Security Tips for Computers
- Antivirus protection and scanning software that has been reviewed and rated as satisfactory by independent analysts should be installed, updated, and utilized as recommended. In addition:
- If the security software can update automatically, set it to do so.
- If the security software cannot update automatically, update it after each login.
- If viruses (also referred to as “malicious software” or “malware”) are detected, the recommendations provided by the antivirus program should be followed promptly.
- Operating system software updates (also referred to as “patches”) should be accepted, downloaded, installed, and run promptly, and as recommended.
- Personal financial information should never be sent by email in an unencrypted state. An email solution that encrypts messages between financial institutions and their customers should be utilized.
- Financial transactions that are conducted on websites should be conducted on secure websites only. An indicator of a secure website is a URL that begins with “https” in the address, the “s” standing for “secure.” The “https” prefix should be on every page of websites used to conduct transactions, in addition to the sign-in page.
- Privacy policies should be easily found and understood. If the privacy policy is not easily found and understood, then consider conduction business elsewhere. Privacy policies provided by financial institutions in connection with financial services are required to offer consumers a clear method to “opt out” of certain types of information sharing if the institution engages in them.
- Most WI-FI networks do not encrypt information and are not secure. Some use encryption and are more secure, WPA being common and WPA2 the strongest. However, if any Wi-Fi network is to be used, a virtual private network (VPN) should be established and used to encrypt communications. VPN encryption applies all the way from the user’s PC to the host computer, regardless of the type of network used. The encryption methods used by VPN are stronger than WEP and WPA.
- Unfamiliar or suspicious emails, test messages, instant messages, phone calls, websites and social media solicitations that request personal financial information should be deleted immediately. They should not be replied to or forwarded, and any links that they contain should not be opened.
- Options to “Remember me” on websites where transactions are conducted should not be used.
- Computer workstations and laptops should be logged off, and preferably not left on, when the user steps away.
- Computer workstations and laptops should be set to logoff automatically after no more than two minutes of non –use, with a password required to log back in.
- Computer workstations, laptops, and external storage devices such as USB drives and storage discs should be physically secured with locks (such as with a cable lock or in a locked drawer) when not in use.
- Computers that are no longer in use should have hard drives removed and shredded, or a software program that wipes and eliminates all data from their hard drives should be used, following DOD5220 standards for data sanitization.
- Approach all applications and links on all devices (such as personal computers, tablets and cell phones) and delivery channels (such as email, text messages and social media sites) with caution, as cybercriminals often use applications and links as the first step in installing malicious software on devices with which fraudulent acts can be enabled.