Security essentials

Are you safe?

By reading through the list below, you'll be able to get an idea of how well your computer is configured for optimum security.

If you do not understand or have questions about any of the sections or terminology, we strongly recommend you follow the links given below for more information.

1) Use a firewall to protect your computer from hackers

How do they work?

The Internet is simply a network of computers that talk to each other. A firewall allows you to decide which connections between your computer and other computers are allowed and which are denied. So how does it do this?

  • When the firewall identifies someone or something, not previously authorised by you, attempting to access your computer it will alert you to the fact
  • The alert will ask you if you wish to allow access or block access. If you select allow it will become a trusted source and unhindered access will be allowed in the future. If you select block it will prevent access both now and in the future

Things to remember

At the point you decide whether to allow access or not it is important to remember that there are lots of wolves in sheep's clothing out there. Clever people with criminal intentions or simply just too much time on their hands can disguise their computer to look like a legitimate source.

  • If you allow access to your computer from a new source you could leave it wide open to attack
  • Unless you are 100% sure that the requesting computer is legitimate it would be wise to deny
  • If you deny access you can always reverse this decision if you subsequently find it to be ok
  • Reinstating access will be a lot easier than sorting out the mess after your PC has been compromised

Getting a firewall

You can get hold of firewalls direct from the Internet or from your local high street PC supplier.

  • There are a number of free firewall products available on the Internet that will allow you to protect your home computer
  • It is also worth looking at commercial versions which usually come with loads more features and facilities in order to determine which best suits your needs
  • Whatever your choice, once you have a firewall, you must keep it up to date
  • Manufacturers of firewalls will issue periodic updates to maintain and improve the performance of their products so it would be wise to check the manufacturer's site at least once a month for any downloads they may have

2) Set up your system so that the operating system, browsers and software get automatic updates when they are released.

Your browser is the program on your PC that allows you to locate and display web pages. Two of the most popular browsers are Internet Explorer and Firefox.

Why do I need to keep my browser up to date?

  • The browser program can be vulnerable to browser hijack programs that change the default settings
  • For example, if you set as your homepage but every time you click on your browser you are automatically directed to a different homepage then your browser may have been hijacked

How do I keep my browser up to date?

  • Similarly to your operating system you should keep your browser up to date and check with your browser supplier regularly for updates and patches

3) Use an anti-virus software

4) Run an anti-virus scan weekly

5) Regularly update your anti-virus software

What is a virus?

  • In its least unpleasant form the virus may be a simple prank that pops up a message on screen out of the blue
  • More often than not it can cause your PC to crash or be a potential threat to personal information you may hold or input to your PC
  • There are a number of ways your PC could get infected
  • Viruses are usually hidden, sometimes behind images or music you may download, sometimes embedded in Internet sites and sometimes as attachments to e-mails sent to you
  • Because there are so many ways you could get infected, you need up to date anti-virus software so similarly to firewall software it would be wise to check the manufacturer's site for any updates they may have and this should be done at least once a week

How does anti-virus software work?

  • Anti-virus software protects you in two ways,
  • Firstly it identifies malicious programs when they try to infect your PC
  • Secondly it will periodically search your PC for these programs (e.g. when you turn your PC on or when you request a search) when a malicious program is found it isolates it and then deletes it before it can do any harm

Where to get anti-virus software

There are many anti-virus software vendors in the market, many of them will provide you with a free check, some with free versions. Whatever make of anti-virus software you choose it is vital that you do two things:

  • Keep your software up to date. New viruses come out on a daily basis and you need to ensure your anti-virus software is able to identify & deal with them. Updates are usually provided online direct from the vendor. You should check your vendor site at least weekly & preferably more often
  • Scan your PC regularly. You should be able to schedule a regular scan of your PC e.g. 5pm in the evening or each time you switch your PC on. Your vendor will provide you with information on the options available to you and how to set it up (it's normally fairly straightforward)

It would be wise to note that nothing is 100% foolproof and there are a few things you should do in addition to acquiring anti-virus software:

  • Firstly, check out the what to do if… section on this site for useful hints
  • Secondly, make sure you have contact/support numbers for your anti-virus supplier
  • Thirdly, keep back-ups of important files and documents on floppy disc/CD/DVD, but scan your PC before you do this to prevent infected files from being saved

6) Scan your system for spyware or adware on a regular basis

Spyware is a program that secretly gathers information about what you do on your PC and quite often it does this without your knowledge.

  • In its least dangerous form it is known as Adware and it collects information about your Internet habits on behalf of companies
  • The more annoying adware can pop up adverts as you surf

How does spyware and adware work?

  • In its more dangerous form it can act like a 'Trojan', a particularly dangerous program that captures your passwords, credit card numbers and other sensitive information as you type them
  • It will send this information to criminal gangs who will try to use it to defraud you
  • You do not have to be connected to the Internet to be spied upon, but once on the Internet any information gathered can be sent to the person(s)/organisation spying on you
  • Spyware removers search out these programs in the same way as anti-virus and can also block those annoying pop-up adverts

7) Scan all e-mail attachments for viruses

8) Ignore e-mail requesting personal details (such as passwords, account numbers etc)

E-mail formats

There are two standard formats you can accept e-mails in – HTML and Plain text.

  • When e-mail is sent in HTML format you are in fact being sent a web page. Web pages can be manipulated to hide viruses. By opening a mail in this format you could be leaving your PC wide open to attack
  • To prevent this you should only open HTML e-mails when you are sure they are from a trusted source
  • E-mails received in plain text could still harbour a virus in an attached file. Please see e-mail attachments for guidance on what to do
  • If you do choose to accept HTML formatted mails then only accept them from a trusted source
  • Also make sure you have all the latest versions of your operating system, mail reader and anti-virus installed

E-mail attachments

E-mail attachments are the files attached to an e-mail that you have to click to open. Many of the most common computer viruses and other malicious software are spread through e-mail attachments.

  • If a file attached to an e-mail message contains a virus, it's often launched when you open the file attachment (usually by double-clicking the attachment icon)
  • When you receive a mail with an attachment before you open it double check to make sure it is from a trusted source and is also something you would expect to see
  • If it is not from a trusted source, delete it
  • If it looks like it is from a trusted source, but is unusual to have an attachment, delete it
  • It sounds a bit brutal, but it is better to be safe than sorry. Genuine mails can always be re-transmitted by the sender

So here are some tips to avoid becoming a victim:

  • Apart from viruses some e-mails can be dressed up to look like they are from genuine organisations
  • Be very suspicious of these mails if they are requesting personal information such as passwords
  • Be even more suspicious if they contain a link that takes you to a site that looks genuine, but where you are required to input your passwords 'to confirm your security details'
  • No bank or building society will ever ask you to submit such information via e-mail or require you to log-on to 'confirm' your details
  • If you supply the information requested then do not be surprised if your bank account is emptied of substantial amounts of your hard earned cash

Things you should do to stay safe with e-mail:

  • Keep your versions of your operating system (e.g. Windows) and your mail readers (e.g. Outlook) up to date with the latest patches
  • Keep your system clean of viruses and spyware by running the appropriate anti-virus checkers and spyware checkers on a regular basis. Keep those up to date too
  • Never ever open an attachment unless you're positive you know what it is and that you trust the sender
  • Never, ever click on a link in an e-mail message unless you're positive you know where it's going and that you trust the sender
  • Don't believe everything you read in an e-mail. Banks, building societies and online payment systems will not be asking you to verify your account by e-mail - it's probably just a scam to get your credit card number
  • If you receive an e-mail message with an attachment from someone you don't know, delete it immediately
  • If you need to send an e-mail attachment to someone, let them know you'll be sending it so they don't think it's a virus
  • Use spam filters to help block unwanted e-mail, much of which contains dangerous attachments

9) Do not share your Internet Banking sign-on details with anyone

10) Close your secure Internet Banking sessions by signing off when completed

11) Do not send links to your bank web pages to other people in e-mails or documents

While using Internet Banking or any other type of financial site there are a number of points you need to be aware regardless of whether you are signed on at home, work or in a public place such as an Internet Café. We will split this into three parts - starting your session, using your session and finishing your session.

Starting your session

It is important to keep your sign on details safe.

  • Looking over somebody's shoulder as they enter a password is one of the easiest ways of obtaining personal sign-on information
  • You need to be aware of people behind you especially if you are in Internet Café or even using an ATM
  • You also need to be aware of people within earshot if you are a visually impaired user and are using screen reader software to assist with data entry
  • Disable or switch off the option on browsers for storing or retaining user names and passwords. Check your browser help for instructions
  • Because of the increased risk we recommend that you do not access your Internet Banking details from computers situated in public places such as libraries or Internet Cafés
  • If you are using the Internet in a public space, be aware of anyone monitoring you. This includes being filmed by closed circuit television (CCTV) as this can capture personal details

Using your session

The site you are signed in to may be secure, but are you? The following points will help you to stay secure.

  • Never leave your computer unattended while logged in to a Banking or e-commerce site and always logout immediately after you have finished
  • We recommend that when banking online you complete any outstanding transactions and log off before visiting other sites and before turning off the PCs you are using
  • If you forget to sign-off when using the Nationwide UK (Ireland) Internet Bank, Nationwide UK (Ireland) automatically signs you off after 15 minutes of inactivity
  • Select the yellow padlock symbol displayed at the bottom of your browser screen
  • Check that the name on the certificate matches the site you are in and that it has a valid date. To do this right click on a page after signing on and select properties. On the properties pop-up box select certificates. This will return all the details of the security certificate, if it does not be very wary or better still sign off the site and contact the site vendor to confirm the site is valid
  • Never leave your computer unattended while connected to any site you are using, especially if you are shopping or banking online
  • Do not send links to your bank web pages to other people in e-mails or documents

Finishing your session

The caution you have taken when using the Internet could be undone by not closing your session down properly.

  • It's a good idea to clear the temporary Internet files on the computer you are using when you have finished, especially if it is a shared computer or you were using it in a public place
  • The temporary Internet files are all of the web pages you have viewed, and these are held locally on the computer you are using (sometimes referred to as the 'cache')
  • To delete them click on Internet Options, select the general tab and click the delete cookies button
  • If you saved or copied any information from the Internet on to the computer you were working on, delete this information if you were using a public or temporary computer, e.g. in an Internet Café or library. This is especially important if you downloaded any private account information from an online banking service
  • When you have cleared your files, close down the web browser itself
  • Ensure you sign off properly by selecting the 'sign off' button if the site has one
  • If you are disconnected from your banking session, always sign back in immediately then sign off correctly when you have finished ensuring the connection closes properly, before disconnecting and leaving your computer

back to top