Security Notice

Please note the products, services, companies and websites (collectively "the resources") referred to in this document are provided solely for informational purposes and are only a representative sample of some of the many resources available to you. This is not an endorsement or representation about the effectiveness, reliability or availability of such resources. Please conduct your own research to determine what available options are best suited for your particular needs.

Security Overview

Security of information is paramount. We can't do it alone, however. Only you can protect yourself from identity theft. To that end, we have provided you with some of the key steps you can take to significantly reduce your online risks:

  1. Secure Your Home Computer
  2. Minimize Your Risks Online
  3. Protect Yourself from Identity Theft

Secure Your Home Computer

Regularly Update Your Operating System

Most major software companies regularly release updates or patches to their operating systems to repair security problems. A large percentage of these patches and upgrades repair security problems that have been found in the software.

You can minimize your exposure to unintentional downloads by keeping your computer up to date with the latest security patches. Some websites, from companies such as Microsoft® and Apple®, offer the ability to scan your computer for missing updates. It's good practice to go to your software vendor's website at least monthly to check for new upgrades and patches. For the best protection, consider setting your computer to receive updates automatically whenever possible.

Use Anti-Virus Software

Up-to-date anti-virus software protects your computer against current virus threats. Most commercially available virus protection programs offer automatic and emergency updates. Regularly scan all your files using the latest anti-virus updates. For the best protection, consider setting your anti-virus software to scan every file you open. You can also schedule your software to run periodic scans.

Use Anti-Spyware Software

Free software is widely available on the Internet but may contain hidden programs called trojans or trojanhorses. Trojans are malicious software programs hidden within other, more desirable software. Trojans that specifically watch your computer activity are called spyware. Spyware programs run on your computer and can gather private information such as passwords/PINs and credit card numbers, deliver unwanted pop-up advertising as you surf the Web, and monitor your browsing patterns.

Before you agree to download a software program, make sure you know and trust the company offering the software, and read the user agreement.

You can unintentionally download spyware onto your computer just by surfing the Web. Such spyware programs automatically install themselves, often without your knowledge or permission. Make sure to keep your computer updated by running your anti-spyware and anti-virus software regularly.

Some Internet Service Providers (ISPs) offer assistance in finding and removing spyware. The maker of your anti-virus software may also offer anti-spyware protection. Make sure you take advantage of these offers to protect your computer against the growing spyware threat. The U.S. Federal Trade Commission (FTC) has additional information about recognizing and removing spyware.

Use a Personal Firewall

Firewalls serve as protective barriers between your computer and the Internet, preventing unauthorized access to your computer when you're online. Firewalls can be software programs or physical devices, often combined with your router. Firewalls are often included in security software suites such as Norton Internet SecurityTM and McAfee® Internet Security.

Be sure to set up a firewall between your computer and the Internet. Some ISPs offer firewall software or hardware to their customers. You can also purchase firewalls at many computer stores.

Exercise Caution When Using Wireless Networks

The default configuration of most wireless home networks is not secure. Contact your wireless software vendor for specific information about enabling encryption and strengthening the overall security of your wireless home network.

Taking a few simple precautions when using wireless hotspots can help protect your computer:

  • Install a firewall on all network computers
  • Disable your wireless connections when you're not using them
  • Configure your wireless software to not connect to hotspots automatically
  • Use reputable encryption software
  • If you are unsure of the security of a wireless hotspot, don't use it for conducting confidential business, such as accessing your work e-mail or financial information

Wireless technologies are continuously changing. Consult the manufacturer of your network hardware to ensure you have the most up to date security technology.

Top

Minimize Your Risks Online

Protect Your Passwords/PINs

Make your passwords/PINs as hard to guess as possible. Avoid obvious numbers, such as a birth date or an anniversary, which would be easy to guess. Never divulge your passwords/PINs to anyone, including family or friends.

Be aware that sensitive information may still be stored within the browser, even after you log out of a website. If you leave a computer unattended after you have logged in to a website, someone may be able to use the browser's Back button, or similar functionality, to view your personal information. To avoid this, log out and close your browser to minimize any security risk. You may also choose to delete encrypted pages and/or temporary Internet files from your computer's hard drive or disk (clear your cache), or set your browser to not save encrypted pages to disk (in your browser's security or advanced settings).

Protect Yourself from Phishing Scams

Phishing is the mass e-mailing of messages that falsely claim to come from a legitimate business. These messages often provide links to phony websites, where you are asked to supply personal information such as passwords/PINs, credit card numbers, Social Security numbers, or bank account numbers.

Never enter personal information unless you are sure the website is legitimate. You should also be certain the site is encrypted. Look for the letter "s" at the end of the "https" prefix to a website's URL, or address. An example of an encrypted site's address is https://www.companyname.com. The "https" prefix indicates that the site is running in secure mode.

Learn How to Recognize Phishing E-mails

Phishing messages have evolved dramatically over the few years, and they are often difficult to recognize. The creators now incorporate realistic company logos and graphics, provide links to real companies' privacy policies, and can even include realistic legal disclaimers.

To help determine if an e-mail is part of a phishing scam, ask yourself the following:

  • Do I have a relationship with this company?
  • Would I expect this company to contact me this way?
  • Would I expect this company to use this tone or make this request?

If you are at all unsure, contact the company by phone.

Don't Open Unexpected E-mail

Be cautious of e-mail and attachments--even if they look like they're from a friend--unless you're expecting them or know what they contain.

Don't E-mail Personal or Financial Data

Most e-mail is not secure or encrypted and should not be trusted to send personal or financial information. Legitimate companies seeking information normally send written requests on company letterhead.

You should be cautious of and verify any requests you receive that ask you to e-mail personal or financial information.

Check that Web Forms Are Secure

When on a website avoid entering sensitive personal information. If you do need to enter sensitive personal information look for forms that may encrypt data and make sure that the web address is running in a secure mode as this may provide some enhanced protection of your information. Some websites or forms on websites may encrypt information, which may be identified by a padlock icon (Lock Icon) in your browser's status bar (at the bottom of the browser window), and the prefix "https" in the address in the browser's address bar that references the site is running in secure mode.

Additional information on phishing or identity theft can be found at Anti-Phishing Working Group (APWG) or The FTC's AvoID Theft: Deter, Detect, Defend campaign.

Top

Protect Yourself from Identity Theft

Protect Your Personal Information

A few simple steps can go a long way. For example, shred sensitive documents instead of simply throwing them away. Also, be absolutely sure you know who you're dealing with before giving any personal or financial information. OnGuard OnlineTM, a website created by the U.S. Federal Trade Commission (FTC), offers additional information on preventing identity theft.

Avoid Using Your Social Security Number

Ask companies and government agencies you do business with if you can create an alternate customer identifier.

Monitor Your Financial Statements

Promptly read any account or credit card statements or correspondence when they arrive. Make sure there are no changes or transactions you did not initiate. If a bill arrives unusually late or not at all, call the company.

Also, be sure to monitor your credit for inaccuracies. As of September 1, 2005, all U.S. residents are entitled to receive one free credit report every 12 months from each of the three nationwide consumer credit reporting agencies: Equifax, Experian and TransUnion. You can request your report from AnnualCreditReport.com.

Know the Warning Signs of Identity Theft

Identity theft warning signs include:

  • Unauthorized charges or withdrawals
  • Not receiving renewed credit cards, bills, or other mail
  • Receiving credit cards for which you did not apply
  • Notices for changes you did not initiate
  • Denial of credit for no apparent reason
  • Calls or letters about items or services you didn't buy

Although it could be a simple error, never assume a mistake has been made that will automatically be corrected. Follow up with the business or institution.

Act Quickly If You Suspect Identity Theft

If you suspect that your personal information has been used wrongfully, immediately:

  • Review your credit reports
  • Place a fraud alert on your accounts
  • Close any accounts opened or used fraudulently
  • File a report with the police
  • File a complaint with the U.S. Federal Trade Commission (FTC)
  • Call your Investment Representative or Broker-Dealer to secure your accounts
Top

Tools & Resources

You may help protect yourself from online risks by using the security tools and resources listed here. (Please note this is for informational purposes only and does not advocate or guarantee the effectiveness of the third-party products or websites listed.)

Software Resources

Software resources free to all website users:

  • SymantecTM Security Check - http://security.symantec.com/sscv6/WelcomePage.asp
    Performs an online scan of your PC for viruses and other threats

Secure Your Home Computer

  • Apple®
    • Security Site Link -
      http://www.apple.com/support/security/
    • Software downloads -
      http://www.apple.com/support/downloads/
  • Microsoft®
    • Security Site Link -
      http://www.microsoft.com/security/default.mspx
    • Software downloads -
      http://www.microsoft.com/downloads/
  • Microsoft® Videos
    • Video Tutorials -
      http://www.microsoft.com/protect/videos/default.mspx?PHPSESSID=84c9562edcae0ade5bf226b3d0315eed
  • U.S. Federal Trade Commission (FTC) home page -
    http://www.ftc.gov
  • Spyware Alert from the Federal Trade Commission (FTC) -
    http://www.ftc.gov/bcp/edu/pubs/consumer/alerts/alt142.shtm

Minimize Your Risks Online

  • Consumer Protection News on Phishing Office of the Comptroller of the Currency (OCC) -
    http://www.occ.gov/Consumer/phishing.htm
  • Anti-Phishing Working Group (APWG)-
    http://www.antiphishing.org
  • The FTC's AvoID Theft: Deter, Detect, Defend campaign -
    http://www.ftc.gov/bcp/edu/microsites/idtheft/
  • VeriSign® FAQs on encryption -
    http://www.verisign.com/ssl/ssl-information-center/ssl-basics/index.html

Protect Yourself from Identity Theft

Resources provided by the U.S. government:

  • Protecting Personal Information, A Guide for Business - http://www.ftc.gov/infosecurity
    Identity theft prevention site for consumers (FTC)
  • Spyware Alert - http://www.ftc.gov/bcp/edu/pubs/consumer/alerts/alt142.shtm
    Consumer alerts from the Federal Trade Commission (FTC)

Major credit reporting bureaus:

  • AnnualCreditReport.com (877-322-8228) -
    https://www.annualcreditreport.com/cra/index.jsp
  • Equifax (800-685-1111) -
    http://www.equifax.com/
  • Experian (888-397-3742) -
    http://www.experian.com/
  • TransUnion (800-916-8800) -
    http://www.transunion.com/
Top

Security Checklist

Secure Your Home Computer

  • Regularly update and scan your computer
  • Use anti-virus software
  • Use anti-spyware software
  • Use a personal firewall
  • Exercise caution when using wireless networks

Minimize Your Risks Online

  • Protect your passwords/PINs
  • Protect yourself from phishing scams
  • Learn how to recognize phishing e-mails
  • Don't open unexpected e-mail
  • Don't e-mail personal or financial data
  • Check that web forms are secure

Protect Yourself from Identity Theft

  • Protect your personal information
  • Avoid using your Social Security number
  • Monitor your financial statements
  • Know warning signs of identity theft
  • Act quickly if you suspect identity theft
Top

Security FAQs

What are digital certificates?

Digital certificates are electronic means of authenticating users.

Top

What are cookies?

Some websites store information in a small text file on your computer, called a cookie. Cookies may be used for tracking purposes.

Top

What is public-key cryptography?

Public-key cryptography describes the method of encryption developed by RSA Security. Briefly, RSA's system for encryption requires two keys, or ciphers, to decrypt information: a private key, which is kept secure by the hosting party, and a public key, which is distributed to the client party. Both keys are required to unlock the scrambling code.

Top

What is Secure Sockets Layer (SSL)?

Secure Sockets Layer (SSL) is a security convention that establishes a secure session by electronically authenticating the source of encrypted transmissions. The idea is that you know exactly whom you are communicating with before sending any sensitive information.

Top

What is https://?

While you navigate your account, note that the URL (website address) starts with "https://" rather than "http://." The "s" stands for "secure." Secure means encrypted.

Top

What kind of encryption does this web site use?

This web site requires browsers to use 128-bit encryption to access account information. For more information on SSL, refer to What is Secure Sockets Layer (SSL)?, or see the VeriSign® FAQs on encryption in the Minimize Your Risks Online section.

Top

Why do I need cookies to view my account information?

Cookies are necessary to allow users to log in to this web site. Without cookies, your browser would be unable to remember that you were logged in, and you'd have to reenter your login credentials for every page you viewed.

Top

If I'm using a public computer, what should I do?

You should always exercise caution when using a public computer, as most public computers are unsecured and may be infected with spyware and viruses. If you must use a public computer, you should consider the following best practices:

  • When you're finished, log off and close the browser window to ensure that your personal information is erased from the browser's memory. Although it's impossible to navigate to new pages in your account or perform transactions once you log off, the browser's Back button may allow others to see pages you visited before you logged off.
  • Avoid accessing your accounts from a public computer because of the possible presence of spyware or viruses. If it is absolutely necessary for you to view your account on a public computer, or on a computer you feel is at risk of being used without your permission, you should clear the browser's cache when you finish your session. Clearing the cache will prevent others from being able to read web pages you've visited.
Top

How do I clear a browser's cache?

A browser's cache is a temporary storage location on a hard drive where recently visited web pages are stored to allow faster web surfing. Please refer to the specific browser's User Manual or help files for instructions on how to clear the cache.

Top

Why do I get the message "The page cannot be displayed" when I try to access a secure page?

This error message usually means that a networking error has occurred on the computer. To verify this, try to access another website. If you receive this error from other websites as well, the error is probably a general error with the computer's Internet settings. You may wish to read a Microsoft® article describing troubleshooting steps for this error.

Top

Why do I get the message "Warning: Page has expired"?

When you click the browser's Back button, the browser is sometimes unable to show you the previously viewed page. In these cases, the browser displays the "Warning: Page has expired" error message.

Browsers have this safeguard in place to prevent forms in web pages from being submitted twice. For example, this safeguard prevents you from buying a second, unwanted copy of an item by going back to the web page on which you bought it.

If you're trying to view a previous page and receive this message, try returning to the page using the website's in-page navigation rather than the browser's Back button.

Top

Why doesn't anything happen when I click a link?

You may need to allow extra time for a page to appear in the browser after you've clicked the link. Some pages may take as long as a minute to load, depending on the complexity of the transaction.

If the browser becomes unresponsive, close it and try again.

Top

464432.1.0