Simple steps to secure your computers and mobile devices for Internet banking and shopping
Your home has locks on the doors and windows to protect your family and prevent thieves from stealing cash, electronics, jewelry and other physical possessions. But do you have deterrents to prevent the loss or theft of your electronic assets, including bank account and other sensitive information in your personal computers, at home and when banking or shopping remotely online?
“Think about all of the access points to and from your computer — such as Internet connections, email accounts and wireless networks,” said Michael Benardo, Chief of the FDIC’s Cyber Fraud and Financial Crimes Section. “These always need to be protected. Otherwise, it’s like leaving your front door wide open while you are away so that anyone could come in and take what they please.”
Consider these strategies:
For banking by computer or mobile device
Take extra precautions when logging in to bank and other financial accounts.
These measures include using “strong” user IDs and passwords by choosing combinations of upper- and lowercase letters, numbers and symbols that are hard for a hacker to guess. Don’t use your birthdate, address, or other words or numbers that can be easy for con artists to find out or guess. Don’t use the same password for different accounts because a criminal who obtains one password may then be able to log in to your other accounts. Keep your user IDs and passwords secret, and change them regularly. Make sure to log out of financial accounts when you complete your transactions or walk away from the computer. Online banking makes it easier and faster to monitor your accounts. This is important because the sooner you can detect a problem with a transaction, the easier it should be to fix.
Take precautions if you provide personal or financial account information to third parties online.
When you are banking online, shopping on the Internet or filling out an application that requests sensitive personal information---such as credit card, debit card, Social Security or bank account numbers---make sure you are doing business with reputable companies. You can also have greater confidence in a website that encrypts (scrambles) the information as it travels to and from your computer. Look for a padlock symbol on the page and a web address that starts with “https://.” The “s” stands for “secure.”
For example, some people use online “account aggregation” services that, from one website, can provide a convenient way to pay bills, monitor balances in deposits and investment accounts, and even keep track of your frequent flyer miles. While these websites may be beneficial, they can also present potential issues related to the security of the account information you have shared with them. If you want to use their services, thoroughly research the company behind the website, including making sure that you’re dealing with a legitimate entity and not a fraudulent site.
Periodically check your bank accounts for signs of fraud.
If you bank online, check your accounts and lines of credit at regular intervals to spot and report errors or fraudulent transactions, just as you would review a paper statement.
Federal laws generally limit your liability for unauthorized use of your debit, credit and prepaid cards, especially if you report the problem to your financial institution within specified time periods, which vary depending on the circumstances (see "How Federal Laws and Industry Practices Limit Losses From Cyberattacks"). A good rule of thumb is to check your accounts online once or twice a week. Also, many banks make it easier for customers to keep track of their accounts by offering email or text message alerts when balances fall below a certain level or when there is a transaction over a certain amount.
Basic security tips
Keep your software up to date.
Software manufacturers continually update their products to fix vulnerabilities or security weaknesses when they find them. “All of your software should be checked and updated as generally recommended by the manufacturer or when flaws are found,” explained Kathryn Weatherby, a fraud examination specialist for the FDIC. “This advice goes for everything from your operating system to your word processing software, Internet browsers, spreadsheet software and even your digital photography applications. A vulnerability in one piece of software, no matter how insignificant it may seem, can be exploited by a hacker and used as a pathway into your whole computer.”
Some software manufacturers may issue “patches” that you need to install to update a program. Others may simply provide you with a completely new version of the software. “Before installing any update you receive, make sure it is legitimate, especially if it is emailed to you,” said Benardo. “Check the software manufacturer’s website or contact the company directly to verify the update’s validity. Criminals have been known to imitate software vendors providing a security update when, in fact, they are distributing malware. Once you confirm that an update is legitimate, install it as soon as possible to correct whatever security flaw might exist.”
Install antivirus software that prevents, detects and removes malicious programs.
Crooks and computer hackers are always developing new malware that can access computers and steal information, such as account passwords or credit or debit card numbers. These programs may also be able to destroy data from the infected computer’s hard drive.
Malware can enter your computer in a variety of ways, perhaps as an attachment to an email, a downloaded file from an infected website, or from a contaminated thumb drive or disk. Being diligent with email is the most efficient way to avoid a malware infection. Fight back by installing antivirus software that periodically runs in the background of your computer to search for and remove malware. Also be sure to set the software to update automatically so that it can protect you from the latest malware. See “Beware of Malware: Think Before You Click!” for more information.
Some antivirus software and firewalls can be purchased, while others are available free. Either way, it’s a good idea to check out these products by reading reviews from computer and consumer publications. Look for products that have high ratings for detecting problems and providing tech support if your computer becomes infected. Other ways to select the right protection products for your computer are to consult with the manufacturer of your computer or operating system, or to ask someone you know who is a computer expert.
Use a firewall program to prevent unauthorized access to your PC.
A firewall is a combination of hardware and software that establishes a barrier between your personal computer and an external network, such as the Internet, and then monitors and controls incoming and outgoing network traffic. In simple terms, a firewall acts as a gatekeeper that helps screen out hackers, malware and other intruders who try to access your computer from the Internet.
Change default passwords for routers and other internet connected devices.
Most routers come with a default or “out-of-the-box” password. If this password isn’t changed, hackers can easily access your network. Additionally, Internet-connected devices can act as a doorway into your network if they also have a weak or default password. If one of these devices is compromised, that can potentially compromise your network as a whole.
Take advantage of Internet safety features.
Current versions of most popular Internet browsers and search engines often will indicate if you are visiting a suspicious website or a page that cannot be verified as trusted. It’s best not to continue on to pages with these kinds of warnings. Review your Internet browser’s user instructions and explore the Tools and Help tabs to learn more about the security settings and alerts offered.
Be careful where and how you connect to the Internet.
A public computer, such as at an Internet cafe or a hotel business center, may not have up-to-date security software and could be infected with malware. Similarly, if you are using a portable computer (such as a laptop or mobile device) for online banking or shopping, avoid connecting it to a wireless (Wi-Fi) network at a public “hotspot” such as a coffee shop, hotel or airport. Wi-Fi in public areas can be used by criminals to intercept your device’s signals and as a collection point for personal information.
The bottom line, especially for sensitive matters such as online banking and activities that involve personal information, is to consider only accessing the Internet using your own computer with a secure, trusted connection, and to only connect laptops and mobile devices to trusted networks.