Cybersecurity basics

Simple steps to secure your computers and mobile devices for Internet banking and shopping

Your home has locks on the doors and windows to protect your family and prevent thieves from stealing cash, electronics, jewelry and other physical possessions.  But do you have deterrents to prevent the loss or theft of your electronic assets, including bank account and other information in your personal computers, at home and when banking or shopping remotely online?

"Think about all of the access points to and from your computer — such as Internet connections, email accounts and wireless networks," said Michael Benardo, manager of the FDIC's Cyber Fraud and Financial Crimes Section.  "These always need to be protected.  Otherwise, it's like leaving your front door wide open while you are away so that anyone could come in and take what they please."

Consider these strategies.

For Banking by Computer or Mobile Device

Take extra precautions for logging into bank and other financial accounts These measures include using "strong" user IDs and passwords by choosing combinations of upper- and lower-case letters, numbers, and symbols that are hard for a hacker to guess.  Don't use your birthdate, address or other words or numbers that can be easy for con artists to find out or guess.  Don't use the same password for different accounts because a criminal who obtains one password can then log in to your other accounts. Keep your user IDs and passwords secret, and change them regularly. Make sure to log out of financial accounts when you complete your transactions or walk away from the computer.

Consider using a separate computer solely for online banking or shopping. A growing number of people are purchasing basic PCs and using them only for banking online and not Web browsing, emailing, social networking, playing games or other activities that are more susceptible to malicious software — known generally as "malware" — that can access computers and steal information.  As an alternative, you can use an old PC for this limited purpose, but uninstall any software no longer needed and scan the entire PC to check for malicious software before proceeding.

Take precautions if you provide financial account information to third parties online.  For example, some people use online "account aggregation" services that, from one website, can provide a convenient way to pay bills, monitor balances in deposits and investment accounts, and even keep track of your frequent flyer miles.  While these websites may be beneficial, they can also present potential issues related to the security of the account information you have shared with them.  If you want to use their services, thoroughly research the company behind the website, including making sure that you're dealing with a legitimate entity and not a fraudulent site. Also ask what protections the website offers if it experiences a data breach or loss of data.

Periodically check your bank accounts for signs of fraud.  If you bank online, check your deposit accounts and lines of credit at regular intervals to spot and report errors or fraudulent transactions, just as you would review a paper statement.  Online banking makes it easier and faster to monitor your accounts.  This is important, because the sooner you can detect a problem with a transaction, the easier it should be to fix.

Federal laws generally limit your liability for unauthorized use of your debit, credit and prepaid cards, especially if you report the problem to your financial institution within specified time periods, which vary depending on the circumstances (see How Federal Laws and Industry Practices Limit Losses From Cyberattacks). A good rule of thumb is to check your accounts online once or twice a week.  Also, many banks make it easier for clients to keep track of their accounts by offering email or text message alerts when balances fall below a certain level or when there is a transaction over a certain amount.

Basic Security Tips

Keep your software up to date. Software manufacturers continually update their products to fix vulnerabilities or security weaknesses when they find them.  "All of your software should be checked and updated as generally recommended by the manufacturer or when flaws are found," explained Kathryn Weatherby, a fraud examination specialist for the FDIC.  "This advice goes for everything from your operating system to your word processing software, Internet browsers, spreadsheet software, and even your digital photography applications.  A vulnerability in one piece of software, no matter how insignificant it may seem, can be exploited by a hacker and used as a pathway into your whole computer."

Some software manufacturers may issue "patches" that you need to install to update a program.  Others may simply provide you with a completely new version of the software. "Before installing any update you receive, make sure it is legitimate, especially if it is emailed to you," said Benardo.  "Check the software manufacturer's website or contact the company directly to verify the update's validity.  Criminals have been known to imitate software vendors providing a security update when, in fact, they are distributing malware. Once you confirm that an update is legitimate, install it as soon as possible to correct whatever security flaw might exist."

Install anti-virus software that prevents, detects and removes malicious programs.  Crooks and computer hackers are always developing new malware that can access computers and steal information, such as account passwords or credit or debit card numbers.  These programs also may be able to destroy data from the infected computer's hard drive. 

Malware can enter your computer in a variety of ways, perhaps as an attachment to an email, a downloaded file from an infected website, or from a contaminated thumb drive or disk.  Fight back by installing anti-virus software that periodically runs in the background of your computer to search for and remove malware.  Also be sure to set the software to update automatically so that it can protect you from the latest malware.  See Beware of Malware: Think Before You Click! for more information.

Use a firewall program to prevent unauthorized access to your PC.  A firewall is a combination of hardware and software that establishes a barrier between your personal computer and an external network, such as the Internet, and then monitors and controls incoming and outgoing network traffic.  In simple terms, a firewall acts as a gatekeeper that helps screen out hackers, malware and other intruders who try to access your computer from the Internet. 

Only use security products from reputable companies.  Some anti-virus software and firewalls can be purchased, while others are available free.  Either way, it's a good idea to check out these products by reading reviews from computer and consumer publications.  Look for products that have high ratings for detecting problems and for providing tech support if your computer becomes infected.  Other ways to select the right protection products for your computer are to consult with the manufacturer of your computer or operating system, or to ask someone you know who is a computer expert. 

Take advantage of Internet safety features.  When you are banking online, shopping on the Internet or filling out an application that requests sensitive personal information such as credit card, debit card and bank account numbers, make sure you are doing business with reputable companies.  You also can have greater confidence in a website that encrypts (scrambles) the information as it travels to and from your computer.  Look for a padlock symbol on the page and a Web address that starts with "https://."  The "s" stands for "secure."

Also, current versions of most popular Internet browsers and search engines often will indicate if you are visiting a suspicious website or a page that cannot be verified as trusted.  It's best not to continue on to pages with these kinds of warnings. Review your Internet browser's user instructions and explore the "tools" and "help" tabs to learn more about the security settings and alerts offered.

Be careful where and how you connect to the Internet.  A public computer, such as at an Internet café or a hotel business center, may not have up-to-date security software and could be infected with malware.  Similarly, if you are using a portable computer (such as a laptop or mobile device) for online banking or shopping, avoid connecting it to a wireless (Wi-Fi) network at a public "hotspot" such as a coffee shop, hotel or airport.  Wi-Fi in public areas can be used by criminals to intercept your device's signals and as a collection point for personal information.

The bottom line, especially for sensitive matters such as online banking and activities that involve personal information, is to consider only accessing the Internet using your own computer with a secure, trusted connection, and to only connect laptops and mobile devices to trusted networks. 

For more tips on computer and Internet security for bank clients, watch the FDIC's multimedia presentation "Don't Be an Online Victim: How to Guard Against Internet Thieves and Electronic Scams."  Also, visit www.OnGuardOnline.gov for information from the federal government on how to be safe online.  The site includes videos from the Federal Trade Commission on what to do if your email is hacked or if malware attacks your computer.