Security

Recommendation on Internet conduct

The Internet is to be used with caution and care. Today’s threats are quickly changing, and security tools are not foolproof. Your good conduct and vigilance are essential. Do not click on unsafe links or windows and do not agree to install anything that you did not voluntarily seek out.
We have put together a list of the best practices for you so that you can protect yourself against risks related to the Internet:

 
ANTIVIRUS & FIREWALL
It is important to protect your computer by installing antivirus software and a personal firewall. It is recommended that you configure your antivirus software to update automatically.
A firewall filters incoming and outgoing data and reduces the risk of hacking.

 
BACKUPS & UPDATES
Be sure to regularly update your operating system, browsers, and other software (Adobe, Java, etc.). By configuring these applications to update automatically, you significantly reduce your exposure to attacks from hackers.

 
PASSWORDS
It is not recommended to that you save your passwords on the workstation itself, particularly for sensitive applications.
Its length and complexity are the key security factors of a password, as well as changing it regularly. A 10-character password ensures a good level of security if it includes a mixture of lowercase letters, uppercase letters, numbers, and special characters*. It will be easier to memorize if, for example, it is based on parts of a complete sentence.
*Special characters cannot always be used, as it depends on the system
Do not use words published in dictionaries or information about those close to you (surnames, first names, birthdays, etc.).
Use different passwords to access each of your applications, particularly for all applications containing personal and financial data, as well as those whose misuse by a hacker would cause harm.

 
INTERNET CONNECTION
Access from public Wi-Fi points presents significant dangers for the security of data passing through them, which can be easily intercepted. We recommend that you install an application that creates a secure channel (VPN). If you do not have one, do not sign into your sensitive applications (your e-banking, for example) or make payments on the Internet using a hotspot.

e-BANKING ACCESS
In order to maintain a good level of security when you access e-banking, follow these recommendations:

• Do not install or use programs of an unknown origin. Try to retrieve the code of a new program from the publisher’s official site rather than from open-source downloading sites.
• For mobile devices, do not download applications that are offered outside of official stores and do not delete the device’s basic protection (jailbreak, root account) limiting the risk that hackers could gain control of privileged rights.
• If you do not know the sender of a message, do not click on any attachments or links, even if the sender seems very official (carriers, authorities, application administrators, etc.).
• Never go to the e-banking site by clicking a link in an e-mail that you have received. Instead, enter the address manually.
• Verify that the browser confirms that the visited site is secured by a certificate (padlock) in the name of the official site and that the HTTPS protocol ensures the encryption of the communication between the site and you. Click on the padlock to verify the certificate (the identification of the certificate must match the identification of the site).
• Do not connect to e-banking from hotspots (see Internet Connection).
• Keep only the e-banking session open and close other browser windows before logging in.
• Lastly, be sure that you always log off from your e-banking session by clicking the “Logout” button. Close the browser entirely. Closing the tab is not enough.

 
PERSONAL DATA
Never respond to an e-mail that asks you to disclose personal information. Our bank never contacts its customers by e-mail to ask them for personal data.
In general, consider any information that you place on the Internet to leave a permanent trace. The right to be forgotten does not guarantee that your information has not been intercepted, sold, or copied by third parties.

PORTABLE DEVICES
Your portable devices contain increasingly sensitive information (personal data, payments systems, etc.), and their protection requires applying the following principles:

• Set the screen to lock after a period of inactivity that is not too long
• Give preference to locking the session by password (strong) rather than by biometric input
• Protect the startup of your mobile phone with a PIN code
• Apply updates of applications and the operating system as soon as they are available
• Download applications only from official stores
• Do not install applications that ask for overly broad rights in relation to their purpose (for example, a GPS application that requests access to all of your contacts and files)
• Do not unlock (jailbreak) the operating system
• Regularly monitor your communication costs
• Place confidential data in an encrypted directory protected by an additional password
• Disable wireless protocols (Wi-Fi, Bluetooth, etc.) when you are not using them
• Install an anti-malware solution on your mobile phone

 
Internet dangers

The Internet presents various kinds of dangers, which are constantly changing. Certain types of risk are documented below:

 
VIRUS
A virus is usually a code that installs on your workstation without your knowledge and interacts with its elements (components, data, etc.), often maliciously.
Antivirus software can detect the signature of known viruses and block them. The predictable behaviors of viruses can also be identified by certain security solutions in order to identify unknown viruses.
An antivirus solution is only effective if its database of signatures is regularly updated. Try to set your antivirus software to automatically update.

 
WORM
A worm is a type of virus whose primary objective is to spread on a large scale, discreetly and with little impact, in order to exploit the workstation’s resources often for malicious purposes (spam, denial of service attack, etc.)

 
TROJAN HORSE
A Trojan horse is a virus made up of complex parasitic codes that install in several stages and expand their scope of malicious activities little by little. For example, they may retrieve all the data that you type on your keyboard or capture the screens that you view. The newest Trojan horses aim to be resilient and adapt quickly to counter-measures in order remain on the infected computer. Some even go so far as to delete competing viruses that could interfere with their operation or reduce their camouflage abilities.
Unlike a worm, a Trojan horse does not spread.

 
HOAX
This is an e-mail containing false stories. The objective is for the text to be sufficiently catchy so that recipients send it to their usual contacts. In its malicious version, the message contains a link or attachment.

 
SOCIAL ENGINEERING
Social engineering is the use of your trust, naiveté or ignorance by hackers to have you perform acts that go against your interests, such as providing passwords or confidential data.  Social engineering attacks are usually performed after a thorough study of the targets, particularly by collecting all the information freely available on the Internet (especially on social networks). Telephone calls are part of the arsenal used by hackers to influence their victims.

 
PHISHING
Phishing usually takes the form of an e-mail that simulates an official communication asking recipients to click a link provided in the message. Users are then diverted to pages that are very similar to the official site. A hacker’s objective is to obtain the data you enter, and particularly the data that enables users to log into the true official site or bank card data.