SECURITY EVANGELIST

We use computers to pay bills, shop online, chat and even keep in touch with friends on social media platforms. You might not realize it, but this makes us vulnerable.

Because we willingly broadcast over the Internet valuable details, such as our credit card information or bank account credentials – information usually needed by cyber criminals – we can never be too careful when securing our financial transactions or personal information.

A 2016 report from the PricewaterhouseCoopers indicates that cyber crime is the “2nd most reported economic crime, affecting 32% of organisations.” And the same study reveals another cause for concern, apart from the economic impact:

The insidious nature of this threat is such that of the 56% who say they are not victims, many have likely been compromised without knowing it.

The data clearly shows that cybercrime affects individuals and global economic growth. Cyber attacks on financial institutions or with financial consequences for users like you and me are putting financial assets at risk. Consequently, financial data protection should be a strong concern for anyone.

So is there a way to for our online activities to remain private and safe from cybercriminals? 

Definitely! Here are a few best practices that will keep your system protected:

 

1. Check the link before you click it



Pay attention to the links you want to access. To make sure you are not deceived, simply hover the mouse cursor over the link to see if you are directed to a legitimate location.

If you were supposed to reach your favorite news website, such as “www.cnn.com”, but the link indicates “hfieo88.net“, then you should resist the urge of clicking the link. Hyperlinking is a common practice in phishing attacks and it’s always best to double check embedded URLs.

Most of us use shortening services for their links, such as goo.gl or tinyurl. But in some cases an unknown link may send you to a malicious site that can install malware on the system. So, how can you know where you’ll arrive if you click it?

URL shortening services like bitly, tinyurl, goo.gl etc are used extensively to save people typing out long URLs. However, it is impossible to know exactly where these links point to. In some cases, they can trick people into going to malicious sites that may install malware on your computer. – See more at: http://redirectdetective.com/about.html#sthash.ahh9NZUJ.dpuf
URL shortening services like bitly, tinyurl, goo.gl etc are used extensively to save people typing out long URLs. However, it is impossible to know exactly where these links point to. In some cases, they can trick people into going to malicious sites that may install malware on your computer. – See more at: http://redirectdetective.com/about.html#sthash.ahh9NZUJ.dpuf

To make sure you are about to access the right online destination, use a free tool such as Redirect Detective. This tool will allow you to see the complete path of a redirected link.

Redirect Detective
Redirect Detective

Alternatively, you can also check the suspicious links using a reliable URL checker, such as VirusTotal.

Virus Total URL Scanner

 

2. Check the file before you click it



We all know malware is everywhere. But how can we make sure a file (or an executable file) we just downloaded is what it’s pretending to be? Can we tell the difference between a safe file and a malicious one?

An important step for everyone is to use a browser which integrates a reputation-based technology. This technology uses a cloud scoring system to analyze each application downloaded and where it comes from. As a result of the analysis, websites that distribute malicious software – not yet detected by existing defense mechanisms – are more easily blocked. For more details, you can access the following article.

To make sure you are not running a malicious executable file (which may download a Trojan virus on your system), use VirusTotal, which analyzes suspicious files on multiple antivirus solutions.

Virus Total File Scanner


3. Use secure websites to run financial transactions



Financial operations and transactions should be given high scrutiny, as they hold the key for cyber criminals to cashing out your life’s savings.

Here’s how to make sure you visit a secure website:

  1. Look to the left of the web address and find the “Lock” icon. This indicates that you are visiting an encrypted and/or a verified website.
  2. Make sure the web address starts with “https://”. The “s” comes from “secure socket layer” and it indicates you are connected to a website where data, which is sent and received, is encrypted.

https on the heimdal security website

4. Set strong passwords for your accounts



Your passwords should contain around 20 characters. Don’t forget to combine upper and lowercase letters, numbers, and symbols. Don’t use the same password for all your accounts. Make a habit of changing your main passwords every 30 days. Even if you are hacked, having different passwords for each account will help you limit a potential loss.

For more information on how to set strong passwords and manage them safely, see our step by step guide on password security. This includes details on how to use a strong and secure password manager like LastPass or Sticky Password.

LastPass Password Generator

 

5. Use two-factor authentication



This is one of the best ways to ensure your online accounts or your email inbox are not accessed by anyone else but you.

This option means that, besides entering your credentials, you will be required to enter a one-time code sent to your phone. Use this method to protect confidential information from social media accounts, such as Facebook, Twitter or valuable data from email accounts.

google two step authentication

6. Log out



As soon as you’re done with financial operations on your e-banking platform, don’t just close the web browser, but always log out.

We recommend you also use a virtual browser for your financial operations (usually sandboxed) that’s designed to keep your online banking secure. You can find here some recommendations for free browser protection tools.

Private browsing sessions are also recommended if you want to prevent authentication credentials (or cookies) from being stored.

private browsing firefox

7. Don’t reply to unknown emails



Don’t reply to emails that offer an unexpected present or prompt you to update your security information.

It is a classic phishing scheme through which you are tricked into sending personal details, such as credit card information or personal data. If you’re not sure whether the email is from your bank or not, simply contact the bank directly for more information.

Bank Phishing Scam Email

 

8. Use official banking apps



If you want to manage financial transactions on your mobile, install the official mobile application of your bank. To make sure you have the right application, contact your bank directly or access their official website.

mobile banking

 

9. Don’t post private information on social media account



Exposing personal details may lead hackers into finding your financial information. For the same reason, check your kids’ social media behavior to make sure they won’t expose private information that may possibly be used against you, in phishing attacks.

Debit Card Twitter Oversharing

 

10. Don’t access questionable web locations



Don’t access or download content from unknown or controversial locations. Access websites that proved to be safe and you know you can trust.

Nevertheless, this is not a guarantee that you won’t get infected.Nowadays, cybercriminals exploit vulnerabilities in legitimate websites and inject malicious code, as to perform drive-by attacks on unsuspecting visitors. It may be a free screen saver or a browser toolbar that may infect you with a keylogger that can record and send your personal data to cybercriminals.

To make sure your system is protected and your credentials are not exposed, install a security product, such as Heimdal PRO, which can detect and stop malicious hackers from stealing valuable information from your system.

11. Use a good antivirus program



It is important to use a reliable antivirus solution on your system, one that includes real-time scanning, an automatic update (to stay clean even against the latest threats) and a firewall, which monitors and guards your network activity.

To choose the best solution, access the antivirus test results run by established names in the security industry, such as AV Comparatives, PC Magazine, AV-TEST or Virus Bulletin and select the best security solution for your system.

av comparatives

We have to mention now that a traditional security solution can hardly protect you against the advanced financial malware created to steal your private data and confidential information. To protect you against the most dangerous credential-stealing threats, such as Zeus Gameover (P2P) and Cryptolocker, you need security solutions designed to address these threats.

 

12. Use  a dedicated security solution against financial malware



Install a security solution designed to protect your system from financial malware and phishing attempts.

By employing advanced anti-phishing and anti-malware technologies, Heimdal PRO has been designed to detect and block phishing sites and malicious servers from stealing your sensitive information. It can shield your PC from a man-in-the-browser attacks, detect Zero Day exploits and prevent data loss or network infections.

heimdal PRO homescreen

Heimdal offers another layer of security that normal antivirus products cannot provide.

To improve the financial control of your online banking account, you can set banking alerts to track your account activity. To set a tracking alert for your bank account, contact your bank directly for more information.

13. Don’t be vulnerable. Update your software.



Cyber security experts always advise to keep your operating system, web browser and the main software applications you use up to date by installing the latest security patches. The updates are mainly released to cover security breaches. Unless you keep your software updated, you will be exposed to the latest threats.

Better yet, use a free product to take care of your software updates and just kick back. This will secure your system by installing the latest security updates and patches for the software such as:

  • Java
  • Adobe Shockwave
  • Adobe Flash (plug-in/player)
  • Adobe Acrobat reader
  • Quicktime
  • Google Chrome
  • Mozilla Firefox
  • Internet Explorer
  • CCleaner and more.


 14. Back it up



Even if the steps above will keep you safe from IT criminals and malicious software, there may still be hardware issues that could endanger your valuable data. To make sure your private information stays safe, we recommend using a twofold strategy, which should include combining an external hard drive usage with an online backup service.

Before jumping to the list of available online backup services below, we have to point out the necessity to select one which provides:

  • stability (so look for a big company name)
  • ease of use (so you won’t have a headache backing up from files)
  • the possibility to synchronize your files with the online backup servers/li>
  • some sort of security, such as encryption capabilities.

Online Backup

Check out our data backup guide for a free plan to start making copies of your digital assets so you can keep it safe from harm.

15. Use common sense



The steps we presented are just general guidelines and cannot guarantee total protection from all the malware out there. Use common sense if you want to access random websites, run online games or purchase from online locations you didn’t use before.


Instead of a conclusion



Our own reports from 2013 suggest that financial malware was responsible for more than 55% of the cases where corporations lost valuable information, while only 25% of data theft malware was detected by traditional antivirus software.

Low detection rates are caused by polymorphism, which means that malware is able to constantly change behavior and attack methods. The problem of data theft is growing, because data theft is no longer targeting a single PC, but the entire network by spreading from one computer to another.

At the beginning of June 2014, Operation Tovar was launched, in an international joint effort between multiple countries and major law agencies, such as U.S. Department of Justice, Europol, the FBI and the U.K. National Crime Agency to detect and stop these type of attacks.

Therefore, we are not alone in this fight against financial malware. Using a security solution is a must and we should combine traditional protection methods – signature based antivirus programs – with advanced detection technologies – to protect against polymorphic financial malware.

Do you have any other favorite tips, tools or recommendations in order to maximize your financial data security?

This article was originally published by Aurelian Neagu in 2014. It was updated in April 2016 by Andra Zaharia.

Comments

[…] you’re unsure whether you’re protected against Dridex, this guide on maximizing your financial data security might be just what you […]

[…] and aggravating type of malware. Fortunately, it’s not as severe as a ransomware attack or financial malware, but if you don’t take it seriously, it might snowball into a much more serious […]

[…] of security for the traditional antivirus solutions and it’s just one way you can strengthen your financial […]

[…] but it’s not as difficult as it may seem either. If you’re willing to invest a bit of your time, we have just the resource to guide your […]

Great..!
Thanks for the awesome guide. Business owners should take care of their online security.

Engelbert Humperdinck on December 3, 2016 at 9:34 pm

What about using a live Linux CD for online banking and other sensitive tasks?

Linux is a lot safer than others, but it’s not impenetrable to attacks. That’s why you should still have antivirus installed and follow the steps outlined in this guide.

[…] Learn how to protect your online bank account: 15 Steps to Maximize your Financial Data Protection […]

[…] to protect you from financial malware and we provided an article on how you can improve your financial protection. We presented the main online scams that can be used against you and how to recognize a malware […]

These steps really need to follow nowdays to get secure from any kind of anonymous. Mostly issues are coming through mails, so there should be an Antivirus needed that secure email too. Thanks for sharing these informative steps.
Fried.com

[…] EV SSL is a confirmed identity robbery, malware and phishing scams, was helpful for the best security. People VeriSign EV SSL and will practice a rush of online transactions. Each Website in the search fallout, well again visibility, and the cost- click during will assist you in case of VeriSign seal VeriSign SSL Certificates can explore. This stamp of belief, malicious code, in case you overlook, you and your website, boost client self-assurance in the financial system is checked. […]

[…] But there are also solutions to keeping your data and money protected. […]

[…] about protecting your customers’ data from outside abuse on user account level, I would recommend using 2-step verification on all user accounts. In terms of your data center make sure you split up your data, thus ensuring […]

Practical commentary – I am thankful for
the specifics . Does someone know if I might obtain a fillable a form
document to edit ?

Hi Lynsey Zabel , my work colleague filled out a template OPM OF-306 form using this http://goo.gl/AeIMts

[…] Also, keep in mind that financial malware uses the most advanced tactics and tools to spread infections, which is a very important reason for you to learn how to maximize your financial protection. […]

[…] this Financial Data Protection guide at hand at all times and apply the recommendations we put together. It will help you conduct […]

[…] in mind these 15 Steps to Maximize your Financial Data Protection that you can apply to conduct financial transactions with peace of mind when such a situation is […]

[…] on how you can protect you financial data against Dridex and other threats, please read this security guide. Title image courtesy of […]

[…] need an additional layer of protection – a first line of defense. And you could also find this financial security guide […]

[…] For more information on how to maximize your financial data protection, check out this article. […]

or better yet, create a stronger password! i made mine with passwordturtle.com . they make you passwords from common english phrases so theyre easy to remember and secure. i highly recommend them.

[…] We can never be too careful when securing our online financial data. Here are a few best practices that will keep your system protected.  […]

[…] make sure your system is protected from financial malware, follow these steps and make sure you are using a specialized security solution against data stealing malware, like […]

This is a marketing blog, not a security blog. Nowhere close to a useful blog. Nowhereclose to a quality security blog. this is coming from the former director of technical education as ESET. I am no longer affiliated with any security product vendor.

Re: #1 Almost all of the parts that are not inaccurate are not actionable by the average user. Many users do not even know what a URL means. Redirects are not uncommon in legitimate websites. People, including security experts rarely validate all links. You train against the payload, not the bait.

Re: #2 Nothing makes sure a file is not malicious. VirusTotal can help, but there is no 100% and newer malware is designed to evade detection. Using a browser with strong application reputation is extremely helpful in protecting users and does not require users to remember processes they won’t.

Re: #3 The lock alone does not indicate a verified website. There is another component to verificaton. An encrypted website does not be a safe web site. Banking, social networking, email, and any site in which a password, CHALLENGE question, or other site where personal information is entered. The “s” in https most certainly DOES NOT stand for “secure” it stands for “secure sockets layer.” It does not mean secure website at all. I means data you are sending and receiving is encrypted.

Re #4 10- characters is ridiculously weak. A 10 character password has not been strong for many, many years. Even the site you link to has some good advice, but can be significantly improved on. 2 random word is seriously insecure, unless they are both very long words, and even then there are far better ways to make memorable passwords. “1memorable_password!” uses 3 character sets, is long, and is easy to remember. there a tons of different iterations of this.

Using LastPass is great advice, but your picture is poor and “use a strong password falls seriously short of what needs to be explained. Why do you not have the password length set to 20 or 30? You aren’t remembering the password, that’s what LastPass is for. You may as well use exceptionally strong passwords if they are just as easy to use as a weak password. Seriously, how obvious is that?

Your password manager, in this case LastPass is all of your eggs in one basket. This is fine in this case if you use and extremely strong password and don’t tell anyone what it is. 20 characters would be a bare minimum. nothing less. Uppercase, lowercase numbers and special characters are important in this case. Don’t use this exact password, but here is an example of a long, strong, easy to remember password “My wife & I 8 @ 6PM last night”, or how about “I was born a pieces in 1982!”
This may not have a special character, unless you do use quote marks, but the length makes it magnitudes stronger than any 16 character password can be. Your master password must be incredibly strong. It Is a bad idea to set LastPass to remember your password. Write it down several times for several days to significantly improve memorization, bu destroy the paper immediately. Write it down and keep a copy of it in a secure location. If you forget the password and cannot retrieve it, you lose the passwords. finally, do not share the password with anyone.

Your advice, whi;e good was insufficient to help most people and missed the rally easy way to use LastPass to create much more secure passwords.

re #5 This one is ok as it stands.

re #6 Non-actionable for most users. Great, but users need to remember that they must run the browser outside of the sandbox to update many apps. If they do not, then when they delete the contents of the sandbox, which must be done for security, Their broiwser and some other apps will need to be updated again, and if they use the browser outside of the sandbox it will not have been updated if the updating was done in the Sandbox. As the author of the article on SandboxIE points out, it does not stop key-loggers and should be emptied often. The sandbox should be emptied BEFORE using a bank, email or any site requiring a login. The free version does not automatically launch the browser in the sandbox, so users must remember each time.

re #7 Way too simplistic. Virtually useless information. Phishing attacks look like known emails. Hint, it isn’t the email, it’s the destination.

re #8 Malicious banking apps masquerade as official bank apps. This is another piece of advice that needs its own lesson.

re #9 Yet another useless tip. Facebook, etc. is all about posting personal information. Don’t post financial information, such as any credit card details, social security numbers (which alone aren’t of much use and are public information). More importantly learning to use privacy settings offers far more protection against accidental information disclosures, but for that to work you can’t accept random people as friends.

re #10 Your advise was seriously lacking to the point of uselessness. Controversial is too broad a spectrum and eliminates many news sites. If you want to say “unknown websites or sites that proved to be safe and you know you can trust, then stay away from this site. You have probably never heard of it, and probably don’t know if you can trust it. If you have gotten this far you know that the security advice in the propaganda is seriously weak.

re #11 Do not rely upon one test organization alone. Do note rely upon one or two tests alone. Look as a significant track record. Would you buy a stock based on how it did yesterday? Last month? Track records take time and are important. Good advice here, but no useful information to properly implement it.

re #12 Too vague. Users constantly fall for malicious programs that pretend to be dedicated financial security programs. Set eAlerts to notify you about every transaction, including your own. You can specify a level such as if the transaction is more than $10, $20, $100. the higher the amount the less annoying, the lower the amount the more secure. This is an essential step in addition to security software.

re #13. See the caveat about SandboxIe. installing your solution while in a sand box doesn’t help much. Compare update solutions.

re #14 Great advice, but be careful. Many free solutions do not back up some items or you have to manually add them to the back up. Backing up is essential. You pictures, documents and entire PC can be held hostage by some malicious programs (most people call viruses). Backing iup to hard drive is not as effective if the hard drive remains attached to the system after backing up.

re #15 Use common sense is far too vague for the average user. Common sense in the context of the Internet and smart phone has to be taught. This article is a really poor start.

re #15

Leave a Reply

Your email address will not be published. Required fields are marked *

GO TO TOP