Online Security Awareness - UAE Exchange - Foreign Exchange Send Money UAE Exchange

Transcription

1 The responsibility of safeguarding your personal information starts with you. Your information is critical and it must be protected from unauthorised disclosure, modification or destruction. Here we are describing information security concepts and define steps to safeguard information. Firewalls If you computer / tablet / mobile phone is connecting to the Internet, then it should utilize a software firewall. It creates a barrier between the Internet and your computer. Firewalls should be configured to prevent unauthorised people from accessing the computer for personal or sensitive information. A periodic check needs to be done on the firewall manufacturer s website for updates. Patching There are scrupulous elements, which are constantly on the job of finding loop holes in the security of your computer software. These people try to infect your computer with a virus, spyware etc. When these issues are discovered, your software vendor corrects the problem with a fix or a patch. This patch should be applied at the earliest as the intruders can clear your system off its information in just a few days. Malicious Code Protection Malicious code can come in any form including virus, worm, Trojan etc. It can camouflage as an infected web page or as a downloadable game, screen saver or an attachment, which you unintentionally click and activate. So, unknown attachments from unknown senders should not be opened. Computer viruses are programmes that multiply, spread or self-replicate. All they need is an interaction with someone for activation. The virus can arrive in the form of an message as an attachment. It can be activated by clicking open an attachment, mail or by visiting a dubious website. The viruses could take over storage space or cause disturbance in screen displays, while some others steal or destroy information. If any computer is infected by a virus, the information on the hard drive may be lost or compromised. The virus can also spread to other machines, which share the information that you access. 1 / 5

2 Worms are similar to viruses because they multiply through self replication. The difference is that they do not require any sort of interaction from the user for activation. They multiply due to loop-holes in the software. Trojans, which are also called backdoors, are malicious code. They are probably trickiest of all, as they enter your system hidden in legitimate programmes. They perform unauthorized activity, when you activate those legitimate programmes. The activity that the Trojans can initiate could range from stealing your passwords and credit card information to enabling someone else in a remote location to take control of your computer. The attack on a website, which floods it with requests, forcing regular services to be either slow or interrupted is called a denial-of-service attack. Sometimes, a group of compromised desktops are combined remotely, to attack a system. Spyware gets downloaded from web pages or gets installed with freeware without your knowledge. It tracks your activity on internet, records your passwords and personal information to send to a malicious website. messages that contain offers of free money, dire warnings or resemble chain letters are called Hoax. Whenever you receive a hoax via , simply delete it. Hoaxes not only slow down the servers but also could act as a cover for a hidden worm or virus. If you observe some erratic behavior in your computer behaves, then be cautioned that it could be act of the viruses. Run a full scan after disconnecting the PC from the Internet. You are then advised to contact your computer support representative in case the infection seems serious. How to protect your system and the information in it? 1. Ensure that the anti-virus software is updated on a weekly basis. New, fast spreading infections appear every day. 2. Scan the software for viruses before using it, no matter where you purchased it from. In 2 / 5

3 case you don t have a virus scanner seek help from your computer support representative. 3. Write Protect CDs, USBs, diskettes etc., to prevent infection. 4. Avoid loading free software on your system from unknown sources. 5. It is advisable to block extensions like.bat,.cmd,.com,.exe,.msi,.pif,.scr, or.zip. You can use content-filtering software for the same. 6. It is advisable to create separate accounts with restricted privileges. Read and browse internet with the restricted account as viruses need administrator privileges to infect a PC. 7. Exercise caution while considering unsolicited attachments, even from known sources. Every suspicious with web-link or attachment should be verified with the source before opening. 8. Be careful with file and music sharing services as you could inadvertently share files without your intention. The files that you download from these services could contain malicious code or other viruses. 9. In case of an infection, depending on the seriousness, you would have to re-install the operating system. Phishing Phishing is a kind of scam in which an unsolicited or pop-up message directs you to click on a link. That click could take you to a malicious web site, which prompts for personal information like PIN number, social security number, bank account number or credit card number. These websites may seem very authentic. However, they are not legitimate. A successful phishing scam can access personal accounts and other sensitive information. UAE Exchange will NEVER ask you to provide, confirm, or update account or personal information via or pop-up message. If you receive such a mail then consider it as a phishing attempt. Please do not click on the link, because it could download malicious software to your computer. is NOT Secure Information is transferred in plain text through public routers and mail servers, unless the is encrypted. It is advisable not to include sensitive information like account number, password, and social security number, in an unencrypted form while sending them in an . 3 / 5

4 Passwords/PINs Your user ID links you to your actions on the system in the virtual space. It is your identity and is authenticated by your password/pin. Please take every measure required to protect your ID and password. Remember you are held responsible for any action taken with your ID and password/pin. Best practices 1. Change your password/pin periodically and do not use your earlier passwords. 2. Avoid using the same password for all your accounts. NEVER share your password with ANYONE. 3. AutoComplete feature found in popular browsers might be convenient. But it can also be dangerous in terms of security risk if the entries memorised happen to be your security answers or passwords. This feature and other password managing services are vulnerable to theft of sensitive information, if you are not the only person to access to the computer. Eg: Work place, internet cafes etc. 4. Maintain long and complex passwords with eight or more characters. Ideally it should be a password that s easy to remember but hard to guess. It should be a good mix of numbers, letters and special characters. For example, using first letters of the sentences in a popular song or poem, like The big Red fox jumped over the Fence to get the hen! becomes TbRfjotF2gth!. 5. Change your password immediately if you feel that it has been compromised. Social Engineering Gaining access to the system or information through misrepresentation is known as Social Engineering. In this process people are manipulated to obtain information without their knowledge through impersonation using telephone, in person or through . They are enticed through s to open an attachment, which activates a virus into their system. 1. Whenever a caller solicits information through telephone, please check if the individual is authorised to receive it before sharing. UAE Exchange will NEVER call and ask for your username and/or password. 4 / 5

5 2. When an lands in your inbox with an unusual attachment, please verify if it is from someone you know, ensure your anti-virus software is active and that the message in the is relevant to you. If any of the questions creates a doubt in your mind then the attachment may contain a virus. Just delete it. 5 / 5