Best Practices for Safe Computing
Protect Yourself Online
Below are several safe computing practices First Commonwealth Bank follows and strongly recommends that you adopt to help protect yourself from the risk of fraud, identity theft and other online security threats.
- Make a habit of choosing passwords that are hard to guess, but can be remembered without being written down. Personal information such as children’s names, birthdays, or phone numbers should be avoided. Passwords should be a mixture of uppercase and lowercase letters, with numbers and special characters included. Using the same password across multiple web sites is also poor practice.
- Always authenticate a person’s identity before sharing any type of sensitive information. There are many common schemes that involve a scammer hijacking an e-mail address or social media account and requesting personal information, or even money, from the victim’s unsuspecting friends.
- Be conscious of the personal information you share on social media outlets. A criminal can attempt to pose as a friend, or even hijack an account, to gain access to your personal information. As a basic rule of thumb, if you would not advertise it in the local newspaper, don’t share it with the public via social media outlets.
- Think twice when opening e-mails. If you receive an e-mail and you don’t know what it is or who it came from, it’s best to delete it. Many viruses can be delivered and installed via e-mail by the simple act of opening the message.
- Show caution when surfing the Internet. Generally speaking, it’s best to limit your Internet usage to sites you know and trust. And even those sites can be compromised.
- Verify links in emails, blogs, or on social media sites prior to clicking on them. Criminals often rely on disguising links to malicious sites by making them appear as though they are links to known or trusted sites. Simply holding your mouse cursor over the link will show you the true destination in most cases.
- It is common for sites to allow users to select challenge questions as a second form of authentication or to enroll for self-service password resets. Keep in mind that the answers to these questions may be used to circumvent normal authentication processes. If the answer to a challenge question can be easily found, then a different question should be selected.
- Basic internet traffic is not protected as it travels the internet. This creates a risk that information sent over the web can be intercepted and read by malicious parties. To mitigate this risk, sites will use SSL certificates to create a secure tunnel from your pc to their site. When this secure tunnel is established the site will have a prefix of "HTTPS:" in the address bar of your browser. The "S" indicates that the communication is secure. Never type sensitive information into a site if the prefix displays "HTTP:" without the "S". Private data should never be emailed unless proper steps have been taken to secure the channel of communication.
- Always keep antivirus programs active and up to date. Every reputable antivirus vendor will release updated virus definitions near daily. These definitions must be downloaded and installed for antivirus to remain effective. Likewise, security patches for your operating system and applications should be maintained as current as possible. New vulnerabilities are found in software every day and these security updates must be installed to protect systems from these vulnerabilities.
- First Commonwealth will never contact our Consumer or Commercial Internet Banking clients and request logon information, either by phone or email. If you are ever contacted by an individual claiming to be a First Commonwealth Representative, do not share any information and report the incident to your local branch office or our Engagement Center at 1-800-711-BANK (2265). A directory of branch offices can be found here.
- For Commercial clients with multiple user accounts that are set up to access First Commonwealth’s Business Online Banking, it is important to review these accounts periodically to ensure that all accounts are valid and that access levels are appropriate.
- Both Consumer and Commercial Internet Banking applications display last logon. It is a good habit to verify that this information is correct. If the last logon time displayed does not align with the last time you were on the system, there is a possibility that your account was compromised.
- Secure messaging functions exist in Consumer Online Banking, Business Online Banking, and our BillPay products. The "Contact Us" link also allows for secure communications to be initiated by our clients.