TIA Recommendations for Online Security
Overview of Computer Security
There are a number of things that every computer user can do to reduce the likelihood of online problems. Your online security starts with you taking a few steps to protect your computer from viruses and other forms of unwanted invasion. The next most important thing you can do is recognize the various types of scams that can be sent to you via spam and email scams of various natures and avoid clicking on those messages or entering any personal information. We listed a number of ways that your personal information can be compromised, sometimes without you doing anything. There are also links to resources which list known scams but there are new scams arising all the time. See the following list of recommended computer security steps that you should take to protect your computer and your personal information and always err on the side of caution before opening or responding to any unsolicited email, especially ones that request account or personal information from you.
1. Regularly Update Your Operating System
Most major software companies regularly release updates or patches to their operating systems to repair security problems. A large percentage of these patches and upgrades repair security problems that have been found in the software. You can minimize your exposure to unintentional downloads by keeping your computer up to date with the latest security patches. It is generally considered good practice to go accept new upgrades and patches, especially for operating systems.
Use Anti-Virus Software
Up-to-date anti-virus software protects your computer against older and the more current virus threats. Most commercially available virus protection programs offer automatic and emergency updates, which reflect new remedies. These will scan your files using the latest anti-virus updates and you can set the parameters for how frequently and which files get scanned. Some Internet Service Providers (ISPs) offer assistance in filtering spam or identifying suspicious code, such as spyware. The maker of your anti-virus software may also offer anti-spyware protection. Make sure you take advantage of these offers to protect your computer against the growing spyware threat. The U.S. Federal Trade Commission (FTC) has additional information about computer threats and malware.
Use Anti-Spyware Software
Avoid downloading free software that is made available on the Internet. Some of it contains undisclosed code that performs undesirable functions called trojans (from Trojan horses). Trojans are malicious software programs that can perform a variety of invasive operations, including using your computer for other purposes, gathering private information such as passwords, PINs and credit card numbers when you enter that information. Trojans are also responsible for delivering unwanted pop-up advertising as you surf the Web and monitor your browsing patterns. If you want to download software from the Internet, you should be sure to have installed Anti-Spyware Software in addition to Anti-Virus Software and only do so from trusted software companies. You can unintentionally download spyware onto your computer just by surfing the Web, as certain spyware programs automatically install themselves, often without your knowledge or permission. Make sure to keep your computer updated by running your anti-spyware and anti-virus software regularly.
Use a Personal Firewall
Firewalls serve as protective barriers between your computer and the Internet, preventing unauthorized access to your computer when you’re online. Firewalls can be software programs or physical devices, often combined with your router. Firewalls are often included in security software suites such as Norton Internet SecurityTM and McAfee® Internet Security. Some ISPs offer firewall software or hardware to their customers. You can also purchase firewalls at many computer stores.
2. Exercise Caution When Using Wireless Networks
The default configuration of most wireless home networks is not secure. Be sure your home network is set up with protections that prevent hackers from accessing your home network to exploit your computers. Your wireless software vendor should provide specific directions for enabling encryption and strengthening the overall security of your wireless home network. Likewise, do not login to open networks, which may be made available by parties interested in accessing unsuspecting users, who don’t have computer security activated.
Taking a few simple precautions when using wireless hotspots can help protect your computer:
- Install a firewall on all network computers
- Disable your wireless connections when you’re not using them
- Configure your wireless software to not connect to hotspots automatically
- Use reputable encryption software
- If you are unsure of the security of a wireless hotspot, don’t use it for conducting confidential business, such as accessing your work e-mail or financial information
Wireless technologies are continuously changing. Consult the manufacturer of your network hardware to ensure you have the most up to date security technology.
3. Minimize Your Risks Online
Read User Agreements.
If you don’t like what the organization says it will do with your information, don’t sign up for it. When you sign up for use of web sites or web services, even those of recognized industry leaders, make sure you read the terms that you are asked to agree to prior to your use of that site or service. Many of these agreement bury terms that have you agreeing to them downloading their tracking software — a form of spyware — that you may unintentionally authorize, by clicking terms that you haven’t fully read. Make sure you know and trust the company offering the software, so that if you don’t like what it does to your computer usage, you can have it removed.
Protect Your Passwords and PINs
Make your passwords and PINs as hard to guess as possible. Avoid obvious numbers, such as a birth dates, anniversaries or phone numbers, which can make it easier for would-be hackers to guess, should elements of your personal information have been stolen from you or from other organizations. Never divulge your passwords or PINs to others, including family or friends. Change them regularly.
Use Caution on Public Computers
Be aware that sensitive information may still be stored within the browser, even after you log out of a website on a public computer. If you leave a computer unattended after you have logged in to a website, someone else may be able to use the browser’s Back button, or similar functionality, to view your personal information. To avoid this, log out and close the browser completely to minimize any security risk. You may also choose to clear your cache before you leave. Best not to go to any personal sites or provide any personal information using a public computer.
4. Protect Yourself from Phishing Scams
Phishing is the mass e-mailing of deliberately deceptive messages that falsely claim to come from a legitimate business. These messages often provide links to phony websites, where you are asked to supply personal information such as passwords/PINs, credit card numbers, Social Security numbers, or bank account numbers. Never ever enter personal information into a web page provided to you by an email, as they are difficult to recognize as being legitimate or not. You should be well aware of your bank’s security protocol and look for evidence that you are at the right url. Most encrypted (i.e. legitimate) sites will have the letter “s” at the end of the “https” prefix to a website’s URL, or worldwide web address. An example of an encrypted site’s address is “https://www.companyname.com.” The “https” prefix indicates that the site is running in secure mode.
Phishing messages have evolved and improved dramatically over time and they are increasingly difficult to recognize. The creators now incorporate realistic company logos and graphics, provide links to real companies’ privacy policies, and can even include realistic legal disclaimers. To help determine if an e-mail is part of a phishing scam, ask yourself the following:
- Do I have a relationship with this company?
- Would I expect this company to contact me this way?
- Would I expect this company to use this tone or make this request?
If you are at all unsure, contact the company by phone or access the company’s site the way you usually do and check on the most recent Phishing Scams at the Anti-Phishing Working Group website or at the Consumer Fraud page of the Office of the Comptroller of the Currency.
5. Don’t Open Unexpected or Suspicious Email
Email is no longer entirely safe, even from names you may recognize. Use caution with all email and attachments, even if they look like they’re from a friend, since an individual’s computer can get hacked and their address lists can be compromised. Be careful, especially if someone you know is making a weird or high-pressure kind of request (for a wire transfer, or recommending that you sign up for something). When in doubt, use the phone to confirm whether or not your granddaughter is actually stuck in Tanzania without her wallet, before you wire emergency money.
6. Don’t Ever Provide Personal or Financial Data to a Caller or via Email
Be aware that hackers sometime get a portion of your personal information (such as your phone and home address) and may try to call or email you to get more information from you. Do not give out information to someone calling you and asking for it. Do not respond to email requests for personal information: email is not secure and should not be trusted for the purpose of sending highly personal or financial information. Legitimate companies seeking information normally deal with you in person or send written requests on company letterhead. You should be cautious of and verify any requests you receive that ask you to email personal or financial information. Don’t click on the links provided in the message as URLs can be masked. Go to the actual website if you get an unusual request from a company you do business with. Best of all, confirm what the need may be by phone.
Check that Web Forms Are Secure
When on a website avoid entering sensitive personal information, unless you know that the form is secure. If you do need to enter sensitive personal information look for forms that may encrypt data and make sure that the web address is running in a secure mode as this may provide some enhanced protection of your information. Some websites show certificates that identify the encryption ofinformation, or icons such as this padlock icon () in your browser’s status bar (at the bottom of the browser window) to identify encryption modes. Also, the prefix “https” in the address in the browser’s address bar that references the site is running in secure mode. Additional information on phishing or identity theft can be found at Anti-Phishing Working Group (APWG) or The FTC’s Indentity Theft page.
Avoid Using Your Social Security Number or Mother’s Maiden Name
Do not give out your Social Security Number or mother’s maiden name to just any retail, tele-sales or online vendor. When possible, insist that companies and non-essential agencies you do business with create an alternate customer identifier.
Create Unique Passwords for different sites
Do not use the same passwords at multiple sites as you do not know who may have access to those passwords at that site. Hackers often seek to hack passwords from less secure companies (such as Amazon or Target) and then apply them to accounts at more secure companies (Citibank or Morgan Stanley).
7. Protect Printed Personal Information
Be careful with statements and forms that have personal information printed on them. Be sure to shred sensitive documents instead of simply throwing them away, as some scammers have been known to go through private garbage looking for personal information. Also, be absolutely sure you know who you’re dealing with before giving any personal or financial information, even if you have to be rude. Scammers often count on the fact that it can be embarrassing to question someone else’s legitimacy.
8. Monitor Your Financial Statements
Promptly read any investment, bank account or credit card statements or correspondence when they arrive. Make sure there are no changes or transactions you did not initiate and that the balances are where you would expect them to be. If a bill arrives unusually late or not at all, call the company. Often times, the account will show signs of being misuse but the unsuspecting account holder doesn’t look at the document until too late.
Know the Warning Signs of Identity Theft. Identity theft warning signs include:
- Unauthorized charges or withdrawals
- Not receiving renewed credit cards, bills, or other mail
- Receiving credit cards for which you did not apply
- Notices for changes you did not initiate, especially for new accounts
- Denial of credit for no apparent reason
- Calls or letters about items or services you didn’t buy
- Receipt of mail for someone you don’t recognize at your address
Although it could be a simple error, never assume a mistake has been made that will automatically be corrected. Follow up with the business or institution immediately to review the account statement or status. You can place a fraud alert on that and other accounts or close any accounts opened without your knowledge. You may want to file a report with the police. If indeed you have been victimized, you should also file a complaint with the Federal Trade Commission if you know any details about how the fraud was perpetrated. You may also want to make sure that other accounts were not compromised and check with the three nationwide consumer credit reporting agencies — Equifax, Experian and TransUnion — to initiate any impact to your credit rating. All U.S. residents are entitled to receive a free credit report every 12 months which you can request from AnnualCreditReport.com or by calling (877) 322-8228.