Making Secure Transactions Away from Home
In today's increasingly connected world, we may need or want to use a computer away from our home. As any traveler can attest, computer kiosks are in every airport and in many coffee shops. Wireless networks are also everywhere, many of them free or available for a small fee. This proliferation of computers and networks makes it very easy to check your email, chat with friends, or even balance your checkbook from just about anywhere.
That being said, a fundamental question should be lurking in the back of your mind as you reach for the mouse on one of these machines. "Can someone steal my information if I use this computer?"
The answer is "YES!"
Since you cannot know what software or hardware has been installed on these computers, it is impossible to be 100% sure that someone has not installed something that will capture your username and password or your account information. Any computer that you do not own or control should be treated as if it is infected with viruses and other malicious programs and should never be trusted. Only use a computer other than your own in the direst of circumstances.
But I really need to check my email! What do I do?
If you need to check your email on a routine basis when away from home, it is recommended that you purchase a PDA type device with wireless network access or a laptop and use that device to read your email. Because you have control over the software installed on the device, you can have a greater level of assurance that someone is not stealing your information.
If you find yourself in a bind and really have to check your email, take these precautions:
- If possible, use a friend's or relative's computer. While there is still a risk of compromise, it is much less than using a strange public computer. Just ensure they have followed the same guidelines (see the "Home Computer Tips" course) on protecting their home computer.
- If you must use a kiosk, use a secure login to your email accounts. This is any login that creates the small lock icon on the corner of the screen when you login. The lock indicates that you have obtained Secure Socket Layer (SSL) encryption. While this should stop someone from reading your username and password from over the network, it will not stop key loggers. Collectively, key loggers are special hardware and software designed to record every keystroke and copy your passwords as you type them.
- As soon as possible, use your trusted home computer to change the password on any accounts that you accessed away from home. Even if you think you can trust the computer you used, it is always a good idea to change your passwords (see the "Passwords" course), just to be safe.
- Lastly, monitor those accounts for unauthorized access over the next few weeks. You can do this by checking the daily transactions to ensure that only legitimate activity has occurred.
You should NOT check any financial accounts from an unknown computer. You should also avoid accessing any system that contains sensitive personal information. The threat here is not only someone stealing the information via software or hardware, but someone may also be able to see over your shoulder, either in person or via a security camera. Simply displaying your personal information on the screen could lead to it being stolen.
Even if you are using your trusted PDA or laptop, you should ALWAYS use SSL encryption whenever possible. Before entering any login or password information, always check to see if the site you're accessing provides an encrypted means of login. Typically the site will have a statement similar to "Secure Login" or "Login over SSL". Using the encrypted login at least ensures that the connection between the two computers is protected from eavesdropping.
These helpful tips are provided by Digital Defense, Inc., a computer security company working with your credit union as a responsible member of the community to help insure the privacy and security of our nation's financial information.