2. Protect Your Banking 1 Always keep your credentials to yourself. Ensure you login only by visiting your Bank’s website. Email is not a method used by Bank’s to request personal information from you. Avoid using publicly available computers for your online banking. Trust your instincts. If something looks wrong it probably is. Always run and keep your antivirus and anti-spyware software up to date.
3. Be Socially Smart 2 Keep your statuses simple and never divulge your physical location. Monitor who can see your social networking information. Whether private or not. Choose strong passwords to prevent someone accessing your social networking account. Avoid divulging highly personal information such as your address – even in configuration or informational pages. If you click on a link, make sure the website address that opens is the same as the link you clicked on. Always remain anonymous when entering open or “free-for-all” chat rooms and similar gatherings. Your Bank will never use a Social Networking site to request financial or personal information from you. If you use instant messaging applications, sign-on to those applications. Avoid websites claiming to sign-on or automate it for you as they may simply be mining your login details.
4. Passwords Are Your Keys. 3 Information about you should never be in your password. If your password can be looked-up in a dictionary it is too weak. Try to use combinations of LARge letters, Numb3rs and %characters% Don’t write passwords down. Change passwords as regularly as is comfortable but at least within 6 months. If in doubt, change your passwords. No website/bank/store will send you email asking you to reply with your password or username. Do not reply to such requests.
5. Use Email Wisely. 4 Replying to spam or junk-mail simply makes it known you are reading it. Ignore and delete such on sight. Avoid sending confidential files, passwords, credit-card numbers or other confidential data in email. Be cautious when opening links from email messages. Make sure the link address is what actually opens in the browser. Ensure all emails are scanned for viruses and other possible malware, phishing or spyware threats. When you use reply-all, make sure everyone on the recipient list needs to know what you have to say. Financial institutions do not use email to update your account details, change your password or notify you of account closure. Email messages urging you take action with lots of warnings, time-limits and grammar or spelling mistakes should be treated as possible threats.
6. Be Cautious When Travelling 5 Connections to public and/or public-service Wifi or other networks should be treated as non-secure. Ensure you have a firewall, and other protection software running. Shoulder Surfing is when someone watches you type your password or credentials on your laptop from behind, to the side or with zoom lenses. Always take care when entering this information in a public area. Any laptop that is used thoroughly off-site or is constantly mobile should have full disk encryption installed on it. A best-practice is to apply this rule to all laptops you own. Do not leave your laptop unattended. Apart from theft you may find key loggers or other spyware software very quickly installed. Keep removable storage, memory cards, memory sticks and other small data storage devices safe. If possible encrypt these too. Remember if you suspend instead of hibernate/turn-off your laptop you might not be activating required encryption or security protection on the laptop.
7. Glossary Phishing ... is the criminally fraudulent process of attempting to acquire sensitive information such as usernames, accounts numbers or passwords by posing as legitimate websites or entities requesting this information. Shoulder Surfing ... is the process of obtaining security credentials or other data as it is being entered by watching or recording the physical entry of the data either behind, next-to or in view of the victim. Spyware ... is hidden software that obtains data, or other information from a persons computer without notification or without the user’s consent. Malware ... is software that is designed to infiltrate and destroy or damage either data or other components of a computer system. Social Engineering ... is the process of getting someone to divulge personal or secret information through use of lies, misguided trust, apparent authority or other forms of deception.