Best Practices

At INB, we want to ensure that you are informed about tools and resources to prevent some of the common fraudulent activities that occur on the Internet including phishing, pharming, malware and other scams that can lead to identity theft. While most security product vendors include Anti-Virus, Firewall and Anti-Spyware modules in their software suite, we have separated them out to highlight the best practices for each module.

Anti-Virus

  • Install and/or update anti-virus software.
  • In addition to paid products, there are a number of vendors with free offerings, including AVG, Avast, and Microsoft Security Essentials. Many Internet Service Providers (ISP) also offer their customers free versions of software that carry a cost commercially. Check with your ISP for details. INB does not endorse any specific product.
  • Update anti-virus signature on a regular basis.  Running updates once a day is recommended since new viruses and exploits are released daily.
  • Run a virus scan of all of your files on a weekly basis.  Most AV vendors use a scanning engine that actively scans files that are being used by you or your operating system.  Running a weekly "Full Scan" will help catch any malicious software that may not be actively in use.

Personal Firewall

  • Install and/or update firewall software. Personal firewalls can help keep hackers from directly installing software on your PC and can alert you if a program you did not install is trying to access the Internet.
  • Many Operating Systems (OS’s) offer a fully functional firewall but these may not be as full featured as commercially available products. There are a limited number of free firewall applications as well with varying degrees of effectiveness. These include ZoneAlarm, Comodo, and TinyWall. INB does not endorse any specific product.
  • If an intrusion detection engine is part of your firewall program, regularly update intrusion detection signatures.

Anti-Spyware

  • Install and/or update anti-spyware software. Anti-spyware software also helps keep unwanted software off of your PC and can also detect software that may have been installed without your knowledge.
  • Update anti-spyware signatures on a regular basis.
  • Run a spyware scan of all of your files on a weekly basis. Most anti-spyware vendors use a scanning engine that actively scans files that are being used by you or your operating system and prevents certain unwanted modifications from occurring. Running a weekly "Full Scan", will help catch any malicious software that may not be actively in use.

Patch Management

  • Keeping your operating system and browser up to date is one of the easiest methods of keeping your computer safe on the Internet.
  • Periodically check your operating system's vendor for updates. Since the majority of home PC's run a version of Microsoft's Windows operating system, we have included the link for Microsoft's Windows Update here.
  • Turn on auto updates for all applications that support it.
  • Use a tool like Secunia’s Personal Software Inspector to automate and monitor patch status.
  • Use a current Operating System. Microsoft ended support for Windows XP on April 8, 2014. That means no more patches or updates for Windows XP. If you are running Windows XP, it is strongly recommended that you upgrade to Windows 7 or Windows 8.   

Browsing Habits

  • If you are on a site that asks for personal information (social security number, account number, credit card number, etc.) check for the following on the web page:
    • Make sure the web address starts with https://
    • Look for a closed lock either by the address or down in the bottom frame of your browser. If that lock is missing, the page is not encrypted and your information can be seen as it passes across the Internet.
    • The majority of browsers use a color coding in the address bar to let you know if the page is properly secured. Web pages use certificates to encrypt your data. Most use red as a page with a bad certificate and green to let you know that the certificate is valid. An address bar that is white in a browser that supports the color coding does not have a certificate. Check with your browser vendor to find out the color coding used.
  • Another good habit is to type the address of the page you are browsing in the address bar instead of following a link. Links can be spoofed to look valid but may take you to another site without your knowledge. Favorites can also be hijacked and altered to take you to the site that you did not intend to visit.

Password Security

  • We suggest that you do not write down usernames and passwords. If you do, make sure that they can be secured in a locked drawer. The most common place that passwords are found is on monitors, under keyboards and mouse pads, and in unlocked desk drawers.
  • Make sure that your password is something that is easily remembered by you alone. Using combinations of uppercase and lowercase letters, numbers, and "special characters" is recommended. Special characters are symbols like @, %, $, and !. Changing your password will also make it harder for hackers or other people to guess your password. You may even consider using passphrases if the site will allow it.  Passphrases can be sentences or unique groups of words.