PROTECTING YOURSELF AND YOUR BUSINESS
A. Secure Your Computer Systems
B. Internet Using Guidelines
Tips for Safe Online Banking
- Look out for Email Fraud – learn how to identify a Phishing email which may have the following features:
- Generic greetings such as “Dear user” or general information within the email.
- Company logo or other identifying image may be slightly distorted or different from the original company image.
- The links embedded on the email does not match the URL of the legitimate site.
- Email may be threatening, harsh, demanding and scary, forcing the user to comply immediately with the instructions in it.
- An attachment comes with the email asking users to click on it, which will launch a virus or spyware on your computer.
- Spot Website Fraud – emails may direct you to a bogus website that is often very convincing. Beware of these telltale features:
- The site threatens to shut down your account unless you verify your personal information.
- The site returns an error message and asks you to log in.
- The URL in not quite right, does not match the bank’s website, or contains transposed letters and/or unrelated symbols such as @ % $.
- The website logo or identifying image is distorted or stretched, indicating that it has been copied and tampered.
- There are spelling and grammatical errors in the website.
- Telephone numbers on the website differs from the published phone numbers of Bank of the Orient.
- Tools for Security
- Use antivirus software on all servers, desktops and laptops. Check for new virus definitions daily and scan your system weekly.
- Stay up to date with software and security patches to protect against intrusions and infections that can lead to the compromise of your computer files or passwords.
- Use a firewall program on every computer and, install a network firewall if possible. The firewall program will allow you to stop uninvited access to your computer. Not having it will make it easier for hackers to take over your computer, access the personal information stored on it, or use it to commit other crimes.
- Use a secured private network (VPN) over a wireless network to prevent hackers from intercepting your data.
- Look for website privacy policies. They should answer questions about maintaining accuracy, access, security and control of personal information collected by the site. They must also state how your information will be used and if accessed by third parties.
- Delete all personal information from your computers prior to discarding them.
Tips for Strong Passwords
- When accessing online banking sites, always type the URL directly into the address bar. This will ensure that you are going to the legitimate site of the bank. Bookmark the URL so you would not have to retype it next time.
- Look for a lock icon in the browser and “https:” in the address line. These indicate that you are on a secure page. To further verify, click on the padlock icon and it will provide the security certificate.
- Watch out for unusual, out of place or slightly distorted/altered domain, or irregular logo, or urgent account verification requests.
- Don’t use the same password for banking that you use for other online accounts.
- Don’t use public computers to do your banking, such as those in libraries, internet cafes or in schools, as these may have unsecured network connections.
Tips for Safe Web Browsing
- Never share your password with anyone.
- Memorize your password. Do not write it down or store it on your computer.
- Use passwords that are at least eight characters long. Use upper and lower case letters, numbers and symbols in combination to create your passwords.
- Avoid using common information and obvious names. Use a phrase that is known only to you and not others, such as “my dog Groucho takes a Bath every 5 days” which translates to “mdGtaBe5d”.
- Change passwords regularly, at least every 90 days.
Tips for Safe Email
- Never respond to unsolicited requests for account information.
- Do not click on pop-ups. If possible, set your browser to block them.
- Do not give out personal information to blogs, forums and other social networking sites. These sites are targets for thieves to obtain information related to security questions or “out-of-pocket” questions used by legitimate websites.
- Do not visit unsafe sites. You will open yourself up to a flood of spam, pop-ups and spyware.
- When shopping online, use secure sites that encrypt your credit card information. Look for the locked padlock icon in the browser frame and “https:” in the address line.
- Be suspicious of odd error messages. Do not click on them or respond to them. Scan your computer to remove any virus of spyware.
- Scan your computer files regularly, once a week, if possible.
Tips for Safe Instant Messaging
- Never open email from someone you don’t know. Read subject lines carefully. Do not be tricked by a friendly tone or urgent request.
- Turn off the preview pane in your email. Opening emails with preview pane could allow spyware or virus programs to run as soon as you read the email.
- Do not click on links or attachments in unsolicited email, especially if they tell you that problem is urgent or the attached file ends in “.exe”.
- Delete email from unknown sources immediately. Use your junk mail filter.
- Do not forward chain emails. Spam already makes up around 50% of all email traffic.
C. Enhance Your Company Security
- Block people you don’t want to send and receive messages from, especially complete strangers. Adjust your IM settings so that only people on your list or friends can IM you.
- Do not reply to strangers, especially if their messages are rude or annoying. It could be a predator.
- Do not click on unsolicited links or attachments. They could contain a virus or spyware.
- Do not create a profile that includes personal information. It can open you up to harassment and attract predators.
- Know your children’s online friends and supervise their chat activities.
- Employee Security – include your employees in creating or modifying your security plan. This will make them feel involved in the process and they are more likely to observe your policies.
- List all the ways your business collects, uses and stores customer and business information.
- List who has access to customer and business information.
- Train everyone on your list to protect sensitive information. Give incentives to employees who alert you of vulnerabilities.
- Keep employees updated on new risks and threats. Conduct periodic training or workshops on security awareness.
- Newly hired employees must undergo background checks, particularly those who will have access to sensitive information within the company.
- Get expert technical help from reputable vendors. Networking is a good way of reaching out to your industry peers for updated information regarding information security.
- Workplace Security – always keep your business confidential. This can be achieved by following these simple steps:
- Handle documents with care. Place them out of sight when you are away from your desk. Follow the “clean desk” policy.
- Lock your laptop or desktop PC when away from your desk. Don’t give thieves an open invitation to copy your files or steal your laptop. Store it in a locked cabinet, if necessary.
- Shred all documents that contain confidential and personal information. Do not let dumpster divers turn your trash to cash. If needed, have a destruction company pick up your documents which are kept in locked shred bins for disposal.
- Pick up mail promptly. Do not leave them in overnight pick-up bins for thieves to steal sensitive information.
- Keep your voicemail short. Avoid leaving detailed messages involving sensitive information which may be overheard by a third party at the other end.
- Computer Security – the following basic tips to keep your computer experience secure:
- Protect your personal information. Do not give them to anyone you don’t trust, especially if the request is urgent or threatening.
- Know who you are dealing with. Don’t open unsolicited emails. Do not open attachments from people you do not know. Do not click on pop-ups or other links.
- Always install anti-virus and anti-spyware software. These softwares are the best way to protect your computer against viruses, worms, Trojan horses. Keep it updated and scan regularly.
- Use a firewall. You should install a personal firewall on every computer and remote device to block internet intruders.
- Use strong passwords. Use a combination of upper and lower case letters, numbers and symbols. It is recommended that you use a minimum of eight characters.
- To safeguard against fire, flood or other disaster, backup important files. Copy them onto a disk or flash drive and store them in a secure place in a different building. For larger operations, you can contract a vendor to save and store your network files for you.
- Put an action plan in place in the event that a security breach occurs. Scan for a virus, report fraud to the appropriate authorities. Follow your security policy.