There are additional vulnerabilities associated with having a computer directly connected to the Internet for an extended period of time. This applies to all users, but it is extremely important for users with cable modem or digital subscriber line (DSL) Internet access. These methods of connection do not require "dialling" into the Internet and thus are sometimes described as "always on" connections. Unfortunately, as long as the computer remains "on" and connected to the Internet, malicious parties have a continuous window of opportunity for attacks on the user's personal computer.
If you use a cable modem or DSL connection for Internet access, you can limit this security risk by disconnecting from the Internet when your session is complete, or by turning off the cable or DSL modem. However, if you want to continue to take advantage of the "always on" feature of cable and DSL connections, or if you run extended dial-up sessions on the Internet, we recommend the following security measures be taken:
- Disable file-sharing on your personal computer:
File sharing is a feature of Windows® that allows other computers to access your personal computer, even from across the Internet. Microsoft® has provided instructions on how to disable file sharing in Windows Help (Click Start, Help, then choose the "index" tab and type "file sharing, disabling").
Our recommendation is to disable file sharing. However, if you choose to retain this option for your particular environment, exercise due care and apply appropriate security measures.
- Install a personal firewall:
Install and frequently update a proven personal firewall product, such as Personal Firewall Plus® or Zone Alarm®, which can be configured to prevent unauthorised access to your personal computer and keep it up-to-date.
- Get computer security updates:
Ensure that you are using a legally licensed operating system. You may be able to improve the security of your system by getting updates to help correct issues that may make your computer vulnerable to virus or worm attacks. As such, you should diligently apply security patches as they become available. Find out more:
If you have a wireless network, there are additional measures that should be taken to protect your Internet connection:
- Use encryption:
Enable the highest level of encryption available for your router; newer wireless routers typically use Wi-Fi Protected Access (WPA), and older versions use Wired Equivalent Privacy (WEP). This will encrypt all data transferred between your personal computer and wireless router. In addition, devices without your encryption key will not be able to connect to your wireless router.
- Change your default password:
All wireless routers are given a default administrator password by their manufacturers, so make sure to change this password to prevent unauthorised access to your wireless router.
- Change SSID (Service Set Identifier):
The SSID is the name of your wireless network. In order for a computer to connect to your wireless network, the SSID must be known. You should change the manufacturer's default SSID name to a unique name that will not be easily guessed, and has no direct connection to you or where you are located (e.g. don't use your last name or street address).
- Switch off SSID broadcasting:
You can further secure your network by disabling SSID broadcasting, which will hide your network from outsiders. It would be very difficult for an outsider to access your network once you have changed your SSID and turned off broadcasting, as they would have to start guessing the name of your network to access it.
Protect Your Mobile Device:
- Always set a password/PIN lock on your mobile phone to provide additional protection
- Delete text messages and clear the cache memory, especially before lending, discarding, or selling your mobile device
- Never disclose any personal information via text message or email
- Download and apply security updates and patches to your mobile browser when they are made available — these are designed to provide you with protection from known and possible security problems
- To prevent viruses or other unwanted problems, do not open attachments from unknown or untrustworthy sources
- Do not install pirated software or software from unknown sources
- Know everyone who uses your mobile handset device and limit unauthorised access
- Never save your username and password in the mobile device
- Do not access Scotia Mobile Banking from a mobile device that is shared with other people
- If you leave your mobile device idle for a certain period of time, the session will automatically be terminated to help prevent unauthorised access
® Windows and Microsoft are trademarks of Microsoft Corporation.
® Personal Firewall Plus is a trademark of McAfee, Inc.
® Zone Alarm is a trademark of Checkpoint Software Technologies Ltd.