Cybersecurity and You Booklet en

Download as pdf or txt
Download as pdf or txt
You are on page 1of 11

Cybersecurity and You

Contents

4 Cybersecurity

6 Your cybersecurity checklist


A few reminders to keep your
computers and money safe from
online criminals

8 
Personal cybersecurity
at a glance

10 
Business cybersecurity
at a glance

18 Notes

2/20 Cybersecurity and You Cybersecurity and You 3/20


Cybersecurity

At Credit Suisse, the security of your information is


always a priority. We are committed to maintaining the
security of our systems, software, networks and other
technology assets against attempts by unauthorized
parties to access or destroy confidential data, disrupt
our services or cause other damage.

We have employees around the globe focusing


on our cybersecurity efforts, including working with
our regulators, law enforcement agencies and other
businesses to maintain our defenses and enhance
our resilience to threats.

Technology is rapidly evolving in a world driven by social


networks, online transactions, cloud computing, and
automated processes. But with technological evolution
comes the progress of cybercrime, which continually
develops new attack types, tools and techniques that
allow these criminals to penetrate more complex or well-
controlled environments, and produce increased damage
and even remain untraceable.

For you, the Internet is quite possibly an integral


part of everything you do; as a result, cybercrime is
a growing and serious threat. Therefore it is essential
that all of us consciously make fraud prevention part
of our daily activities.

This booklet aims to remind you how to protect


yourself, your assets and your personal information
from online criminals.

4/20 Cybersecurity and You Cybersecurity and You 5/20


Your cybersecurity checklist
A few reminders to keep your computers
and money safe from online criminals

1. Have computer security programs 2. Be smart about where and how you 3. G
 et to know standard Internet 4. Ignore unsolicited emails asking you
running and regularly updated to connect to the Internet for banking safety features. to open an attachment or click on a
look for the latest threats. or other communications involving Install anti-virus software to protect link if you’re not sure who truly sent
Install anti-virus software to protect sensitive personal information. against malware (malicious software) it and why.
against malware (malicious software) Public Wi-Fi networks and computers at that can steal information such as Cybercriminals are good at creating fake
that can steal information such as places such as libraries or hotel business account numbers and passwords, and emails that look legitimate, but can install
account numbers and passwords, and centers can be risky if they don’t have use a firewall to prevent unauthorized malware. Your best bet is to either ignore
use a firewall to prevent unauthorized up-to-date security software. access to your computer. unsolicited requests to open attachments
access to your computer. or files or to independently verify that the
supposed source actually sent the email to
you by making contact using a published
email address or telephone number.

5. B
 e suspicious if someone contacts 6. Use the most secure process you can
you unexpectedly online and asks when logging into financial accounts.
for your personal information. Create “strong” passwords that are hard
A safe strategy is to ignore unsolicited to guess, change them regularly, and try
requests for information, no matter how not to use the same passwords or PINs
legitimate they appear, especially if they (personal identification numbers) for
ask for information such as a Social several accounts.
Security number, bank account numbers
and passwords.

7. B
 e discreet when using social 8. Be careful when using
networking sites. smartphones and tablets.
Criminals comb those sites looking Don’t leave your mobile device unattended
for information such as someone’s and use a device password or other method
place of birth, mother’s maiden name to control access if it’s stolen or lost.
or a pet’s name, in case those details
can help them guess or reset passwords
for online accounts.

6/20 Cybersecurity and You Cybersecurity and You 7/20


Personal cybersecurity at a glance

Protect your computer. Install software from the computer. To learn about additional name, and other information that can help
that protects against malware, or malicious safety steps, review your web browser’s them figure out passwords—or how to reset
software, which can access a computer user instructions. them. Don’t share your ‘page’ or access
system without your consent to steal to your information with anyone you don’t
passwords or account numbers. Also, use Be suspicious of unsolicited e-mails know and trust. Cyber criminals may pretend
a firewall to prevent unauthorized access to asking you to click on a link, download an to be your ‘friend’ to convince you to send
your PC. While protection options vary, make attachment, or provide account information. money or divulge personal information.
sure the settings allow for automatic updates. It’s easy for cyber criminals to copy the
logo of a reputable company or organization Take precautions with your tablet or
Use the strongest method available into a phishing email. When responding smartphone. Consider opting for automatic
to log into financial accounts. Use the to a simple request, you may be installing updates for your device’s operating system
strongest authentication offered, especially malware. Your safest strategy is to ignore and “apps” (applications) when they become
for high-risk transactions. Use passwords that unsolicited requests, no matter how available to help reduce your vulnerability to
are difficult to guess and keep them secret. legitimate or enticing they appear software problems. Never leave your mobile
Create “strong” user IDs and passwords for device unattended and use a password or
your computers, mobile devices, and online Be careful where and how you connect other security feature to restrict access in
accounts by using combinations of upper- to the Internet. Only access the Internet case your device is lost or stolen. Make
and lower-case letters, numbers, and symbols for banking or for other activities that involve sure you enable the “time-out” or “autolock”
that are hard to guess and then change them personal information using your own laptop feature that secures your mobile device when
regularly. Although using the same password or mobile device through a known, trusted, it is left unused for a certain period of time.
or PIN for several accounts can be tempting, and secure connection. A public computer, Research any app before downloading it.
doing so means a criminal who obtains one such as at a hotel business center or public
password or PIN can log in to other accounts. library, and free Wi-Fi networks are not
necessarily secure. It can be relatively easy
Understand Internet safety features. for cyber criminals to intercept the Internet
You can have greater confidence that a traffic in these locations.
website is authentic and that it encrypts
(scrambles) your information during Be careful when using social
transmission if the web address starts networking sites. Cyber criminals use
with “https://.” Also, ensure that you are social networking sites to gather details
logged out of financial accounts when you about individuals, such as their place or date
complete your transactions or walk away of birth, a pet’s name, their mother’s maiden

8/20 Cybersecurity and You Cybersecurity and You 9/20


Business cybersecurity at a glance

Protect computers and networks. Install Require strong authentication. Ensure Control access to data and computers Teach employees the basics. Establish
security and antivirus software that protects that employees and other users connecting and create user accounts for each security practices and policies for employees,
against malware, or malicious software, to your network use strong user IDs and employee. Take measures to limit access such as appropriate Internet usage guidelines,
which can access a computer system passwords for computers, mobile devices, or use of business computers to authorized and set expectations and consequences
without the owner’s consent for a variety and online accounts by using combinations individuals. Lock up laptops when not in for policy violations. Establish a top-down
of uses, including theft of information. of upper- and lower-case letters, numbers, use as they can be easily stolen or lost. corporate culture that stresses the importance
Also, use a firewall to prevent unauthorized and symbols that are hard to guess and Require each employee to have a separate of strong cybersecurity, especially when it
access. Protection options vary, so find changed regularly. Consider implementing user account and prohibit employees from comes to handling and protecting customer
one that is right for the size and complexity multi-factor authentication that requires sharing accounts. Only give employees information and other vital data. Ensure that
of your business. Update the software, as additional information beyond a password to access to the specific data systems they all employees know how to identify and report
appropriate, to keep it current. For example, gain access. Check with vendors that handle need to do their jobs, and don’t let them potential security incidents. Train employees
set antivirus software to run a scan after sensitive data to see if they offer multi- install software without permission. Also, to be careful where and how they connect
each update. If you use a wireless factor authentication to access systems make sure that only employees who need to the Internet. Employees and third parties
(Wi-Fi) network, make sure it is secure or accounts. administrative privileges, such as IT staff should only connect to your network using
and encrypted. Protect access to the and key personnel, have them and regularly a trusted and secure connection. Public
router by using strong passwords. review their ongoing need for access. computers, such as at an Internet café, hotel
business center or public library, may not
be secure. Also, your employees shouldn’t
connect to your business’s network if they
are unsure about the wireless connection
they are using, as is the case with many free
Wi-Fi networks at public “hotspots.” It can be
relatively easy for cyber criminals to intercept
the Internet traffic in these locations.

Train employees about the dangers


of suspicious emails. Employees need
to be suspicious of unsolicited e-mails
asking them to click on a link, open an
attachment, or provide account information.
It’s easy for cyber criminals to copy a
reputable company’s or organization’s
logo into a phishing e-mail. By complying
with what appears to be a simple request,

10/20 Cybersecurity and You Cybersecurity and You 11/20


your employees may be installing malware use malicious software, such as keystroke
on your network. The safest strategy is to loggers, to obtain the IDs and passwords
ignore unsolicited requests, no matter how for online bank accounts and then make
legitimate they appear. Software vendors withdrawals. Another scam called Business
regularly provide patches or updates to Email Compromise targets businesses by
their products to correct security flaws and forging payment requests for legitimate
improve functionality. A good practice is to vendors and directing the funds to the cyber
download and install these software updates criminal’s account. Businesses are generally
as soon as they are available. It may be not covered by consumer protections
most efficient to configure software to against unauthorized electronic funds
install such updates automatically. transfers.

Make backup copies of important Don’t forget about tablets and


systems and data. Regularly back up smartphones. Mobile devices can be
the data from computers used by your a source of security challenges, especially
business. Remember to apply the same if they hold confidential information or
security measures, such as encryption, can access your business’s network.
to your backup data that you would apply If your employees connect their devices
to the original. In addition to automated to the business’s network, require them
backups, regularly back up sensitive to password protect their devices, encrypt
business data to a storage device at their data, and install security apps to
a secondary location that is secure. prevent criminals from accessing the device
while it is connected to public networks.
Pay close attention to your bank Be sure to develop and enforce reporting
accounts and watch for unauthorized procedures for lost or stolen equipment.
withdrawals. Put in additional controls,
such as confirmation calls before financial Watch out for fraudulent transactions
transfers are authorized with the financial and bills. Scams can range from payments
institution. In recent years, there has been with a worthless check or a fake credit
an increase in unauthorized electronic or debit card to fraudulent returns of
transfers made from bank accounts held merchandise. Be sure you have insurance
by businesses. A common scam is an to protect against risks. Additionally, ensure
account takeover where cyber criminals that you report any irregularities immediately.

12/20 Cybersecurity and You Cybersecurity and You 13/20


Email • Limit the information you give out online. • Beware of people who try to enter or illegal content (e.g., file sharing):
Your email provider cannot guarantee your Criminals will search Facebook, Twitter a secure area with you without using Even if you do not download any files,
cybersecurity, and hackers attack providers and other social media for information their own authorization, such as a you are vulnerable to viruses that can
to gain access to user accounts, or they about you and use it to defraud you, |badge or token. infect your computer.
directly attack individual email accounts your family and/or your friends. • Do not insert unknown removable storage • Keep pop-ups and ads blocked, and never
using phishing, social engineering, mal- • Don’t put personal/financial information in drives, such as USB sticks, that you have respond to pop-ups asking you to submit
ware or other scams. emails (or follow links sent to you in emails found or been given into your computer, or resubmit your log-in information.
even if they come from trusted sources). as they may carry malware.
Limit your exposure by maintaining • Contact the email sender by phone or Best Practice
separate email accounts for – open a new email window (do not hit Internet • Regularly check your banking and credit
• Business “reply”) to ask the sender if the email Hackers recreate well-known websites card transaction histories and your state-
• Friends and family you received is valid. to capture your user credentials, such ments for any suspicious transactions
• Important alerts • Pay attention to the URL. Malicious as passwords, Social Security num- • Use two-step authentication when it’s
• For sites that require an email websites look identical to real ones, but bers, credit card information, to name a available—you confirm your ID in two
address as a User ID the URL may use a spelling variation or few. They then use this stolen informa- steps each time you use an ATM—with
different domain (for example, does it tion to access your banking and other a debit card and PIN. Do the same online:
In addition, to safeguard your information: say .net when it should say .com?) accounts. Use a password and a code sent to you
• Enable two-factor authentication in • Don’t enter sensitive information on via text, email or call to access your ac-
your email service when available to websites unless you see proper security Precautions to take online count. You will receive an alert if someone
receive a text when there is a log-in (the URL should begin with: https://). • Make sure you keep your browser logs in from a new computer.
from a new computer. software up-to-date. • Avoid clicking either an ad’s “close” button
• Use data encryption to transmit personal Via telephone • Maintain a medium or higher level or anywhere within the window to close it.
information. Encoding the information Confirm an unknown caller’s identity: Ask for of security on your browser settings. • Enable private browsing whenever pos-
makes it impossible for those without the full and correct spelling of their name, a • Make sure the web address of any site sible—prevent cookies and browsing history
the encryption keys to read it. callback number, and an explanation for why you visit begins with https://. Some from being stored/saved to your device.
• Employ spam filters to reduce the risk the information is needed. browsers show a padlock icon next to • Use trusted bookmarks for important
of malicious software and phishing scams the https:// to indicate that you have sites—not email links or pop-ups
(spam represents 65% of all email traffic). Be wary of impersonators: Validate the a secure connection • Close windows containing pop-up ads
• If you need to send someone a password- source through official public channels. • Remember: http:// is not secure. or unexpected warnings using the X in
protected document, send the document • Log out after using an Internet banking the upper right-hand corner.
in one email and the password in a Do not supply information about other or e-commerce service to ensure your • Do not buy anything promoted in a spam
separate email. people: Have the caller contact the appropri- session has closed message—even if it is a legitimate com-
ate individual directly if you are asked for • Keep your cookies and browser cache pany, your purchase encourages spamming
Social Engineering someone else’s information. clear so that hackers cannot access
your history and obtain information. Remember every device carries a risk.
Social engineering can leave you In person • Remember that hackers increasingly Laptops, tablets and mobile phones are all
vulnerable to fraud Social media, such as Be alert in public places for “shoulder surf- target children on social media and susceptible to wireless security breaches.
Facebook or LinkedIn, can give hackers a ers” who watch you entering personal infor- gaming websites. Do not connect to sites you don’t know
wealth of information about you—which can mation (such as PINs or passwords) in order • Be mindful of the sites you visit: Do not or recognize. Don’t assume a Wi-Fi link
be used to steal your assets or information. to steal it and gain access to your accounts. visit sites that provide illegal downloads is legitimate; hackers create fraudulent

14/20 Cybersecurity and You Cybersecurity and You 15/20


access points that appear to be identical to • Update the apps on your device when • Use a reputable anti-malware/virus pro- • Be wary of suspicious-looking email.
one that’s legitimate. Instead, use a virtual new versions become available, as these gram and update regularly. Mobile devices Even email from people you know can
private network (VPN), which allows only often include security patches. are susceptible to the same risks as your contain malware links or attachments if
authorized users to access the network so • If you think your device has been infected home or office computers. their account has been compromised.
data cannot be intercepted. Do not connect with malware: Contact either the device • Turn off Bluetooth when you don’t need • Be careful following links in incoming
to sites you don’t know or recognize. maker or your mobile phone carrier for help. the connection - your device will be less email. Whenever possible, visit websites
• Install a security app to scan and remove vulnerable both to cyber-attacks and you by entering the desired address directly
Mobile Security malware-infected apps. will not drain the battery life. in your browser.
We have become more and more dependent • Do not try to bypass security controls • Choose a smartphone with anti-theft • Scan files with security software before
on our smartphones and tablets for banking, in the device’s operating system (i.e., security features. If your phone is lost or opening. Do not assume emailed files
shopping and social networking; therefore it don’t jailbreak or root your phone). stolen, having remote access to it will al- or those given to you on a disk or flash
is essential to protect your mobile devices. • Keep your phone or computer locked - low you to lock it, wipe the data stored on drive are safe.
We should all be taking precautions to make sure it is password/PIN protected it and identify its location.
ensure these devices are protected. at all times. • Regularly back up your devices to your Malware
• Keep the device’s operating system home computer or cloud network so that Do not trust pop-up windows asking you to
Best practice guidance for your software up-to-date and ensure you you have access to information if your download software. Their goal is to convince
personal devices have the latest security patches. device is lost, stolen or corrupted. you that your computer has been infected
• Adjust your security settings to restrict • Encrypt sensitive information - if your • Criminals use malware to steal or destroy and that downloading the software will take
others’ access to your data via wireless mobile device or laptop has data encryp- your data—in the process, compromising care of the problem. Close this window
and Bluetooth connections. tion features, use them. the security and integrity of the equipment immediately, making sure not to click
• Avoid clicking on Internet ads: Ad-block- • Monitor how apps behave on your phone - and/or systems you use. Don’t ignore the on anything inside the pop-up window.
ing apps exist for both Android and Apple keep track of permission access/requests warnings. Install antivirus software and
devices, and browser settings can be from apps installed on your device. pay attention to warnings you receive, • Most file-sharing sites are illegal and
adjusted to limit ad tracking. such as when you are trying to access should be avoided. There is very little
an unsafe site on the Internet. policing for malware in these types of
• Be careful what you click and download. services. Malware can be disguised as
Clicking unfamiliar links can expose you a popular movie, album or program.
to malicious software programs that scan • If your computer is infected with a ran-
your computer or track keystrokes, includ- somware virus, in which a pop-up window
ing passwords and account numbers. appears informing you that your files have
• Some programs intentionally include been encrypted in exchange for ransom,
malware. When installing, pay attention do not panic. Immediately disconnect your
to message boxes and the fine print. device from the network and try to restore
Cancel any installation if you believe your files from an earlier clean backup.
it may be harmful. Do not pay the ransom.

Cybersecurity and You 17/20


Notes

18/20 Cybersecurity and You Cybersecurity and You 19/20


CREDIT SUISSE AG
P.O. Box 100
MCIZ 1 09.2017

CH-8070 Zurich
credit-suisse.com

Copyright © 2017 Credit Suisse Group AG and/or its affiliated companies. All rights reserved.

You might also like