Your Security and Protection When Online

 

Preventing Cybercrime

Computer crime, also referred to as cybercrime, remains a big concern for most people and businesses.  2016 did not present the same level and severity of system incursions, but the election process and issues surrounding purported state sponsored hacking to influence the election seems to have awakened many people.  That said, rest assured those going after personal information are still there and working on their next big payday.  The financial losses experienced as a result of cybercrime may range from minimum to catastrophic; the impact to a person’s life can be devastating as they try to recover from identity theft.  There is no magic method to prevent cybercrime, but there are critical steps that everyone can take to help prevent cybercrime and avoid becoming a victim. 

Riverview Bank can’t act as an advisor to you for your computer security.  However, our providing you some general tips that may aid you when making decisions regarding your computer’s security and bringing to your attention the need to be proactive regarding information protection benefits everyone.  We do not recommend any specific settings.  The decision to accept and implement any of the security tips within this document remains your individual decision.  The Internet offers a tremendous amount of computer security information that you should review periodically to see if you can improve your system’s security.   We hope you find this information helpful.

Passwords
Yes, we all hate them, but when implemented correctly, they help prevent others from accessing information we do not wish them to see or have.  Consider requiring a password to access your computer, particularly if it is a laptop or portable system.  Should it be lost or stolen, there is a better chance your data may not be compromised.  Also, make sure the password you select is not easily guessed.  Use a mix of upper and lower case letters, symbols, and numbers and make it at least eight characters long.  Generally, it is not a good idea to store passwords on a file maintained on the system.  This would apply to mobile phone banking systems also.

Data Encryption
Using one of the many and relatively inexpensive data encryption packages renders your data useless to anyone that does not have the “key” to decrypt the data.  Should you chose to implement encryption on any system, make sure to keep the key in a secure location that can be accessed should the need arise.   Otherwise, the data may be unrecoverable - even to you.

Firewalls
Most systems come with a software-based firewall available and already installed.  The rules it enforces depend on the security level you chose to implement.  Medium to High levels are better, but could result in the denial of some inbound messages.  More importantly, make sure the firewall is turned on before connecting your computer to the Internet.  There is a very short time between connecting to the internet and becoming infected unless proper precautions are in place.

Antivirus and Antispyware
With malicious code in one of every 221 emails (as determined by Symantec - 2015), it appears to be highly probable that your system will face this threat at some point.  Make sure you install and regularly update antivirus and anti-malware software to protect your systems.  This software can also be scheduled to run automatically and both shorter daily scans and more in-depth weekly scans should be implemented.  Make sure your mobile phone is protected as there are more and more instances of malware and virus infections taking place on those devices.  Make sure you only install apps from trusted sources as rogue apps can easily compromise systems and steal passwords and user IDs.  From that point, the theft of your data and even bank account compromises are possible.  With the mobile banking from smartphones gaining user adoption, rest assured, the “other side” will be working hard to find the best way to access those devices to steal your money.

Wireless Connections
Ensure that your wireless connection is secure.  Read the documentation that came with your wireless access point and make sure encryption is set to WPA or WPA2.  WEP level encryption has been determined to have flaws making it insecure.  Make sure to change the default name of the system to something that will not easily identify you.  Set the password to access the device to a complex password as described above.  Your access point provider can assist with implementing security in most cases.

Email Hazards
Email from people you may or may not know, or recognize, encouraging you to “click on a link” is a warning sign.  Clicking on the link could result in your downloading malicious software and may compromise your system’s security.  If you were not expecting the communication, you should not click on the attachments.  The same goes for downloading applications from unknown and untrusted sites.  You may get all you want – and more.

Public Computer Use
Surfing the internet from a public computer is not necessarily bad.   Unfortunately, the user will normally have no knowledge of the security in place, if there is any!    For that reason, you should never access sites that require you to input your password as it, along with other information, may be recorded.  If you want the information to remain private, you may want to wait until you are on your own or another system known to be secure.  Hotel, airport, and businesses offering free WIFI are certainly convenient, but you never know if it is a site established by cybercriminal solely to steal information.

Smart Phones and PDAs
Consider implementing the password lock to protect your device and the information on it should it be lost or stolen.  These types of devices are now frequently used to house a lot of personal and even financial information.  This has not gone unnoticed by criminals.  Similar protective software on these devices to that on your home systems may be necessary to provide adequate security.  If you use mobile banking, you may want to determine what mobile security is available to you.  Where possible, use a wired phone or secured connection to transmit confidential information such as banking information or social security numbers.

Data Backups
Most people acquire a computer at some point and use if for numerous purposes.  The replacement of a computer is pretty easy.  Sadly, the recovery of data you store on the computer may not be so easy.  Therefore, having a recent backup copy of your data is a good practice.  With the increase of data hijacking for ransom, you will be glad you have a copy of your data rather than have to pay a fee to “maybe” get it back.   How often you backup your system should be related to the value of the information it contains – and what its loss would mean.

Unknown Data Storage Devices
Many USB thumb drives have been lost, and many found.  People who find them seem to be curious as to their contents and plug them in to their system to see what is on the drives.  Imagine, if you will, a number of thumb drives loaded with self-extracting virus software, Trojan applications, or other malware being placed near a business office.  Staff members find these devices, plug them in to their office PC, and the software infects their system and spreads throughout the company network.  Once installed, the software makes an outbound connection and the system is then further exploited.   Destroying these devices, if found, is a better practice.

Systems Disposal
Just because you decide to dispose of your computer, the data you had on it does not magically disappear.  You can obtain software that will scrub the data from the drive.  If you really want to protect any possible data, remove the hard drive and destroy it yourself.  Better to be sure your data is no longer on the system then sell it to someone and later discover your data was compromised.

Stay Aware
Remain aware and question anything that is not normal.  Changes in the way an application functions, inability to access certain files, and worse yet, suspicious account activity could all mean your system has been compromised.   Take action to determine what has happened.   If you determine your system has been compromised and do not feel capable of correcting the issue, seek help to minimize the damage and prevent further spreading of any virus or malware.

Education
The internet is constantly updated with information relative to protecting computer resources and information.  Locate a few sites that provide information on threats and make it a practice to visit them frequently.  You may be enlightened and able to take protective action to avoid becoming a victim of a cybercrime.

Social Media
What an explosion of offerings has taken place.  The wonder years of America On Line (AOL) have become, Snapchat, Linkedin, Twitter, and Facebook, etc.   While the services offered with these social media services can be good, make sure your use of them does not put you at risk.  Pay attention to security settings and what they mean.  Do not be overly giving with birthdates, ages, locations, or other information that can be used to build a profile of you that may be used for identity theft.  Keep in mind, what other people post about you on their sites can reveal things that you may not want publically known.  There are guides on the Internet to assist you with security for these services.

Get More Information
For additional information on phishing and identity theft, go to the Federal Trade Commission's Website at www.ftc.gov.  There is a lot of good information available there to assist you in protecting yourself and your assets.

Important Contact Information if You've Been a Victim of Identity Theft
U.S. Government Agencies
Federal Trade Commission
Website:  www.consumer.gov/idtheft/
Social Security Administration
Fraud Hotline: 800-269-0271

Credit Reporting Agencies

Experian
To request a credit report and/or to report fraud: 888-397-3742
Website:  www.experian.com

Equifax
To request a credit report: 800-685-1111
To report fraud: 800-525-6285
Website: www.equifax.com

TransUnion Corporation
To request a credit report: 800-916-8800
To report fraud: 800-680-7289
Website: www.transunion.com