Yes, We are Looking Over Your Shoulder
I also do online banking and I used to also used to run Quicken. It does get scarey once in awhile. Here are some things I do for computer security at home and at work:
1) Remember that "security" is usually diametrically opposed to ease of use and convenience. Chances are, if your computer is not a pain-in-the-you-know-what, it probably isn't safe. Well, it's that way it is at work. At least is gives you the illusion of being safer.
2) Never put something that you don't want everyone to see up on the Internet somewhere. Someone WILL see it. Always read the terms of service and privacy statements to any site where you will be doing business or making tranactions. Don't just assume a site is safe or not safe just because they are a BIG company. Especially if their main business is "advertising" or you get their services for free. "Free" doesn't pay stockholders, employees or for technical things such as networks and servers.
3) Avoid keeping account numbers or credit card numbers on your computer unless they are well-encrypted. Consider full disk encryption for laptops and portable devices.
4) If you have a choice to keep credit card numbers on major online stores, do that if you are going to be a frequent shopper there. Remember, the odds are that the website won't get hacked and your data is probably encrypted on the site, but, if you keep typing the credit card information in to a website, eventually malware on your computerwill see your keystrokes. It is whatever makes you feel better but always look at the pros and cons of doing anything one way or the other way.
As for software on your PC, you can choose any OS that you are comfortable with but, NEVER assume that a particular type of OS is immune from malware. If you are making a choice, do some research on a malware site and look at NIST to see what the truth is. Don't listen to Fanbois as they are predjudice and don't read the right unbiased opinions. (I'll probably catch hell for saying this, watch).
For anti-malware software, take your time when choosing. Make sure ithe software is something you understand and feel comfortable. Read uop on what the software does, what the software doesn't do, and what the software is good at and what it is weak on. "Free" sound good, but is it really? Why would people and/or companies PAY for anti-malware software if it is free? One answer could be support. The other is because it may only work well in one area but not others. At work, we stick with Symantec and/or McAfee. Still, I don't think they do spyware as well as "Spybot Search and Destroy" and, for your own use, it is free but it is not a substitute for a/v software.
4) Make sure you have your "bases" covered! Anti-Virus? (Should also handle trojans and other things). Spyware? Run scans often with something good at spyware. Phishing? Avoid anything that mentions banks you don't do business with, especially those in Nigeria. Be wary of Princes and Chancellors contacting you. Even if you think an email from your financial institution looks VERY REAL, avoid replies unless the subject matter addresses YOU personally and shows some signs that it knows your account number. Even then, be careful! Do not click on an email "link" to login to your account. One way I test these, sometimes, when I'm in the mood is to click the link and put in incorrect information, just to see what happens.
5) Passwords and security questions: We have already beaten these topics to death but I would suggest using a STRONG password (sometimes they make you use one anyway) and change it when you feel "edgy". Security questions for major financial institutions do not ask you for your mother's maiden name because they want to know the answer or that your first hamster's name was "fluffy". This is to help identify you when you forget your password. If you get to choose your question and you worry about family members hacking your account, try to pick something they won't know the answer to and LIE about the answer (but keep the lies straight somehow). You don't even have to put in an answer that makes sense. For both passwords and security questions don't pick something that is in a dictionary or an encyclopedia or some book on babies names. You can always add numbers and/or special characters most of the time. Remember, though. You do trust YOUR BANK with your money and they probably have a lot of information on you from Google,... I mean , from your account application.
6) Be careful with what you say online. If you do your biography online, someone can find out your mother's maiden name, your first pet's name and what you do for a living and can even guess as to how much money you have when talking about your age and your job.
Routers and Network devices: NEVER use a default user ID or password that comes with a router or device. Always change it. It might be nice to administer your router remotely. Unless you have an extraodinary need, avoid the temptation. Don't let access to your router be seen from the Internet. Turn on WiFi security! Never leave a router insecure because some neighbor or someone driving by WILL find it and KNOW that it is not secure. Use the tightest security you can. Not only can someone USE your internet connection, but they might also see your other devices and be able to see computers. Yes, that means if you invite someone over, they will need a password to get in. Don't forget to change passwords.
7) There is NO SUCH THING as privacy. Everything you type in will be seen by someone. Don't think a chat is ever private. If you do something "illegal", you may see a complete transcript of your chat or tweet in a court of law (no, not saying you would say or do anything illegal). We still all know the story about two young Britons who were having private tweets about their upcoming trip to America (this conversation is happening in England, no less). When the got to the U.S. the Dept. of Homeland Security already had them wisked away and produced copies of their private tweets. Unfortunately, they used Brittish slang and said they were going to "destroy" America and that they were going to "dig up" Marilyn Monroe's grave. (DHS looked through their stuff trying to find a shovel). So, watch what you say because anyone could be looking. Especially if what you are saying can be interpretted more than one way. Kind of takes the fun out of it, doesn't it. So, if you are a member of some website like Google, Twitter, Facebook or anywhere else that you login to, read their privacy policies and terms of service.
Also, for your online banking: when you have time, login to your account. At this point "PRETEND" to be someone who has just hacked in and see what it is you can actually do. Can you see bank balances? Yes. Maybe no big deal to you. Can they move money back and forth between accounts (Savings vs. checking vs. MasterCard)? Yes. Can they send money to themselves. Maybe. Maybe not. Bill Pay? Maybe. You'll need to see what it is you can do and think hard before signing up with specific services. Then test out the security. Convenience can cause lack of sleep, you know.
So here are things I use on my machines.
Laptop: (Actually, a NetBook). I try to be careful what information I keep on there, especially work-related. Not all data is really YOURS. Some of it belongs to others. (Including pictures of boyfriend/girlfriends and your grandmother). I try to keep the laptop fairly clean of anything. Encryption: If you have to keep things that make you nervous about on a laptop, at least create an encrypted folder. There is software around to do that. Also, I use Truecrypt (that's a dot org) to encrypt the entire C: drive with the exception of the utility partition. Passwords: I have Roboform so, on my laptop, I use RoboformTo Go (portable).
Since I don't have a lot of anything on my laptop, I use a free product, AVG Free. If I suspect anything, I can always add more later.
Home PC (Desktop): OK, here I use, right now, McAfee, Spybot and IOBIT software. The McAfee was free from my ISP but, I am really considering putting in a suite from McAfee or Symantec, which I will have to pay for. It is not that expensive but you have to pay every year, these days. May catch it on sale somewhere.
By the way, don't run multiple anti-virus products as they can step on one another. Try to keep seperate functions, seperate.
Work: OK, this is easy. I use what they tell me to use BUT, I may throw in something else on top of that if I suspect that something is up. Machine acts funny or some window pops up and then goes away. I use Spybot Search and Destroy once in awhile. If I go to the internet except for a very few sites, I will need to use a user ID and a strong passord. Drives me nuts but there is a lot of data out there that I don't own, so we all put up with it.
Phone, and other portable devices: OK, I don't have a smartphone YET. That may change soon. If looking at software such as Symantec, they have software that will run on your portable equipment (phone, tablet, laptop) that will allow you to do stuff like turn on the camera to see who is using it, get the approximate location of the device, lock the device, put up an :"if found, please call...." message and even remote wipe it.
It all depends on you and what you are comfortable with. You won't be able to eliminate all the bad stuff out there, but you can MINIMIZE the chance that bad things will happen. Maybe if you are willing to forego some ease of use and convenience. Security is really a state of mind. Just remember that you won't be able to rely on anyone but yourself. Remember that banks and credit card companies offer some protection if you are using their sites but other places don't and will not take responsibility for anything that happens.
Not on Facebook or Twitter
Note: This post was edited by its original author to combine 2 posts into one. on 09/07/2012 at 12:36 PM PT