Published: March, 2020

Online and mobile technology conveniently takes care of everyday tasks. But, it's important to develop good habits to ensure your personal information and account data aren't being compromised.

Take preventative measures to keep your online and mobile usage safe and secure, which will lead to a more secure online and mobile banking experience. Learn ways to protect yourself online and on your mobile device.

Protecting Yourself Online

Keep your computers and mobile devices up-to-date. Ensure you have the latest security software, web browser and operating system, which is a great defense against viruses, malware and other online threats. Turn on automatic updates so you receive the newest security features as they become available.

Set strong passwords. A strong password is at least eight characters in length and includes a mix of upper and lowercase letters, numbers and special characters.

Be aware of and look out for phishing scams. Phishing scams use fraudulent emails and websites to trick users into disclosing private account or login information. Do not click on links or open any attachments or pop-up screens from unfamiliar sources.

Do not divulge or share personal information on social media. Hackers can use social media profiles to figure out your passwords and answer those security questions in the password reset tools. Lock down your privacy settings and avoid posting things like birthdays, addresses, mother’s maiden name, etc. Be wary of requests to connect from people you do not know.

Secure your internet connection. Always protect your home wireless network with a password. When connecting to public Wi-Fi networks, be cautious about what information you are sending over it.

Safely shop online. Before shopping online, make sure the website uses secure technology. When you are at the checkout screen, verify that the web address begins with "https." Also, check to see if a tiny locked padlock symbol appears on the page.

Read the privacy policies on the websites you visit. Privacy policies tell you how the site protects the personal information it collects. If you don’t see or understand a site’s privacy policy, consider not doing business on that website.

Protecting Your Mobile Device

While security software is commonly used on laptops and desktops, the majority of today’s mobile devices remain devoid of security protection and are exposed to a new and growing breed of mobile malware. Malware may result in device or data corruption, data loss, the unavailability of necessary data and more.

Mobile malware is different from PC malware in that it doesn’t spread randomly via unknown sources or random phishing emails. Instead, mobile malware is actively installed by users who download and install infected apps from an app store, either Apple’s or the various Android stores. The attacker convinces the store that the app is legitimate and it performs as expected while it gains a fan base. Soon after, it begins its malicious behavior. As with PC malware, the authors of malicious mobile apps are all about making money.

Follow these tips to protect your mobile device, data and privacy against the growing mobile malware threats. Ensure that you use the following three core components to secure your mobile device. When combined, they provide a significant challenge for hackers:

• Device auto-lock: Configure your device to lock automatically after a period of time. Only those with knowledge of the passcode can unlock the device.
• Device encryption: Protect your mobile device by preventing access from intruders, eavesdropping or interception of data in transit by using encryption technology.
• Remote wiping: Install remote locate, track, lock, wipe, backup and restore software to retrieve, protect or restore a lost or stolen mobile device and the personal data on that device.

Do not circumvent or disengage security features such as passcodes and auto-locks.

Set the device to lock after a set period of inactivity. A recommended inactive period setting is 10 minutes or less.

Ensure that you have GPS device location in the event of theft or loss.

Use caution when downloading apps and free software, especially from unsanctioned online stores.

Install an on-device personal firewall to protect mobile device interfaces from direct attack.

Install anti-spam software to protect against unwanted voice and SMS or MMS communications.

Install real-time anti-malware technology via cloud services that continually analyzes and re-analyzes websites and mobile applications. Protect against malicious applications, spyware, infected secure digital (SD) cards and malware-based attacks.

Turn off “beaming” (infrared data transmission).

Turn off the Wi-Fi when you’re not using it; and avoid using public, unsecured Wi-Fi hotspots.

Before discarding any device, make sure it is wiped clean and restored to factory defaults.

Threats to mobile devices are pervasive and escalating. Through malware, loss and theft, misconduct, and direct attacks, users are increasingly susceptible to devastating compromises of mobile devices.

Don’t not let your mobile devices be used by children, who frequently download cool-looking but unknown free apps that might be malicious.

Avoid Malware

Malware is short for malicious software. Hackers use this software to disrupt computer operations, gather sensitive information, or gain unauthorized access to a computer system. The terms “virus,” “worm” and “Trojan horse” all do different things and cause different types of problems, but they are all kinds of malware.

• Computer virus: A virus is a self-replicating program that spreads by inserting copies of itself into other executable code or documents. A computer virus behaves in a way similar to a biological virus, which spreads by inserting itself into living cells. While some are harmless or mere hoaxes, most computer viruses are considered malicious.
• Worms: Like a virus, a worm is also a self-replicating program. A worm differs from a virus in that it propagates through computer networks without user intervention. Unlike a virus, it does not need to attach itself to an existing program. Many people confuse the terms “virus” and “worm," using them both to describe any self-propagating program.
• Trojan horses: A Trojan horse is a program which seems to be doing one thing, but is actually doing another. A Trojan horse can be used to set up a back door in a computer system so that the intruder can gain access.

Today, cybercriminals use malware to turn a profit. Infected computers are used to generate income in many ways, including advertising. Just as many legitimate websites generate income by displaying ads, malware can also display ads that result in payments to the cybercriminal. Infected computers are also used to gather information, such as credentials for online banking. This type of “banking” malware is one of the most sophisticated and stealthy forms of malware. The criminals can then use the private information they’ve stolen – like social security numbers and credit card account information – for their own malicious schemes or they can sell it to a third-party who uses it to make a profit. The damage caused can range from a minor annoyance to a catastrophic disaster.

How could you get infected with Malware? Unfortunately, there are many ways to get infected; and there is no particular way to identify that your computer has been compromised. Anti-virus software might alert you that it has found a virus, but other forms of malware may go undetected. Here are some of the ways you can get infected:

• Email Attachments. Before opening email, ensure that attachments you receive are legitimate.
• Portable Media. Any device that can store information can support malicious content.
• Visiting Malicious Websites. Any legitimate website can be compromised by an attack, which in turn could leave you at risk.
• Downloading files from Websites, including generic files, software, plug-ins, movies, audio files, as well as mobile code such as ActiveX, JavaScript, Flash etc.
• Participating in P2P (Peer-to-Peer) File Sharing Services, especially when used to access illegal or infringing content.
• Instant messaging clients, especially if unpatched, allow hackers to upload or download files through holes in the client software.
• New Devices and Peripherals. Although it’s rare, mobile phones, digital photo frames, etc can be compromised during manufacturing if the manufacturer’s system is infected.
• Social networking sites offer several situations that could put you at risk of infection.
• Social engineering attacks that trick users into either giving up information or unwittingly performing tasks that result in a security breach.
• Not Following Security Guidelines and Policies. Bypassing filters, using unauthorized outside storage devices, blocking software updates, using non-approved software, clients, etc, increase the chance of becoming infected by malicious code.

Protect Your Computer from Malware:

• Keep your firewall turned on. A firewall puts a protective barrier between your computer and the Internet. Turning it off for even a minute increases the risk that your PC will be infected with malware.
• Install or update anti-virus & anti-malware software from a trusted source. You need both to prevent malicious software programs from embedding themselves on your computer. Set them to update automatically.
• Install or update your anti-spyware technology. Some spyware collects information about you without your consent; others produce unwanted pop-up ads on your web browser.
• Keep your operating system up to date. Updates are needed to fix security holes.
• Be careful what you download. Careless downloading can beat even the most vigilant anti-virus/anti-malware software. Investigate any free software before downloading.
• Use flash drives cautiously. Putting your flash drive (sometimes called a thumb drive) in a computer that is infected could corrupt the drive, and ultimately your computer.
• Close your browser when you’re done working. Delete the cache, history and passwords each time. Also, turn off your computer. Being “always on” leaves you connected to the crooks. Turning the computer off effectively severs an attacker’s connection.
• Ignore scareware. Scareware pop-ups may look like actual warnings from your system, but they are not. Made to appear authentic, they often deliver malicious payloads. Close them with the “X” button.
• Review your bank and credit card statements. It’s one of the easiest ways to get the tip-off that something is wrong. Also, monitor your credit reports. For even more protection, you might consider a credit monitoring service that will alert you when there’s an entry in your credit file.
• Choose strong passwords. Create at least an eight-digit complex password to protect activities like online financial transactions and don’t use that password anywhere else. Change your most critical passwords every 90 days.

The Top 5 Myths about Safe Web Browsing

There are a vast number of myths and misconceptions about safe web browsing circling around. How many have you fallen for? Let’s take a look at the top five.

Myth #1: My computer has never been infected with malware so I must be a safe surfer. Nearly a third of all computers in the U.S. are infected with some form of malware. You may not even know you’re infected. Web malware is designed to steal personal information and passwords or use your machine for distributing spam, malware or inappropriate content without you knowing it.

Myth #2: Only gambling and illegal websites are dangerous. Not true. The majority of infected websites are ones that you trust. Hackers prefer to hijack and infect popular, high-traffic websites so they can silently distribute malware to unsuspecting visitors. Your computer can be infected just by visiting an infected site. Anyone who surfs the Internet is at risk.

Myth #3: You can only get infected if you download files. False. Hackers take advantage of vulnerabilities in web browsers, plug-ins and operating systems. You can be infected with malware by simply visiting an infected website. An attack of this type is called a “drive-by” download since the malicious code is downloaded and executed automatically.

Myth #4: When the lock icon appears in the browser, it means it’s a secure website. Not true. The lock icon means there is an SSL encrypted connection between your browser and the web server which enables private communications over the Internet. SSL encryption doesn’t provide any protection from malware. In fact, hackers often spoof SSL certificates on fake banking websites to make visitors feel secure.

Myth #5: Only computers and laptops can become infected. False. Mobile malware, which affects smartphones, tablets and other mobile devices, increased by 58% last year. This nasty malware can easily steal information on your device such as phone numbers and email addresses. It can even use the device’s GPS to track your whereabouts.

Safe Social Networking

Always think about the way information on social media sites might enable identity theft, home burglary and social engineering attacks. Consider how your behavior on social media sites might affect your employer.

Social technologies introduce a number of threats, but below are the top four:

• Mobile apps: There’s no guarantee that mobile apps are free of bugs or malware. Mobile malware is capable of obtaining any and all permissions on the infected device, sending SMS messages to premium phone numbers, stealing online banking credentials & downloading other malicious code without the user’s knowledge.
• Social Engineering: Social media has taken this threat to a new level. People are more willing than ever to share personal information about themselves online, and social media platforms encourage a dangerous level of assumed trust.
• Social Networking Sites: Sometimes hackers go right to the source, injecting malicious code into a social networking site, including inside advertisements and shortened URLs, via third-party apps.
• Users: It’s imperative that users understand how to safely navigate the internet.

To protect yourself, your family and your financial information, apply the following best practices to all your social networking accounts and activities.

When setting up your social networking account:

• Choose a strong password. Make it longer than eight characters, include a variety of letters, numbers, and symbols, and change it regularly. Make sure you use different passwords for each of your online accounts.
• Never save passwords in your browser. Browsers often ask if you’d like to save your password for easy access (so you don’t have to enter it on your next visit). Never ever save your passwords on your computer.
• Never post information in your profile (or elsewhere) that could be used to confirm your identity. This includes home address, birth date, phone number, etc. An individual’s DOB and state of birth are enough to guess a SSN with great accuracy.
• Turn off the bells & whistles. Disable options, then open them one by one.
• Set up login alerts. To help protect your account, request an email from the site should someone try to login from an IP address other than yours.
• Use your privacy settings to control who gets to see your posts and profile.
• Turn off applications such as games & quizzes (Get a free goat on Farmville!). If you choose to add applications, ensure you understand and control how much information you share with the application.
• Enable secure browsing or HTTPS when using social media sites from unsecured public networks such as those in airports, cafes or hotels. This encrypts the information you send and receive. (Look in the site’s security settings)
• Get tips and advice on how to avoid threats from the site’s security/privacy page.

When engaging on social networking sites, follow these safety tips:

• Use discernment when accepting friend invitations. Only accept invitations from people you know. Cybercriminals create bogus profiles to propagate malware.
• Show “limited friends” a cut down version of your profile. This can be useful if you have associates to whom you do not wish to give full friend status.
• Remove a connection to a friend that you are no longer comfortable with.
• Block individuals if they are harassing you or if you don’t want to be visible to them.
• Report abuse. The most efficient way to do this is right where it occurs – in the social media site’s privacy settings.
• Be careful where you click. Make sure to evaluate the potential costs/benefits of pop-ups, applications, and invites.
• Don’t be an early adopter of a new app. Give the community time to discover the security weaknesses before you dive in.
• Avoid suspicious-looking URLs. Make it a habit to mouse over links to identify the source and proceed with caution.
• Never click on unsolicited links containing celebrity gossip, natural disasters, political scandals etc. Scammers quickly build malicious websites designed to trick users into installing malware or sending donations to replicated websites.
• Never copy & paste a link into your address bar unless you know where the link goes. Doing so will bypass you browser’s security controls.
• Never post your whereabouts or your vacation plans. You’re only helping burglars to plan their break-in.
• Never give up your login credentials. Social engineers are equipped with enough information to trick you into believing the request is from a legitimate authority.
• Ask permission before posting someone’s picture or publishing a conversation that was meant to be private.
• Respect the law, including those laws governing defamation, discrimination, harassment and copyright.