Minor and children’s privacy

The information, services, and products discussed on our website are not intended for use by anyone under the age of 18, and we do not market to individuals under 18 years old. If you are concerned that any information has been submitted to us by someone under age 18, please contact us at (603) 224-6669 and ask to speak to the Privacy Officer.

Information we collect

Site use

The collection of certain information allows us to analyze trends and traffic on our website and make it as accessible and useful to as many visitors as possible. The Community Loan Fund collects your IP address and tracks which pages you view each time you visit. Additionally, we may collect device address, device ID, web browser type, device type, web pages or sites you visit immediately before or after visiting our site, date, and timestamps of your visit, access, or use of the site, and other such information.

Cookies

Cookies are small text files generated by a website and sent to your computer upon visiting that website. These files are used to improve your experience as a visitor to our site and may either be deleted upon the end of your visit or retained by your computer until they are deleted by you. If you delete or reject cookies, you may still use our website.

Information you supply

If you choose to complete a form on our site to submit information to the Community Loan Fund, the information you supply may contain non-public, personally identifiable information including, but not limited to, social security numbers, bank account information, date of birth, and credit history information.

Use of information collected

The Community Loan Fund may use information collected through your use of this website to analyze trends in the use of our site by visitors, to improve existing products or services, to improve features and functionality of the website, to develop new products or services, and/or to provide service and information you have requested from the Community Loan Fund. The Community Loan Fund does not sell any personal information it acquires through your use of our website. We will disclose any information collected through your use of this website to appropriate authorities when required by law.

Third-party services

The Community Loan Fund website may contain links to websites and services provided by third parties. Any information you provide on third-party sites or services is provided directly to the operators of those services and is subject to the privacy and security policies of those operators.  The Community Loan Fund is not responsible for the content or privacy practices of third-party sites or services to which links or access is provided. All site visitors are encouraged to educate themselves about the privacy and security practices and policies of any third party before disclosing personal information to that party.

Data security

The Community Loan Fund uses certain physical, administrative, and technical safeguards to protect any personal data we collect or maintain. The Community Loan Fund cannot ensure or warrant the security of any information you transmit to us, and any such transmission is done at your own risk. Also, the Community Loan Fund cannot guarantee such information will not be subjected to unauthorized access, disclosure, alteration, or destruction if our safeguards are breached. Should the Community Loan Fund learn of a breach of data we maintain, all applicable laws and regulations will be followed, including appropriate notifications provided to the owners of such information.

Protect Yourself and Your Data

The New Hampshire Community Loan Fund encourages all our staff, customers, and supporters to protect their information and identity online.

To get you started, we have compiled the following list of information security fundamentals:

Passwords

Passwords are a good starting point in practicing good information security habits. Here are tips for generating and using passwords online:

Length and complexity are both important.  Any search for “most breached passwords” will quickly show you a list of hundreds of common passwords that are easily crackable by bad actors. Passwords like “Iloveyou,” “password,” and “Password1” are all bad ideas. Pattern-based passwords like “12qwaszx,” “123456qwerty,” and “1qaz2wsx” are also very common and very easily cracked by modern tools.

We suggest using a highly-rated password manager (see #4 below), but if you want to generate and maintain your own, pick passwords that are at least 16 characters long and contain both upper- and lower-case letters. If you can add or substitute a few special characters, your passwords will be even stronger.

Don't use the same password for multiple accounts. This is a highly common practice and one we all need to eliminate. If just one of those accounts is compromised and your username and password end up in the hands of a criminal, they will attempt to log into many, many, websites, databases, email accounts, etc. using those credentials.

When you use different passwords for each account, only one account is subject to breach from any particular attack. On the other hand, if you used a password multiple times, every account you have with that password will end up compromised as the result of one attack.

Don't store your passwords in a spreadsheet, text document, or other file on your computer. If your computer is ever compromised by a hacker, this type of document will be invaluable to them and cause a huge headache for you.

Also, avoid writing your passwords on paper—anyone who finds your list will have access to anything you have written down. If you can, use a password manager (see next paragraph) or, if that is not an option for you, memorize your passwords.

ISecurity researchers highly recommend by security researchers that you use a password manager such as 1Password, LastPass, or other similar software to both generate and manage your passwords.

This will require you to remember only one long and complex password to enter into the manager, which will store passwords far more complex and lengthy than you would be able to remember.

Multi-factor authentication

Multi-factor authentication (MFA) is one of the best ways to protect your data because it requires more than just a username and a password to allow access. There are several types and levels of MFA, but all of them rely on you having a second source of authentication when attempting to log into a website.

This way, a thief won't be able to use your username and password to log into the website because they won’t have your second source of authentication (most commonly, a smartphone). Many sites allow the enabling of MFA and will instruct you on how to set it up.

Typically, setting up MFA means registering your mobile phone number in your account on the website in question, then using an app (like Microsoft Authenticator) to complete the MFA process. Once this is set up, when you enter your username and password into the website you'll will be prompted by your smartphone to authorize access to the site on the computer.

If your username and password are used by someone else, they will be stopped from logging in unless you authorize it through your smartphone app. In turn, you will know your password has been stolen because you will receive a request to authorize logging into the site when you are not trying to log in.

Avoid phishing scams (think before you click)

Phishing is still the most successful and most common way of hacking a computer user. It happens when an attacker creates an email that looks like it came from a legitimate website and tells the recipient they must do something quickly to stop something bad from happening.

The email may look like it’s from your credit card company and say unusual activity has been detected on your account and you need to log in to verify, or something of that nature. Once you click the link in the email, the bad stuff starts happening!

That link might immediately download a malicious piece of software,. Or it might take you to what appears to be a legitimate site but when you enter your login credentials, you have submitted them to an attacker who then uses them to access your account.

Typically, phishing messages contain at least one of the following:

• Language urging you to take immediate action.
• Something to make you feel excited (“You’ve won $500! Click here to redeem”) or to otherwise distract you into clicking a link.
• Contain an attachment for you to open. Be highly suspicious of all attachments you receive, even if they are from people you know, if you are not expecting something from the sender.

Below are some guidelines for avoiding falling victim to a phishing scam:

WHEN IN DOUBT, VERIFY BY ANOTHER MEANS OF COMMUNICATION. If you have any reason to suspect an email is illegitimate, assume it is and attempt to contact the sender via another means. For example, if the message appears to be from your credit card company, call the phone number on the back of your card and ask a representative to confirm the email message is legitimate.

Check the validity of links by hovering over them to see the URL. For example, if the alleged sender is Microsoft, any links in that email should begin with https://microsoft.com/.  If you see anything else at the start of that URL, the email is not legitimate.

Never assume the person listed as the sender is the actual sender. It takes less than five minutes to find tools online that will allow you to spoof an email address and to learn how to use those tools.

Be aware phishing takes many forms and is not limited to email. It is common to see phishing links come through as a text on your phone with a link as well. Never click a link you receive on your smartphone without verifying the sender and the legitimacy of the link.

Anti-virus

Everyone should use and maintain a reputable anti-virus software package on their computer. There are several reputable vendors, including Windows Defender, Sophos, Symantec Antivirus, and McAfee Antivirus.

Installing, running, and updating one of these software packages helps ensure any viruses you pick up through email or web browsing will be quarantined from the rest of your computer and can be fully removed before causing greater harm to your computer.

Manage your digital footprint

If you don’t use an account anymore, delete it! Whether it’s an old eBay account you no longer use, a social media profile on a platform you no longer care about, a shopping site you don’t buy from anymore, or a fitness app you stopped using, having unnecessary open accounts out there is a hazardous practice. Closing and deleting any accounts you no longer use ensures, if those accounts ever have a security breach, your information won’t be at risk.

Update your software

All software needs patching over time. Help keep your computer, mobile devices, and home router secure by checking frequently to see if software or firmware updates are available. If they are, apply them.

Much hacking involves taking advantage of unpatched systems using known weaknesses. The more up-to-date you keep your equipment, the more difficult it is to hack.

Never send private information over public wifi

Never, ever, use free public wifi to transmit sensitive data. Do this only on secure, private, networks you know. And avoid connecting to random free wifi points while out in public. When visiting a shop, restaurant, doctor’s office, or store, it’s best to ask a staff member if the wifi offered there belongs to the organization. If you can’t verify the broadcaster of the wifi signal, you may well connect to an attacker when you think you are connecting to a coffee shop’s wifi.

Back up your data frequently

In the event of something happening to your computer, having good backups will ensure you are able to recover your data quickly and fully. Whether family photos or financial records, losing items because no backup was available can be gut-wrenching.