The New Hampshire Community Loan Fund encourages all our staff, customers, and supporters to protect their information and identity online.
To get you started, we have compiled the following list of information security fundamentals:
Passwords
Passwords are a good starting point in practicing good information security habits. Here are tips for generating and using passwords online:
We suggest using a highly-rated password manager (see #4 below), but if you want to generate and maintain your own, pick passwords that are at least 16 characters long and contain both upper- and lower-case letters. If you can add or substitute a few special characters, your passwords will be even stronger.
When you use different passwords for each account, only one account is subject to breach from any particular attack. On the other hand, if you used a password multiple times, every account you have with that password will end up compromised as the result of one attack.
Also, avoid writing your passwords on paper—anyone who finds your list will have access to anything you have written down. If you can, use a password manager (see next paragraph) or, if that is not an option for you, memorize your passwords.
This will require you to remember only one long and complex password to enter into the manager, which will store passwords far more complex and lengthy than you would be able to remember.
Multi-factor authentication
Multi-factor authentication (MFA) is one of the best ways to protect your data because it requires more than just a username and a password to allow access. There are several types and levels of MFA, but all of them rely on you having a second source of authentication when attempting to log into a website.
This way, a thief won't be able to use your username and password to log into the website because they won’t have your second source of authentication (most commonly, a smartphone). Many sites allow the enabling of MFA and will instruct you on how to set it up.
Typically, setting up MFA means registering your mobile phone number in your account on the website in question, then using an app (like Microsoft Authenticator) to complete the MFA process. Once this is set up, when you enter your username and password into the website you'll will be prompted by your smartphone to authorize access to the site on the computer.
If your username and password are used by someone else, they will be stopped from logging in unless you authorize it through your smartphone app. In turn, you will know your password has been stolen because you will receive a request to authorize logging into the site when you are not trying to log in.
Avoid phishing scams (think before you click)
Phishing is still the most successful and most common way of hacking a computer user. It happens when an attacker creates an email that looks like it came from a legitimate website and tells the recipient they must do something quickly to stop something bad from happening.
The email may look like it’s from your credit card company and say unusual activity has been detected on your account and you need to log in to verify, or something of that nature. Once you click the link in the email, the bad stuff starts happening!
That link might immediately download a malicious piece of software,. Or it might take you to what appears to be a legitimate site but when you enter your login credentials, you have submitted them to an attacker who then uses them to access your account.
Typically, phishing messages contain at least one of the following:
Below are some guidelines for avoiding falling victim to a phishing scam:
Anti-virus
Everyone should use and maintain a reputable anti-virus software package on their computer. There are several reputable vendors, including Windows Defender, Sophos, Symantec Antivirus, and McAfee Antivirus.
Installing, running, and updating one of these software packages helps ensure any viruses you pick up through email or web browsing will be quarantined from the rest of your computer and can be fully removed before causing greater harm to your computer.
Manage your digital footprint
If you don’t use an account anymore, delete it! Whether it’s an old eBay account you no longer use, a social media profile on a platform you no longer care about, a shopping site you don’t buy from anymore, or a fitness app you stopped using, having unnecessary open accounts out there is a hazardous practice. Closing and deleting any accounts you no longer use ensures, if those accounts ever have a security breach, your information won’t be at risk.
Update your software
All software needs patching over time. Help keep your computer, mobile devices, and home router secure by checking frequently to see if software or firmware updates are available. If they are, apply them.
Much hacking involves taking advantage of unpatched systems using known weaknesses. The more up-to-date you keep your equipment, the more difficult it is to hack.
Never send private information over public wifi
Never, ever, use free public wifi to transmit sensitive data. Do this only on secure, private, networks you know. And avoid connecting to random free wifi points while out in public. When visiting a shop, restaurant, doctor’s office, or store, it’s best to ask a staff member if the wifi offered there belongs to the organization. If you can’t verify the broadcaster of the wifi signal, you may well connect to an attacker when you think you are connecting to a coffee shop’s wifi.
Back up your data frequently
In the event of something happening to your computer, having good backups will ensure you are able to recover your data quickly and fully. Whether family photos or financial records, losing items because no backup was available can be gut-wrenching.
See our Website Privacy Statement.
Email is not a secure form of communication. Please do not use email to send any confidential or sensative information, including Social Security numbers, account numbers or passwords. If you need to provide this type of information to the New Hampshire Community Loan Fund, contact us by phone at (603) 224-6669, by fax at (603) 225-7425, or by paper mail.
Click the link above to continue or CANCEL
By clicking “Continue” you will leave the Community Loan Fund site. The linked site and its content, privacy and security are not controlled by the Community Loan Fund. We do not guarantee or endorse the linked site’s information, recommendations, products or services.
Click the link above to continue or CANCEL