Online Security Checklist
Protect Your Privacy Online
- Don't include sensitive information in email
- Never click on unknown links within an email
- Don't open SPAM or attachments from strangers
- Be suspicious of emails asking for personal information
- Be selective when providing your email address
- Only open email and attachments from known senders
Offline Security Checklist
Protect Your Privacy at Home
- Monitor your postal mail
- Don't give out your personal information freely
- Check your credit report annually
- Shred documents containing personal information before discarding them
Email is often a vehicle used to transmit malware and commit fraud. It is important to evaluate your email behaviors and develop good habits to help protect your computer and your identity.
In addition to viruses and worms that can be transmitted via email, phishing also threatens email users. Phishing, a type of email fraud, occurs when a perpetrator, posing as a legitimate, trustworthy business, attempts to acquire sensitive information like passwords or financial information.
Keep your email safe by following these steps:
Never open or respond to SPAM (unsolicited bulk email messages).
Delete all spam without opening it. Responding to spam only confirms your email address to the spammer, which can actually intensify the problem.
Never click on links within an email.
It’s safer to retype the web address than to click on it from within the body of the email.
Don’t open attachments from strangers.
If you do not know the sender, or are not expecting the attachment, delete it.
Don’t open attachments with odd filename extensions.
Most computer files use filename extensions such as “.doc” for documents or “.jpg” for images. If a file has a double extension, like “heythere.doc.pif,” it is highly likely that this is a dangerous file and should never be opened. In addition, do not open email attachments that have file endings of .exe, .pif, or .vbs. These are filename extensions for executable files and could be dangerous if opened.
Never give your email address or other personal information to unknown websites.
If you don’t know the reputation of a Web site, don’t assume you can trust it. Many websites sell email addresses or may be careless with your personal information. Be wary of providing any information that can be used by others for fraudulent purposes.
Never provide sensitive information in an email.
Forged emails falsely claiming to be from your financial institution or favorite online store is a popular trick used by criminals to extract personal information for fraud. It is also a good idea to not send security passwords or one-time pass codes over email.
Don’t believe the hype.
Many fraudulent emails send out urgent messages that claim your account will be closed if sensitive information isn't immediately provided, or that important security information needs to be updated online. Your financial institution will never use this method to alert you of an account problem.
Be aware of poor design, and/or bad grammar and spelling.
Typos and grammatical errors are tell-tale signs of a fraudulent email or website, as are unprofessional design layout and quality. Delete these emails immediately.
Backup your sensitive data records.
Consider backing up all sensitive files. This will not only help you restore damaged or corrupted data, but it will help protect against fraud attacks and help recover lost files, if needed.
Safeguard your identity online.
In addition to protecting your email, there are a number of guidelines to follow that will help safeguard your identity online. Do not allow a website to keep sensitive information or credentials for future convenience.
It is a common practice when registering for access to a website or making a purchase from a website to be asked if you want to keep your access credentials, credit card number or other sensitive information on file as a matter of convenience. This common request is referred to as “remembering” for future use.
Be selective about where you surf.
Not all websites are benign. Sites that are engaged in illegal or questionable activities often host damaging software and make users susceptible to aggressive computer attacks.
Don’t choose “Remember My Password”.
You should never use the “remember password” feature for online banking or transactional websites.
Don’t use public computers for sensitive operations.
Since you cannot validate the computer’s integrity, there’s a higher risk of fraud when you log in from a public computer.
Work on a computer you trust.
Firewalls, antivirus, anti-spyware and other protection devices help keep a computer properly monitored and provide peace of mind. These tools are important in order to protect your computer and data. A good firewall is critical if you commonly access the Internet via a wireless connection. It is also important to keep your computer up-to-date with patches to security tools as well as to the operating system and other programs on your computer. Make sure to configure your computer to update all security fixes.
Select a strong password.
The best password is an undetectable one. Never use birth dates, first names, pet names, addresses, phone numbers or Social Security numbers. Use a combination of letters, numbers and symbols. Be sure to change your passwords regularly. Don’t write down your passwords and try not to use the same password for every online service you use.
Use a secure browser.
Only use secure web pages when you’re conducting transactions online. Your online banking channel is secured with an Extended Validation SSL Certificate. This provides an extra layer of protection to you by requiring third-party Certificate Authorities (CA) to follow a strict issuance and management process for certificate approval and delivery. This secure browser is recognizable because the browser address bar (1) begins with ‘https’, (2) turns green (in high-security browsers) and (3) a special field appears to the right of the URL with a padlock and the name of the legitimate website owner. If you click on this section, you can view the details of the Certificate.
Update security software often.
When you get notices from software vendors to update your software, do it. Most operating systems and browser updates include security patches. Your name and email address may be all it takes for a hacker to slip through a security hole into your system. You should be protected by Internet security software, and always keep it up-to-date. Purchase a reputable brand of Antivirus and be aware of fake antivirus, offered for “free.”
Avoid clicking on ads.
Never click on ads on social network sites. Sure, these ads are there to assist in giving the website money, but they are also one of the leading causes for virus infections on systems today.
Sign off, shut down, disconnect.
Always sign off or logout from your online banking session or any other website that you've logged into using a user ID and password. When a computer is not in use, it should be shut down or disconnected from the Internet.
Lock your computer when it is not in use.
This helps protect you from unauthorized user access.
Beware of shoulder surfing
This is a common tactic that happens in public places such as coffee shops, airports, libraries, etc. where an attacker will look over your shoulder when you’re logged in to obtain your sensitive information. Be vigilant and aware of prying eyes.
Check your credit report and prevent fraud
You can get one free credit report every 12 months from each of the nationwide credit bureaus-Equifax, Experian and TransUnion. Visit www.annualcreditreport.com or call 877-322-8228 to obtain your report. You will need to provide certain information to access your report, such as your name, address, Social Security number and date of birth. You can order one, two or all three reports at the same time, or you can request these reports at various times throughout the year. The option you choose will depend on the goal of your review. A report generated by one of the three major credit bureaus may not contain all of the information pertaining to your credit history. Therefore, if you want a complete view of your credit record at a particular moment, you should examine your report from each bureau at the same time. However, if you wish to detect any errors and monitor changes in your credit profile over time, you may wish to review a single credit report every four months.