lost or stolen. A “remote wipe” protects data from prying eyes. If the device has been backed up, the information can be restored on a replacement device or the original (if you get it back). A number of reputable apps can enable remote wiping.
- Install good anti-virus software that periodically runs to search for and remove malware. Make sure to set the software to update automatically and scan for the latest malware.
- Be diligent about using spam (junk mail) filters provided by your email provider. These services help block mass emails that might contain malware from reaching your email inbox.
- Don’t visit untrusted websites and don’t believe everything you read. Criminals might create fake websites and pop-ups with enticing messages intended to draw you in and download malware. “Anyone can publish information online, so before accepting a statement as fact or taking action, verify that the source is reliable,” warned Amber Holmes, a financial crimes information specialist with the FDIC. “And please, don’t click on a link to learn more. If something sounds too good to be true, then most likely it’s fraudulent or harmful.”
- Be careful if anyone — even a well-intentioned friend or family member — gives you a disk or thumb drive to insert in your computer. It could have hidden malware on it. “Don’t access a disk or thumb drive without first scanning it with your security software,” said Holmes. “If you are still unsure, don’t take a chance.”
- To learn more about how to protect against malware, visit www.onguardonline.gov/articles/0011-malware.
Courtesy of FDIC Consumer News – Winter 2016
- PROTECT COMPUTERS AND WI-FI NETWORKS. Equip your computers with up-to-date anti-virus software and firewalls to block unwanted access. Arrange for key security software to automatically update, if possible. And if you have a Wi-Fi network for your workplace, make sure it is secure, including having the router protected by a password that is set by you (not the default password). The user manual for your device can give you instructions, which are also generally available online.
- PATCH SOFTWARE IN A TIMELY MANNER. Software vendors regularly provide "patches" or updates to their products to correct security flaws and improve functionality. A good practice is to download and install these software updates as soon as they are available. It may be most efficient to configure the software to install such updates automatically.
- SET CYBERSECURITY PROCEDURES AND TRAINING FOR EMPLOYEES. Consider reducing risks through steps such as pre-employment background checks and clearly outlined policies for personal use of computers. Limit employee access to the data systems that they need for their jobs and require permission to install any software. Train employees about cybersecurity issues, such as suspicious or unsolicited emails asking them to click on a link, open an attachment or provide account information. By complying with what appears to be a simple request, your employees may be installing malware on your network. You can use training resources such as a 30-minute online course from the Small Business Administration (SBA).
- REQUIRE STRONG AUTHENTICATION. Ensure that employees and other users connecting to your network use strong user IDs and passwords for computers, mobile devices, and online accounts by using combinations of upper- and lower-case letters, numbers, and symbols that are hard to guess and changed regularly. Consider requiring more information beyond a password to gain access to your business's network, and additional safety measures, such as requiring confirmation calls with your financial institution before certain electronic transfers are authorized.
- SECURE THE BUSINESS'S TABLETS AND SMARTPHONES. Mobile devices can be a source of security challenges, especially if they hold confidential information or can access your company’s network. In the case of the latter, require employees to password-protect their devices, encrypt their data and install security apps to prevent criminals from accessing the device while it is connected to public networks. Also, develop and enforce reporting procedures for lost or stolen equipment.
- BACKUP IMPORTANT BUSINESS SYSTEMS AND DATA. Do so at least once a week. For your backup data, remember to use the same security measures (such as encryption) that you would apply to the original data. In addition, in case your main computer becomes infected, regularly back up sensitive business data to additional, disconnected storage devices.
- USE BEST PRACTICES FOR HANDLING CARD PAYMENTS ONLINE. Seek advice from your bank or a payment processor to select the most trusted and validated tools and anti-fraud services. This may include using just one computer or tablet for payment processing.
- BE VIGILANT FOR EARLY SIGNS SOMETHING IS WRONG. "Monitor bank account balances regularly to look for suspicious or unauthorized activity," suggested Luke W. Reynolds, chief of the FDIC's Outreach and Program Development Section.
Courtesy of FDIC Consumer News – Winter 2016