- Create a complex passcode for your mobile device. Avoid using personal information (i.e., names and important dates) in your passcode. Do not share your mobile device passcode with anyone
- Enable available security features, such as an auto-wipe feature after excessive password failures or auto-lock after a specified time frame
- Keep your mobile device’s software up-to-date. If your mobile device prompts you to install an operating system or firmware update, review the update and install it as soon as you can to address any identified security vulnerabilities in previous update(s).
- Disable features not actively in use, such as Bluetooth, Wi-Fi, and infrared. Set Bluetooth-enabled devices to “non-discoverable” when Bluetooth is enabled.
- Utilize antivirus software where applicable (i.e., Androids, Windows, etc.).
- Do not root, jailbreak, or otherwise circumvent security controls on your device. Compromised security controls could result in the introduction of malware onto the device.
- When finished with the device, lock it to require a passcode before the device can be used again.
- Download and install mobile applications only from trusted sources authorized by the device manufacturer, such as Apple’s App Store, Google Play, or the Windows Store.
- Enable mobile device features to block mobile application downloads from unknown sources.
- When available, require a passcode to download mobile applications to prevent unauthorized installation.
- Protect yourself from fraudulent mobile applications by watching for these signs:
- Typos, poor image quality, or formatting issues.
- Low number of downloads.
- Negative user reviews.
- Additionally, review other mobile applications created by the app developer to validate the application’s legitimacy.
- If possible, create a passcode on any mobile application you install that may have access to your personal information.
- When finished with a mobile application, always “Sign Out” or “Log Off” rather than just closing it.
Be On Alert
People are trying to steal your personal information. Remember to be on alert for the following types of threats to your mobile financial services.
Phishing is a social engineering tactic used to obtain personal information by masquerading as a trust worthy individual through electronic communications. Some specific types of phishing include spoofing, SMiShing, and vishing.
Unsecured Wireless Networks
If you can access an Internet network without entering a password or network key, unauthorized individuals are also able to do so. If you are on an unsecured wireless network, such as a mobile or WiFi hotspot, do not use your mobile device to transmit sensitive data.
Watch for potentially compromised websites. If the website has a security error or your browser gives you a warning about the site, use caution. If you go to one web address and are redirected to another, close your mobile device’s browser immediately and remember: When in doubt, don’t click.
- Log into the financial institution’s mobile banking site at this web address: INSERT YOUR WEB ADDRESS HERE
- Do not type your mobile banking username and password into a site other than this.
- The financial institution’s website contains direct links to the application. Visit our website at: INSERT YOUR WEB ADDRESS HERE
- Do not download the app from other stores, as they have not been authorized and the application may be compromised.
- Never click on suspicious links in emails, tweets, posts, or online advertising. Links can take you to a different website than their labels indicate. Typing an address in your browser instead of clicking a link in an email is a safer alternative.
- Only submit sensitive information to websites using encryption to ensure your information is protected as it travels across the Internet. Verify the web address begins with "https://" (the "s" is for secure) rather than just "http://". Some browsers also display a closed padlock.
- Do not trust sites with certificate warnings or errors. These messages could be caused by your connection being intercepted or the web server misrepresenting its identity.
- Avoid using public computers or public wireless access points for online banking and other activities involving sensitive information when possible.
- Always "sign out" or "log off" of password protected websites when finished to prevent unauthorized access. Simply closing the browser window may not actually end your session.
- Be cautious of unsolicited phone calls, emails, or texts directing you to a website or requesting information.
General PC Security
- Maintain active and up-to-date antivirus protection provided by a reputable vendor. Schedule regular scans of your computer in addition to real-time scanning.
- Update your software frequently to ensure you have the latest security patches. This includes your computer's operating system and other installed software (e.g. web browsers, Adobe Flash Player, Adobe Reader, Java, Microsoft Office, etc.).
- Automate software updates, when the software supports it, to ensure it's not overlooked.
- If you suspect your computer is infected with malware, discontinue using it for banking, shopping, or other activities involving sensitive information. Use security software and/or professional help to find and remove malware.
- Use firewalls on your local network to add another layer of protection for all the devices that connect through the firewall (e.g. PCs, smart phones, and tablets).
- Require a password to gain access. Log off or lock your computer when not in use.
- Use a cable lock to physically secure laptops when the device is stored in an untrusted location.
- Create a unique password for all the different systems/websites you use. Otherwise, one breach leaves all your accounts vulnerable.
- Never share your password over the phone, in texts, by email, or in person. If you are asked for your password it's probably a scam.
- Use unpredictable passwords with a combination of lowercase letters, capital letters, numbers, and special characters.
- The longer the password, the tougher it is to crack. Use a password with at least 8 characters. Every additional character exponentially strengthens a password. Passphrases are most effective. A pass phrase is a short sentence and generally easier to remember.
- Avoid using obvious passwords such as:
- Names (your name, family member names, business name, user name, etc.)
- Dates (birthdays, anniversaries, etc.)
- Dictionary words
- Choose a password you can remember without writing it down. If you do choose to write it down, store it in a secure location.
To learn more about information security, visit any of the following websites: