Citco Security Center
The security of our client’s information is always a priority. We have various security controls in place with regard to our people, processes and technologies to help keep your information safe. You can be assured that we are committed to protecting your personal information entrusted with us.
Working with Citco:
- Citco will never request personal or private information from you in an email.
- If you’re concerned that an email you’ve received from Citco might be fraudulent, or you want to confirm that the email originated from Citco, we will be happy to assist you verify its legitimacy. Contact your Citco representative or refer to the contact details in the last section.
There are also certain steps you can take to keep safe online. Kindly consider them carefully.
- Protect your computer, network and mobile devices
- Protect your online identity and accounts
- Know the signs of phishing
- Report an online security issue to us
Protect your computer, network and mobile devices
By ensuring the security of your computer and mobile devices, you can reduce the risks of your personal information falling into the wrong hands. As your first line of defense, here are things you can do to help prevent your computer, network and mobile devices from being hijacked.
-
Install Anti-malware software+ + -
Protect your device from malware by installing reputable anti-malware software. Malicious software, or also known as malware, can put you at risk for identity theft since it can record keystrokes to reveal and capture personal information such as passwords and usernames. Anti-malware scans incoming data to detect advanced forms of malware and to prevent it from being installed in your device. Anti-malware also offers protection against ransomware attacks.
-
Regularly update your OS, anti-malware and use spam filters+ + -
OS and software vendors regularly release updates to patch security vulnerabilities, to fix bugs and to push new features. Always make sure you run the current version of OS and patches, and anti-malware on your computing devices. Using good spam filters also help in blocking emails that may contain malwares.
-
Protect your home wireless network+ + -
Most often, the default configuration on a home wireless network is not secure and configured with a low level of encryption. You should enable strong encryption and be sure to change your router’s default password.
-
Use the right firewall for your computer+ + -
Generally, computers already have a firewall and it is automatically turned on. However, you may still want to check your firewall settings by referring to support pages for your computer’s operating system.
-
Password-protect and encrypt your device+ + -
In case someone steals or finds your device, make it harder for them to access information stored there. Check the section below for tips in creating strong passwords. Almost all smart phones and other mobiles devices to date are equipped with device encryption features.
-
Be wary of unknown sources or senders of software downloads, emails and attachments+ + -
Download software from trusted sources only, and open emails and attachments only from known and trusted senders. Cybercriminals commonly send viruses and malwares thru legitimate-looking emails and trick users into downloading seemingly harmless software. Consider using a browser security plug-in to report on the safety of web sites or use a proxy service.
-
Be smart when using wireless networks+ + -
Make sure you are using a legitimate Wi-Fi hotspot, not the one set up by hackers. An employee of the airport, restaurant or coffee shop you are in, will be happy to tell you what name to look for. Also, do not transmit sensitive data over public or open Wi-Fi. For example, never check your accounts or send confidential emails. The risks are just too great.
-
Always log out of your session+ + -
Always log out of your account when you are done with it. This helps protect your information from people snooping around the web. Also, if you're on a shared computer or public computer, logging out when you are done prevents other users from using your account.
-
Lock your device+ + -
Most devices and smartphones can be configured to auto-lock and require a passcode or password to unlock it. Use this feature whenever possible. They may also be configured (or invest in software) to automatically wipe the device in the event of too many incorrect password attempts. In some cases, you may be able to locate your device using its GPS.
-
Use modern browsers+ + -
Use only modern web browsers when doing your banking transactions since these are always up to date with the latest patch.
-
Test for vulnerabilities+ + -
Have your network and systems periodically tested for vulnerabilities.
-
Educate!+ + -
Educate your employees with regard to the latest security threats, especially phishing and Business Email Compromise (BEC) scams. Employees have become the last line of defense; they are the firewall but the most vulnerable to attack.
Protect your online identity and accounts
Hackers and perpetrators of identity theft and fraud are constantly coming up with ways to steal your personal data, which includes tricking you into giving it to them willingly or unwittingly. The steps below will help you fight any advances the cybercriminals are making in order to grab your personal data.
-
Create strong passwords and keep them private+ + -
Here are five tips for creating strong passwords. We highly recommend you follow them, whether in your personal or business life.
- Strong passwords are at least eight (8) characters long.
- It must contain upper- and lowercase letters, numbers, and at least one special character (such as ! or @).
- Devise a “pass-phrase” that makes sense to you. For example, to turn “quick red fox” into a strong password, use it this way: qu1ckREDDfox! Not only do you have a strong password, it also helps you commit the password to memory, or either use a password vault or password keeper.
- Avoid reusing your password. If a hacker somehow learns, for example, your email password, the first thing he’ll do is see if it’s also your banking and credit-card password. Create a unique password for every account.
- Never tell anybody your password and never write down a password. Even just a risk of revealing it renders a strong and unique password useless.
-
Check your web browser is in secure session+ + -
Before making transactions online, or providing your personal information online, ensure that you are transacting via a legitimate website. Next, verify that the browser is operating in a secure manner. Most browsers nowadays guarantee that security is the default state (i.e., using https, meaning SSL/TLS certificates are installed) and that information sent to the target device is encrypted. Depending on the browser you are using, secure session is denoted by the tune icon (i.e., Chrome, Chromium) or by padlock icon (i.e., Microsoft Edge, Opera, Safari). Clicking the tune icon will display secure connection details and will allow you to control the site settings.
-
Be careful of who is asking you for information+ + -
Be aware that phishing emails, online scams, malicious web sites, phone calls and links in messages are common means that cybercriminals use to steal personal information. Be suspicious of emails demanding you to act urgently and asking for your personal data such as usernames, passwords or PINs even if it seems to be from someone you know. Never click any links or download any attachments on the suspicious email. See the section below for tips on how to spot phishing.
-
Don’t reveal too much+ + -
Avoid oversharing your personal information on social media sites. Don’t provide information about your physical address/location (also achieved by turning off the location tracking services/Global Positioning System - GPS in your mobile device), where you work or attend school. Never reveal personal information that might be the answer to a secret question used to reset your password.
The trick is to treat your personal data as you would your money.
-
Monitor your account regularly+ + -
Taking time to look at your account information, at least once a month, will help you detect and address any suspicious activity before it can cause serious damage. Watch out for any indication that your identity may have been stolen or your accounts may have been tampered with. Also, staying vigilant goes hand in hand with acting quickly. Once you have suspected that your account has been compromised, report it to us immediately. For contact details, refer to the last section.
-
Never reveal your government ID number+ + -
Never provide this information unless you have initiated the contact with the person or company that has requested it and have confirmed their identity.
-
Use Multi factor authentication or MFA+ + -
Many institutions offer multi-factor authentication which means requiring users to present at least two types of authentications (a.k.a. 2FA). During the authentication process, you will be prompted for additional information such as a one-time-passcode sent to you via SMS or email. Whenever available, you must choose to use MFA.
Know the signs of phishing
Phishing is a scheme that uses legitimate-looking emails and phony websites to trick you into disclosing personal information. It is likely to be phishing, when it:
- Offers you money.
- Threatens some dire consequence if you do not immediately log on and take action.
- Threatens to close or suspend your account if you do not take immediate action in providing specific information about you or your company
- Requires you to enter organizational or personal information directly into the e-mail or submit that information in some other ways.
- Solicits your participation in a survey where you are asked to enter personal information.
- States that your account has been compromised or that there has been third-party activity on your account and requests you to enter or confirm your account information.
- States that there are unauthorized transactions on your account(s) and requests your account information.
- Asks you to provide your UserID, password or account numbers via an e-mail.
- Asks you to confirm, verify, or refresh your account information through a website they have provided.
- Directs you to a screen that asks you to provide additional data beyond your normal login information.
- Asks you to validate account information for banking systems you do not use.
If an email seems suspicious, do not open it, click links within it or respond to it. Simply delete it from your inbox.
Report an online security issue to us:
USA: +1800 457 2251 / Switzerland: +41 22 591 1212 / Email: webhelp@citco.com