FacebookTwitterGoogle+

Online Security Information

Tips to Protect Against Identity Theft

Protect your Personal Information

Online security is a serious issue. Kleberg Bank has provided this helpful primer so you can be smart and be safe while using online services. Click any of the articles below.

  • Keeping Your Computer Protected

    Keep Your Computer Operation System Updated

    • Set your browser security settings at a high enough level to help detect unauthorized downloads. (Click on your browser's "Help" menu for steps.)
    • Keep your browser current; install updates as they are sent. You can set your computer to automatically install updates each time you log on. Popular browsers include Microsoft Internet Explorer, Netscape, America Online, Mozilla Firefox.
    • Use updated anti-virus software, such as McAfee or Norton; make sure your virus definitions are current and real-time protection is enabled.
    • Perform regular full system scans on your computer to help detect and clean viruses and spyware.
    • Use updated anti-spyware software. Using more than one will ensure the most thorough scan. Some well known programs are Windows Defender, Ad Aware, Spy Sweeper, Spybot Search & Destroy.
    • Activate a pop-up blocker. Users of XP Service Pack 2 and above already have access to this feature in Internet Explorer. (See your browser's "Help" menu for steps on enabling this feature.)
    • Install a personal firewall on your computer. A firewall acts as a filter to prevent access to information on your computer. Some well-know programs are McAfee, Norton, Zone Alarm.
    • Special precautions should be taken with home or office wireless networks. (Contact a computer professional for more information on how to do this.)

    Why Should You Be Afraid of Malware?

    What is malware?

    Malware is a general term for software that is meant to cause harm. Computer viruses, spyware, adware, and Trojan horses are all examples of malware. Computer security experts like to compare malware with human diseases (which is why computer viruses are called "viruses" in the first place).

    The purpose of malware can be something as seemingly harmless (yet annoying) as popping up a window to show you unwanted advertising, or as dangerous as snooping on the keystrokes as you type your internet banking password.

    How do computers get malware?

    Computers become infected with malware through a number of mechanisms – sharing files on jump drives or floppy disks, opening suspicious e-mail attachments, or visiting websites that are themselves infected with malware. Additionally, malware can arrive via downloaded files, such as music or videos from a peer-to-peer file sharing networks (such as Kazaa or BitTorrent), or simply by visiting a website that has been hacked and infected. No longer is it a matter of staying away from "bad" websites. Unfortunately any website that is not properly secured can be hacked and infected with malware that could infect your PC.

    How do you avoid getting malware?

    Doctors tell you to avoid getting the flu by washing your hands frequently, avoiding contact with those who are already infected, and by getting immunized. Precautions against getting malware are remarkably similar to trying to stay healthy.

    • The single most important step that you can take to protect your PC is to install and use well-known anti-virus software. Update the virus definitions regularly and scan your computer regularly. Most anti-virus scanners will provide tools to automate these tasks so that they take place when you are not using your computer. This software will help you when you visit a site that has been hacked and infected.

    • Use a software firewall. If you are using Windows XP or Vista, enable the Windows Firewall. If you have a Mac and are running OS X 10.2 or above, enable the built-in firewall.

    • Avoid fake anti-malware. Unfortunately, there are rogue anti-malware vendors that promise to rid your computer of malware, but actually install malware instead, often holding your computer hostage until you pay them. Don't buy anti-malware software advertized in pop-up ads. Legitimate software isn't sold this way. GetNetWise.org (maintained by the Internet Education Foundation) has a list of legitimate security tools.

    • Don't open suspicious e-mail attachments. Historically e-mail attachments are one of the most popular ways to spread malware. If you don't know what it is, delete it immediately rather than open it.

    • Surf the web carefully. Malware often comes from "dodgy" web sites. Download and install software only from websites you know and trust. Scan any downloaded files for viruses before you open them.

    How will I know if my computer is infected?

    If you have a Mac, your chances of being infected with malware are lower than if you are running Windows, although the incidence of Mac malware is on the rise. Some security experts predict that 2009 will see a large increase in the amount of malware targeted at Macs.

    It is possible that malware will make its existence known through pop-up windows or messages on your screen. If your computer exhibits this sort of behavior, your computer is certainly infected. Otherwise, you should look for the following symptoms.

    Programs running slowly, crashing: many types of malware like to piggy-back on other applications, like web browsers, to monitor what they are doing. This can use a lot of your computer's resources, causing it to slow down considerably. On the other hand, some malware is just badly written and can slow down your computer or even crash other applications.

    Suspicious network traffic; slow internet connection: If you are running Windows, press the CTRL, ALT and Delete keys at the same time, then select "Task Manager" from the resulting window. When Task manager opens, click on the Network tab and see if your PC is using the internet network connection, if it shows more than a few percent usage then this could be evidence of something using your internet connection without your knowledge.

    Anti-virus warnings: Antivirus software cannot be expected to find all malware, but it does detect about 75%. Some malware will attempt to download other malware to do more damage. Antivirus software may detect one of these applications but not both. An anti-virus warning, combined with other signs, is a good indication of an infection, especially if you're not currently browsing the web or copying files.

    What should I do if my computer is infected?

    First, stop banking, shopping, or other online activities that involve sensitive information. Confirm that your anti-virus software is enabled and up-to-date. Scan your computer for viruses. Allow the anti-virus software to do its job, cleaning up and deleting viruses. Some malware is very sophisticated and can be difficult to remove even with the tools mentioned here. If you suspect that your computer is still infected, you may want to contact a professional. Many of the stores that sell computers also have services to repair them; this may be a good place to find assistance.

    There are some helpful, legitimate (and free) resources that can aid in getting your computer healthy again:

    • Malwarebytes.org has a number of tools that can help identify and remove malware from your computer.
    • Microsoft Security Essentials guards against viruses, spyware, and other malware. It provides real-time protection for your home or small business PCs.
  • Online and Email Safety

    You don't have to be a computer expert to protect yourself from internet fraud or identity theft. Here are a few simple precautions you can take to protect yourself.


    Login Safety and Password Protection

    • Do not access your bank, brokerage or other financial services at Internet cafes, or other public sites.
    • Do not use the automatic login feature that saves your password.
    • When creating passwords and answers to challenge questions don't use information that is easily linked to you such as your birth date, pet's name, your mother's maiden name or your Social Security Number.
    • Create strong passwords. Don't use words, phrases, names of people or places. Use both numbers and caps and lowercase letters, and special characters such as #, %, @, &, and $. Passwords should be at least eight characters long.
    • Change your passwords frequently, especially if you sign in from several computers, including computers at work.

    Online and Email Safety

    Normal email does not have built in security.

    • No Authentication: No guarantee that the email is from the listed sender (spoofed email).
    • No Encryption: The email is public information the instant you send it over the Internet.
    • No Data Integrity: No guarantee that the email has not been tampered with while in transit.

    More tips for online an email safety:

    • Never leave your computer unattended while using any online banking or investing service.
    • Log off of Online Services when you are finished. Do not just close or shut down your browser.
    • Do not share you IDs, passwords, or other codes with a third party.
    • Do not respond to emails that appear to be from your bank, a government office or other entity if it requests confidential information such as User IDs, Passwords, PINs, Social Security Numbers, etc.
    • Delete email messages that appear to be spam or contain suspicious attachments. Do not open the email if the name of the sender is unfamiliar or the subject is suspicious.
    • Do not click links inside spam email, especially emails claiming to offer anti-spyware software.
    • Close a pop-up by clicking on the "X." Do not close by clicking within the advertisement itself.
    • Do not install software without knowing exactly what it is or what it will do. Read the end-user license agreement.

    Some Tips for Recognizing Fraudulent Emails:

    • Fraudulent emails are trying to trick you into providing your personal information such as your Social Security Number, ATM or Check Card PIN, or other sensitive information.
    • Often these emails contain urgent appeals that falsely claim your account may be closed if you fail to confirm, verify or authenticate your personal information immediately.
    • The email may even falsely claim that the bank has lost important security information and it needs to be updated online.
    • Typos and grammatical and other errors are often signs that the email or website is fraudulent. Awkward, stilted sentences and poor design or visual quality are also signs of potential fraud.
    • Offers that are too-good-to-be-true usually are. Don't get mixed up in fraud schemes that promise to pay you money for helping the sender transfer cash.

    Resources for More Information

    OnGuardOnline.gov is a website that provides tips and information from the federal government and the technology industry to help you protect yourself against Internet fraud, and secure your computer and personal information.


    Credit Bureaus—At your request, all nationwide consumer reporting agencies must provide you with a free copy of your credit report each year which can be ordered from annualcreditreport.com. If you have already received your credit report within the last 12 months, you can order a copy from the credit bureaus for a fee.

    • Equifax 800-685-1111
    • Experian 888-397-3742
    • Trans Union 800-888-4213
  • Common Scams and Fraud Schemes

    Phishing

    Fraudsters use emails or pop-ups to direct you to bogus websites (that look like legitimate websites) to steal your confidential information.

    How it works:

    • You receive an email or a pop-up that directs you to the bogus website that looks like a legitimate organization.
    • You are asked to confirm sensitive information such as your account numbers, personal ID or passwords.
    • The fraudster uses this information to steal your money or access your credit to run up bills by charging purchases to your credit cards or open new charge accounts in your name.

    What to look for:

    • Email or pop-up messages that claim to be from a business or organization you deal with such as an Internet Service Provider (ISP), bank, online payment service, or government agency that ask you to confirm or reveal confidential information
    • Email or pop-up messages that claim to be from a business or organization you deal with such as an Internet Service Provider (ISP) bank, online payment service or government agency that ask you to confirm or reveal confidential information
    • Never respond to email or pop-up messages that ask for your personal or financial information, even if they threaten to deactivate your account if you don't update your information.
    • Never click links in the message or cut and paste a link from the message into your web browser.
    • Phishers can make links look like they go one place, but actually take you to a look-alike site.
    • Signs of a secured web site are Web address that begins with "https" instead of just "http" (the "s" denotes "secure") or a closed padlock icon displayed in the status bar at the lower right of your screen. Look for these signs if you have clicked on a link to access the website to help you determine if the site is legitimate.

    Vishing

    This is another method for scamming users by email or telephone.

    How it works:

    • You receive an email or telephone recording asking you to call a customer service number.
    • When you call the number, you hear a recording that asks you to provide account numbers, passwords and/or other critical information.

    What to look for:

    • Callers or emails that direct you to a "customer service" center that asks for confidential information.

    What you can do:

    • Do not provide information to a caller who asks you to update your personal information, especially if you are pressured to provide the information immediately.
    • Do not respond to companies you have never done business with before that ask you to update or provide information unless you know the company is legitimate.

    Drive-By Download

    An increasing number of computer viruses or infections are attacking computer though a process that has been dubbed "drive-by" download. In this scam, a program that can take advantage of a security flaw in your browser is automatically loaded on your computer.

    How it works:

    • You conduct a keyword search on a search engine.
    • You are taken to a results page and click on a paid ad listing on the right hand side of the page.
    • Your computer is infected with a virus that enables a fraudster to monitor your key stokes, a process known as keystroke logging.
    • The keystroke logger is now able to "watch" you keystrokes as you key in personal information such as account numbers, passwords, and answers to challenge questions.

    What to look for:

    • These booby-trapped pages often have addresses that use the relatively unpopulated ".info" domain (as opposed to ".com" or ".net" domains).

    What you can do:

    • Keep your operating system, browser and anti-virus software updated.
    • Download software only from websites you trust.
    • Be cautious when clicking on pop-up advertisements
    • Always read license agreements and policies of any software you install.
    • Stick to well-know websites.
    • Pay attention to links in emails and the results you get from search engines; they could be fraudulent.

    Lotteries

    Fraudsters send emails with false claims that the victim has won a lottery.

    How it works:

    • You receive an email that indicates you have won a lottery (most often from a foreign country) and are due a substantial amount of money.
    • You are informed that you must pay a processing or transfer fee in order to receive your winnings.
    • You receive a check or money order to cover the required fees and are instructed to deposit the check into a bank account and wire the money to a third party, usually in a foreign country.
    • You wire the money and later learn that the check is counterfeit.

    What to look for:

    • An email or letter that claims you have won a foreign lottery that you have not entered.

    What you can do:

    • Be suspicious of any claim if it appears to be too good to be true.
    • Talk to your bank and tell them how you received the check and what is asked of you before making a deposit.

    Inheritance Scam

    You are notified by a law firm, an executor of a will that a long-lost relative has died and left you money in the will.

    How it works:

    • You are notified of your inheritance.
    • You are asked for your bank account number so the funds to be deposited into your account with the understanding that you will pay a fee.
    • Then the "lawyer," who is a fraudster does one of two things 1) asks you to send a money order to cover fees related to probating the will, or 2) sends you a check or money order then immediately calls to say the he sent too much and asks you to wire the overpayment back.
    • The key is that the fraudster asks for their money immediately before the check or money order they sent to you has time to clear the bank. The check or money order is counterfeit and you have been scammed.

    What you can do:

    • Be wary if the long-lost relative or friend is not a name you recognize.
    • Remember the old adage, "if it's too good to be true, it probably is."

    Internet Auction/Overpayment Scheme

    Fraudsters victimize individuals who sell items on the internet.

    How it works:

    • You sell or auction an item—usually a high-priced item, such as an automobile, motorcycle or boat, via the internet.
    • The buyer sends a check or money order for more that the purchase price and asks you to wire the excess money to a third party.
    • The buyer indicates that the third party is the shipper who has been hired to pick up and ship the merchandise.
    • Later, the check is returned as counterfeit and you are responsible for the money you wired to pay for shipping.

    What to look for:

    • A buyer who overpays you and asks you to wire the excess money. The buyer may claim the overpayment was a mistake or that it is to be used to pay the shipper.

    What you can do:

    • Do not accept a check for overpayment.
    • Notify your bank of the transaction and ask them to that the funds are available to cover the amount of the check before you deposit the check.

    Foreign Business Offers/Advance Fee Scams

    Fraudster poses as a foreign businessman or foreign government official who needs to move a large sum of money out of the country.

    How it works:

    • You receive an email from someone claiming to be a foreign businessman or governmental official asking for assistance in moving a large sum of their country.
    • You are offered a large sum, usually 25% to 40% of the proceeds, as payment for your trouble.
    • You agree and receive a large check to deposit into your bank account.
    • You are asked to wire transfer a large amount, an advance fee, to bribe an official, pay transfer fees, attorneys fees, or settlement fees.
    • You believe the check you received is legitimate so you wire the money.
    • The check or money you deposited is counterfeit, and you are liable for the money you wired to the foreign country.

    What to look for:

    • Any offer to assist in transferring money from a foreign country into your banking account.

    What you can do:

    • The scenario described above is bogus; do not agree to participate.

    Work-at Home-Scam

    In this scam a job seeker is tricked into receiving illegal money transfers or counterfeit checks or money orders and sending money to the fraudster.

    How it works:

    • You post your resume on a popular internet website or answer a newspaper ad and are offered a job as a "Payment Processing Clerk" or "Accounts Receivable Clerk."
    • Your are instructed to use your personal checking account to receive on behalf of the company funds transfers, checks, or money orders.
    • You are instructed to keep 5% to 10% of the money as your "salary" and wire the rest to your "employer."
    • The "employer" is a fraudster and you are responsible for the money you have wired.

    What to look for:

    • Be skeptical of any "work-at-home" job if you are asked to use your personal checking account to deposit checks or receive money on behalf of your employer.

    What you can do:

    • If you are concerned, contact your Better Business Bureau or Chamber of Commerce to determine if the company is legitimate.
  • How Kleberg Bank Protects You

    We value the trust you place in us when you allow us to handle your financial information. We take every precaution to handle your financial information securely and with extreme care.

    Our Code of Ethics:

    Every member of the Kleberg Bank team operates under a strict code of ethics that mandates confidential treatment of your information. Any team member that has access to customer information must complete privacy and information security awareness training annually. In addition, Kleberg Bank maintains physical, electronic and procedural safeguards to protect against unauthorized access to customer information.

    Our Security Policy:

    Kleberg Bank has adopted a security policy designed to protect the confidentiality and security of your information. This information security program is subject to ongoing regulatory oversight and examination.

    Our Customer Information Security Program:

    We protect the security of your information in the following ways:

    • Computer anti-virus and spyware protection detect and prevents viruses and spyware from entering our computer network systems.
    • Firewalls block unauthorized access by individuals and network from entering our computer network systems.
    • Secure Email is available on the Kleberg Bank website and our Online Banking Message Center to ensure that your communication with us is secure and confidential. (Read the information on the Kleberg Bank website to sign up and login to our secure email portal, or visit our Online Banking Message Center to post a message to us.
    • Third party security experts test our information security systems and processes regularly to make certain our computers and networks remain secure.
    • Employee security awareness training ensures that our employees are trained to recognize the tactics that could be used by unauthorized parties to gain access to information.
  • Online Banking Security Services

    Online banking is an excellent way to monitor your account activity and make sure the transactions on your account are your own.

    Preventing Fraud and Identity Theft

    Kleberg Bank's PassKey is a multi-factor authentication product that provides an additional layer of security for your online banking and cash management accounts.

    Kleberg Bank's PassKey

    • Helps you recognize that you are logging into the official Kleberg Bank Online Banking site.
    • Helps identify you and prevent unauthorized access to your online information.

    This is how it works:

    • Enter your User ID.
    • If Kleberg Bank recognizes you, the PassKey picture you have pre-selected is displayed, which your assurance that you are on the official Kleberg Bank Website.
    • Enter your password to complete the log in.
    • You may be asked to answer certain questions you have selected before proceeding with the Log In. If so, provide the correct answers to your questions to access your Kleberg Bank online accounts.
  • Persistent Cookies

    Additional Security for Your Online Banking

    Additional security was added to your online banking service in January 2010. "Persistent Cookies" collect information, called "markers" about you when you visit a specific website, such as online banking. They do not track you but simply enable the site to remember you on subsequent visits. The markers also create additional security for you because they identify and remember where you log in. If you log in from an unusual site; you will be prompted for more information to validate who you are, which helps prevent hacking.

    Here's how it works

    • After January 11, 2010, the first time you log on to your account, you will be prompted to accept the option for Persistent Cookies.
    • Please click "Allow cookie" to accept the option.
    • If you choose NOT to accept the option for Persistent Cookies, you will not be able to access online banking services.

    1. What information is stored in the persistent cookies, and could a hacker get and use the information?

    • The cookie is a unique, encrypted hashed value created by our online banking provider: it is carefully guarded and never disclosed due to security implications.
    • Because of its proprietary nature, the hashed value is useless to a hacker, in fact, the cookie is a tool to help prevent a hacker from accessing your information.

    2. What happens if I delete the persistent cookie? Will it be appear again at the next login and prompt me to allow the persistent cookie?

    • Yes, if you delete your persistent cookie, you will have the opportunity to "allow cookie" again at your next login.

    3. What if I have my browser set to prompt for all cookies? Will this increase challenges?

    • If you have your browser set to "Prompt for Cookies," you will be prompted at every login to accept cookies.
    • Each time you create a new cookie, your risk score is elevated until the system learns your behavior for that cookie. If your risk score gets high enough, it could cause a higher challenge rate, which means that you will have to provide additional information to ensure that you are authorized to access your information.
    • If your setting is set for "Allow Cookie" you will only be prompted the first time you log on.

    Need additional information?

    Learn how to set and customize cookies setting in Internet Explorer.

    Read for Microsoft's detailed description of cookies.

  • Securing Your Password

    Your online banking password is the key to your personal and financial information. If criminals know your password, they can use it to steal from you or pose as you in online transitions. This newsletter will provide you with some simple tips to make your online banking experience safer.

    Criminals will always gravitate towards the easiest money. The more barriers that you can put into place, the more likely the criminal will go elsewhere. The reason all financial institutions implemented new login procedures (known as multifactor authentication) a few years ago was to add a layer of security and deter criminals from your online account. Criminals adjust and so should you. Here are some easy Do's and Don'ts that you can use to steer criminals elsewhere:

    Do's

    Install a reputable antivirus software program on all computers and keep them current. This is the single most important thing you can do to protect yourself. While we do not endorse or recommend a particular product, some good solutions are Internet Security packages available from makers such as: Norton, McAfee, or Kapersky.

    Make your password as long and complex as possible. Our online banking system will permit you to create a password up to 8 characters long.

    Make it easy to remember, but hard to guess. Use a combination of letters and numbers that you know, but that wouldn't make sense to others. Combine initials and important numbers and, if you are feeling particularly adventurous, a special character such as @ or # or $ or & or *. A good password could be 17dg*wm4. How can you make a similar combination work for you?

    Use more than one password. Use a generic password for low-risk situations such as a newspaper website where there is little risk to you if someone figures it out. Not every website warrants the same level of protection as your online banking website. To make your ever-growing list of passwords more manageable, consider using a general-purpose password for websites that do not contain personal or financial information, and creating a unique, secure password for each website that does, such as online banking.

    Use trustworthy computers. Shared public computers like those in airport lounges, Internet cafes, public libraries, and hotel lobbies could be connected to keystroke loggers or infected with password-stealing viruses. Don't use them to access online banking or other websites containing confidential information about you.

    Don'ts

    Never e-mail your password or respond to an e-mailed request for your password or other confidential information. We will never ask you to submit confidential information in an e-mail. E-mail travels the Internet in much the same way as a postcard travels through the U.S. Mail. There is no "envelope" to protect the contents from prying eyes. There is no reason for anyone but you to know your password ever. Requests for your passwords via e-mail are most assuredly scams.

    Do not include your login name in your password. Similarly, any part of your login name is a poor choice for a password.

    Avoid predictable sequences of characters, such as "1234" or "abcd", in your password. Automated password crackers often start by guessing predictable sequences such as these.

    Avoid dictionary words or names Words in any language can be determined by automated password crackers that also contain multi-lingual dictionaries. Similarly, password crackers also contain lists of names used as possible passwords. No one else may remember the name of your high school sweetheart, but if his or her name is on the list, your password may be vulnerable.

  • Secure Computer Disposal

    Eventually, every computer reaches the end of its useful life. If you are recycling or reselling your old computer or even kicking it to the curb, there are a few steps you should take to ensure that any future owner can't get more out of it than you bargained for.

    Your personal computer likely contains a lot of information that would be a gold mine for identity thieves – account numbers, addresses, passwords, tax returns, credit card statements. To prevent this information from falling into the wrong hands, you should take care of this information before you dispose of the computer.

    Sensitive personal information resides on the hard drive inside your computer. The hard drive is like a chalkboard with no eraser. When a program wants to record some data on the chalkboard, it hastily wipes a spot clean with its hand and records the data there. After a while, the chalkboard is covered with half-erased messages. In the same way you can read the remnants of half-erased messages on a chalkboard, an identity thief can read your information from the erased files on your computer. Consequently, deleting files from the hard drive is not enough.

    Back it up

    The first order of business in disposing of your old computer is to back up the files that you want to keep. Copy any files you will want in the future to a CD ROM, USB drive, external hard drive, or a new computer. Check your owner's manual, the manufacturer's website, or its customer support line for information on how to save data and transfer it to a new computer.

    Wipe out the data

    Utility programs to permanently delete the files on your old hard drive are available online for little or no cost. Additionally, commercial security products often provide file wiping capability as well.

    Some utilities will erase the entire hard drive, others will erase selected files. They also differ in how thoroughly they erase the data: some overwrite the hard drive with random data multiple times, others just once. Consider using a utility that erases and overwrites the data multiple times.

    Alternatively, you can remove the hard drive from your computer and physically destroy it. In fact, this is probably the most effective method of wiping out the data. If you have a hard drive that has "crashed" and is no longer functional, consider giving it a few smacks with a hammer for good measure. Just because you can't get it to work doesn't mean someone else won't.

    Recycle, Donate, or Resell

    Finally, there are a number of ways of disposing of your old computer once your personal information has been removed from it. Older computers may contain a certain amount of hazardous material, so it is best to keep them out of the trash stream. Many manufacturers (and some local communities) provide recycling facilities for computers past their prime. The Environmental Protection Agency (EPA) has information on electronic product recycling programs at www.epa.gov/epaoswer/hazwaste/recycle/ecycling/donate.htm.

    Many local communities have organizations that collect old computers, refurbish them, and donate them to local charities. This option also may provide you with a tax deduction.

    You might also consider selling your old computer online via eBay or Craigslist, or giving it away at www.freecycle.org. Once you have securely removed any sensitive personal information, you can part with it without worrying about identity theft.

  • Malware Avoidance

    What is malware?

    Malware is a general term for software that is meant to cause harm. Computer viruses, spyware, adware, and Trojan horses are all examples of malware. Computer security experts like to compare malware with human diseases (which is why computer viruses are called "viruses" in the first place).


    The purpose of malware can be something as seemingly harmless (yet annoying) as popping up a window to show you unwanted advertising, or as dangerous as snooping on the keystrokes as you type your internet banking password.


    How do computers get malware?


    Computers become infected with malware through a number of mechanisms – sharing files on jump drives or floppy disks, opening suspicious e-mail attachments, or visiting websites that are themselves infected with malware. Additionally, malware can arrive via downloaded files, such as music or videos from a peer-to-peer file sharing networks (such as Kazaa or BitTorrent), or simply by visiting a website that has been hacked and infected. No longer is it a matter of staying away from "bad" websites. Unfortunately any website that is not properly secured can be hacked and infected with malware that could infect your PC.


    How do you avoid getting malware?


    Doctors tell you to avoid getting the flu by washing your hands frequently, avoiding contact with those who are already infected, and by getting immunized. Precautions against getting malware are remarkably similar to trying to stay healthy.


    • The single most important step that you can take to protect your PC is to install and use well-known anti-virus software. Update the virus definitions regularly and scan your computer regularly. Most anti-virus scanners will provide tools to automate these tasks so that they take place when you are not using your computer. This software will help you when you visit a site that has been hacked and infected.
    • Use a software firewall. If you are using Windows XP or Vista, enable the Windows Firewall. If you have a Mac and are running OS X 10.2 or above, enable the built-in firewall.
    • Avoid fake anti-malware. Unfortunately, there are rogue anti-malware vendors that promise to rid your computer of malware, but actually install malware instead, often holding your computer hostage until you pay them. Don't buy anti-malware software advertised in pop-up ads. Legitimate software isn't sold this way. GetNetWise.org (maintained by the Internet Education Foundation) has a list of legitimate security tools (http://security.getnetwise.org/tools/).
    • Don't open suspicious e-mail attachments. Historically e-mail attachments are one of the most popular ways to spread malware. If you don't know what it is, delete it immediately rather than open it.
    • Surf the web carefully. Malware often comes from "dodgy" web sites. Download and install software only from websites you know and trust. Scan any downloaded files for viruses before you open them.

    How will I know if my computer is infected?


    If you have a Mac, your chances of being infected with malware are lower than if you are running Windows, although the incidence of Mac malware is on the rise. Some security experts predict that 2009 will see a large increase in the amount of malware targeted at Macs.


    It is possible that malware will make its existence known through pop-up windows or messages on your screen. If your computer exhibits this sort of behavior, your computer is certainly infected. Otherwise, you should look for the following symptoms


    Programs running slowly, crashing: many types of malware like to piggy-back on other applications, like web browsers, to monitor what they are doing. This can use a lot of your computer's resources, causing it to slow down considerably. On the other hand, some malware is just badly written and can slow down your computer or even crash other applications.


    Suspicious network traffic; slow internet connection: If you are running Windows, press the CTRL, ALT and Delete keys at the same time, then select "Task Manager" from the resulting window. When Task manager opens, click on the Network tab and see if your PC is using the network connection, if it shows more than a few percent usage then this could be evidence of something using your internet connection without your knowledge.


    Anti-virus warnings: Antivirus software cannot be expected to find all malware, but it does detect about 75%. Some malware will attempt to download other malware to do more damage. Antivirus software may detect one of these applications but not both. An anti-virus warning, combined with other signs, is a good indication of an infection, especially if you're not currently browsing the web or copying files.


    What should I do if my computer is infected?

    First, stop banking, shopping, or other online activities that involve sensitive information. Confirm that your anti-virus software is enabled and up-to-date. Scan your computer for viruses. Allow the anti-virus software to do its job, cleaning up and deleting viruses. Some malware is very sophisticated and can be difficult to remove even with the tools mentioned here. If you suspect that your computer is still infected, you may want to contact a professional. Many of the stores that sell computers also have services to repair them; this may be a good place to find assistance.


    There are some helpful, legitimate (and free) resources that can aid in getting your computer healthy again:

  • File Sharing Safety

    Peer-to-peer (P2P) file-sharing networks such as BitTorrent, eDonkey, and Gnutella provide access to a wealth of computer programs, multimedia, and electronic books, but using them can be risky. Not only do you run the risk of breaking the law by downloading copyright protected material, but you open your computer to adware and viruses. You may inadvertently allow someone else to download your private files.


    Know What You Are Getting Into


    Research the file-sharing software you are planning to use. Some P2P clients (the software that runs on your computer) come bundled with adware (which displays pop-up ads) or spyware (which tracks your internet usage) or are infected with other malware, such as viruses and key-loggers. Use well-respected software installed from a reputable source.


    Read the EULA, Terms of Service and Privacy Statement. They may indicate that by installing and using the P2P software, you are agreeing to more than you bargained for. One very popular P2P program, Kazaa, purposefully comes bundled with malware – a fact clearly disclosed in the Terms and Conditions, should anyone bother to read them.


    Understand the copyright risk. Much of the content available on P2P networks is protected by copyright. By downloading copyrighted material, you may find yourself at the receiving end of a lawsuit. Chances are the movie that is still in the theaters you found is a pirated copy.


    Install Antivirus and Antispyware Software


    Using good antivirus and antispyware software is imperative if you are downloading content from a P2P network. A 2006 study at the University of Indiana showed that 68% of software and "ZIP" files downloaded through the popular P2P client, Limewire, contained malware. The same study showed that queries containing movie titles fetched the most malware.


    Before you open or play any downloaded files, scan them with your anti-virus software, and delete any in which malware is detected.


    Keep Your Operating System Up-To-Date

    Many viruses rely on unpatched systems to spread. Configure your computer to update the operating system automatically if possible. Be sure that your antivirus and antispyware software is configured to update automatically as well.


    Limit When You Are Connected


    Many P2P clients continue to share files after you close the application. Moreover, some P2P clients start up automatically every time you turn on your computer. While this is convenient for sharing files, it is safer to share files only when you intend to. Depending on your client, you may have to go to extra effort in order to turn off your connection.


    Limit What You Share


    Ensure that you are only sharing files that you intend to share. Check the configuration of the P2P client to see which files it is sharing, and verify that it is not sharing your personal documents.

    Use a Separate Account


    Consider creating a special account on your computer for file sharing and limiting its rights – specifically removing the right to install software. While it may be inconvenient to log into a different account to share files, the reduced rights of the file sharing account will increase your computer's security.


    Beware of What You Download


    Attackers try to increase the penetration of their malware by advertising it as something popular. That first-run movie or popular computer game is likely to contain a nasty virus. Even if it is what it says it is, you may be laying yourself open to a hefty lawsuit if you download it anyway.

    No matter what you download, ensure that you scan it for viruses and other malware using respected virus detection software before you open it.


    Back Up Your Data


    Back up important files that you would want to keep if your computer crashes. Store them on CDs or DVDs and keep them in a safe place. While this is good advice for everyone with a computer, it goes double for those who participate in file sharing, because of the increased risk to your computer.


    Discuss File Sharing With Household Members


    If anyone else in your household uses your computer, ensure that they understand the risks of P2P file sharing. Keeping your computer free from malware requires cooperation from everyone who uses it.

  • FAQ on Common Security Issues

    Q: Do I have to buy expensive software to clean viruses from my computer?


    A: There are reputable programs available for free on the internet that may meet your needs. Be sure to do your homework prior to installing any software. Verify the software's reputation using software review websites such as Cnet.com, prior to installing the software. Some examples of free anti-virus protection and malware removal are:


    Avast! Home Edition - http://www.avast.com/

    AVG - http://free.avg.com/

    Microsoft Security Essentials - http://www.microsoft.com/Security_Essentials/


    Note: We cannot endorse or recommend any of the above programs. They are listed here only to show examples of what is available.


    Q: Is one anti-virus software program better than another?


    A: Marketing hype aside, all reputable antivirus software does pretty much the same job. Some may be better than others in regards to a particular feature, but any one of them is better than no antivirus software at all. However, there are a number of disreputable antivirus programs that actually do more harm than good. Be wary of any antivirus software that advertizes itself via unsolicited e-mail (spam) or pop-up windows.


    Q: How do I know if my PC is infected?


    A: Infected PCs may exhibit suspicious behavior, such as running more slowly than normal, locking up often, crashing and restarting frequently, or displaying unusual error messages. Or they may exhibit no symptoms at all. Also, the suspicious behavior often shown by infected PCs may be caused by a number of other factors. So while a poorly performing computer should make you suspect that it may be infected, you won't know for sure unless you frequently scan your PC with an antivirus tool.


    Q: Aren't you safe from these threats if you stay away from those shady and unsavory websites?


    A: Your PC could be infected from a number of sources. Viruses can be transferred from PC to PC through the use of a shared USB Flash Drive. There are many instances where a nationally recognized company's website has been compromised and visitors to their site have been infected with malware. The best way to protect yourself is to protect your PC.


    Q: What do I need to do to protect my PC?


    A: While there is no silver bullet that will protect you from every risk, if you take the following precautions, you can significantly reduce your exposure:


    • Install an antivirus program and configure it to update its virus definitions daily.
    • Configure your computer and connection to the internet properly. Some computer systems come with a lot of security enabled by default, but have someone who knows what they're doing check the configuration of your computer and other communications equipment --wireless routers, DSL or cable modems, etc.
    • Turn on automatic software updates. This is a feature of some software which allows it to patch itself with very little effort from you. Make sure it's turned on for your operating system, security software, and any applications that have the option.
    • Be aware of your Internet surroundings. Learn to tell scams from real email, and when not to follow links or open a document. It takes time and practice to develop Internet "street smarts."
    • Perform regular backups. If your system becomes infected with a virus, you may have to reinstall your complete system. Backups ensure you don't lose your data if that becomes necessary.
  • Social Networking Security

    Social networking websites such as Facebook allow you to reconnect with old friends and make new ones. They allow you to share ideas and the events of your life with the people in your network. However, the ease with which people can obtain the personal information you make available can be cause for security concerns. If you use social networking sites, you can protect yourself by following a few simple guidelines.


    Limit your available personal information

    Be wary of making too much personal information available online. Online banking and e-commerce sites frequently use "challenge questions" to help you recover a forgotten password, or for other security purposes. Often, your online profile will contain enough information to answer these questions. If a hacker has access to this information, he may be able to break into your online banking account. In fact, some online quizzes are nothing more than veiled attempts to gather answers to challenge questions.


    Use privacy settings to restrict who can access your information…

    Most social networking websites provide a way to limit what information is available and who can see it. Familiarize yourself with how the privacy settings work, and set them to limit your exposure as much as possible. If your social networking website has no privacy settings, consider taking your online socializing elsewhere.


    … But don't rely on them

    E-commerce websites are held to a higher security standard than most other websites. Social networking sites have a spotty track record when it comes to protecting personal information. Even if your favorite website provides privacy settings, it may not enforce them as well as advertised.


    Vary your password

    Use a password for social networking websites that is different from the ones for your e-mail, e-commerce and financial websites. Ideally, you should use a different password on each website.


    Know who you are "friending"

    Consider refusing friend requests from people you don't know. They may be interested in more than your friendship.


    Beware of following links

    Links sent in messages sometimes lead to websites that distribute malware. Consider the source of the message: is it from someone who never sends you messages? Does the message sound like something your friend would send? If it looks suspicious, ask your friend if they really sent it. If they didn't, their computer may be infected with malware which actually sent you the message.


    Talk to your kids about security

    If you have children, talk to them frequently about how to remain safe online:

    • Help your kids understand what information should be private.
    • Explain that kids should post only information that you – and they – are comfortable with others seeing.
    • Use privacy settings to restrict who can access and post on your child's social networking website.
    • Remind your kids that once they post information online, they can't take it back.
    • Tell your kids to trust their gut if they have suspicions. If they ever feel uncomfortable or threatened by anything online, encourage them to tell you.
    • Consider using the social networking website your kids do, and become part of their network.
  • Keeping Your Laptop from Being Stolen

    The feature we love most about our laptops – mobility – makes them easy targets for thieves. While replacing a stolen laptop can be expensive, the value of the data it contains may well exceed the cost of the laptop itself.

    Here are a few tips to protect your laptop and the information it contains:

    • Treat your laptop like cash. Imagine a stack of money equal to what your laptop is worth. Would you leave that amount of money on a coffee shop table while you refresh your latte? Probably not. Picturing your laptop as a stack of cash will help you to be more vigilant.
    • Keep it locked. No matter where you are using your laptop, attach it to something immovable or to a heavy piece of furniture with a laptop security cable.
    • Encrypt the data. You can protect your personal data even if your laptop does go missing by encrypting the hard disk. There are a number of commercial products available that will prevent your laptop from even starting up without a password.
    • Keep your passwords elsewhere. Leaving your passwords in your laptop carrying case is like leaving the keys in your car. Memorize your passwords or store them securely elsewhere – not in the carrying case or on the laptop itself.
    • Leave your computer bag at home. When you take your laptop on the road, carrying it in a computer case may advertise what's inside. Consider using a suitcase, a padded briefcase or a backpack instead.
    • Don't leave it in the car. Not only is the extreme heat and cold in your car bad for your laptop, but parked cars are a favorite target of laptop thieves. If you must leave your laptop in your car, keep it out of sight by placing it in the trunk.
    • Pay close attention at airport security checkpoints. The chaos and confusion at airport security checkpoints make them perfect for laptop thieves. Additionally, because so many laptops look the same, it is easy to pick up the wrong one on the other side of the screener. Mark your laptop distinctly so that you can easily track it as you go through security. Hold onto it until the person in front of you has gone through the metal detector – and keep an eye out when it emerges on the other side of the screener.
    • Be vigilant in hotels. Try not to leave your laptop out inside your hotel room while you are out. Instead, take it with you or use the safe in your room if there is one.
    • Report it promptly. If your laptop is stolen, report it immediately to the local authorities. If it's your business laptop that's missing, also immediately notify your employer.
  • ATM Safety
  • ID Fraud