The majority of fraud attempts when transmitting sensitive information can be mitigated when following the below best practices:
Send sensitive information encrypted – always use encryption methods when sending personally identifying information (SSN, EIN, Loan Account Numbers, Bank Account Numbers, etc.) via email. Sending an email unencrypted (plain text) is the equivalent of sending out a postcard. Anyone that intercepts the message has the ability to read it. When a message is encrypted it is scrambled, allowing only the intended receiver to read it. It is important to do everything you can to protect your personal information from getting into the wrong hands. Encrypting your message traffic is a primary way to protect your information. We encourage you to use secure messaging in your myFCW portal to send your information or requests to us so it is encrypted.
Follow best password management practices- A rule of thumb is, the longer your password, the better off you are. A sentence or phrase that uses multiple words creates a stronger more secure password than using complexity of upper and lower case letters along with a number and special character. For example the password fl@$hd@nc3 would take 24 years to crack whereas the phrase ‘flash in a pan’ would take over 55 thousand years to crack. Both are very strong passwords; however the extra characters in addition to spaces add a significant level of strength.
Only use secured wireless connections - Use Caution when discussing and transmitting personal information in public locations. Public Wi-Fi connections may be free but the risk of being hacked is very high! When entering personal information into a website, ensure the site is secure with an “https://” URL.
Accessing sensitive information from a mobile device
Biometrics/password protected phone - Always protect your phone with either a password or biometrics lock. This prevents someone that picks up your device from gaining access to the data on your phone. Ensure your phone is locked when not in use. Never leave mobile devices unattended where they could lure thieves.
Log out of sites or apps you use on your phone - In the event that an unauthorized person does gain access to your mobile device, they will not be able to automatically view your social media, email, or bank accounts if you have logged out of each application.
Enable two factor authentication protection - Enabling two factor authentication increases the level of security on your account by requiring that multiple factors be entered to gain access. Examples of these ‘factors’ are typically (1) something you know and (2) something you have. An example of this method is first logging into your account with a username and password (something you know). Secondly, the system will send you a text message to your phone (utilizing something you have) with a code needed to proceed to your account. This can be enabled by never checking the “remember this device option”. It’s unlikely that a perpetrator will have access to both factors.
Remove sensitive information when no longer necessary - Remove all personal information from your mobile devices and portable drives when this information is no longer required for you to use your device.
Management of your Applications - Only use trusted, regulated app stores when downloading new tools. Unless your app requires it, disable access to other areas of your device that may compromise your privacy. Check each app’s settings and remove location services, unless doing so sacrifices the app’s functionality. When accessing a URL embedded in an App or when browsing the internet on your mobile browser app, first verify the URL you are about to click is legitimate. Holding down your finger on the link (long press) will allow you to see the true destination URL.