Your steps

There is much that your business can do to protect itself, and its users, whilst online. Some of these measures are simple; others may require a little time invested, or additional help from a PC support resource.

If nothing else, the business should be guided by five golden rules.

1. Make sure you have the latest security updates and patches
2. Install anti-virus software
3. Use personal firewalls
4. Read our password advice
5. Use an anti-spyware program

Please also read the detailed information below:

• Keep user details and identity secure
• Keep passwords secure
• Keep your computer/network secure
• Keep your Internet Banking session secure
• Keep your email secure

Keep user details and identity secure

Identity theft is the act of stealing or using an individual's personal information without their knowledge or consent, for example, to illegally make purchases, or to gain access to funds.

Reduce risks and protect information in all financial dealings, whether over the Internet or during your normal banking activities, by following these tips:

Top Tips

1. Get wise to online fraud
   Be aware that there are phoney web sites designed to trick users into providing their personal information. Sometimes links to such web sites are contained in email messages purporting to come from financial institutions. Try whenever possible to use a known web address, or use a Favourite, to access bank pages as the “embedded link” can easily take a user somewhere else.
   
   
2. Change passwords
   Always tell users to immediately change passwords that may have been compromised.
   
   
3. Contact the bank if you think that Internet banking passwords have been compromised
   
   
4. Password protect your computer/network
   Use passwords on computers to prevent unauthorised individuals from accessing company information. If you are unsure how to do this, you may need to refer to your PC support provider.
   
   
5. Disable the 'AutoComplete' function within your browser(s)
   This helps prevent others from seeing any sensitive information. On Internet Explorer, for example, the ‘AutoComplete' function remembers data that has been input, sometimes including passwords. Typically, the browser's Help function will provide guidance on how to disable the 'Autocomplete' function.
   
   
6. Buy online from well known companies – and only provide bank information during secure sessions.

Back to top

Keep passwords secure

Passwords are one of the keys to online account information. Your HSBC Internet banking password and digital certificate permit access to the bank accounts.

Top Tips - ensure all users are aware of the following password tips

1. Keep them private
   Do not be tempted to share your passwords with anyone.
   
   
2. Be unique
   Try and create passwords that are unique, and that cannot be easily guessed by someone else, e.g., don't use your children's or pet's name, home telephone numbers or favourite sports team.
   
   
3. Mix letters, numbers and symbols
   Passwords containing letters, numbers and symbols are far harder to guess.
   
   
4. Be different
   Avoid using the same password for different services.
   
   
5. Never write them down
   If you really do need to record a password then use a code system, e.g. transpose some of the letters.

No one at HSBC will ever ask you for your Internet banking password. If someone does ask you for it – he or she does not represent HSBC.

Back to top

Keep your computer/network secure

The Internet offers hackers the opportunity to access your systems. Whilst the probability of this happening may be small, the impact could be major. There are a number of key steps you can take to protect your business.

Make sure you have the latest security updates and patches

From time to time, vulnerabilities are discovered in operating systems and browsers. Before the publisher can release a security patch to correct these weaknesses, they can be exploited by virus writers and hackers to gain unauthorised access to those PCs that have not been patched.

To check for patches and updates you should visit the publisher's website, typically within their Download section.

Microsoft users can visit: http://windowsupdate.microsoft.com which can automatically check what is required for their operating systems and browsers and then download it.

Install anti-virus software

You may already be using anti-virus software but to be effective the software should be updated on a regular basis with the latest “virus definition” files. If you are unsure how to do this, you should refer to the program's own Help function.

There are many effective programs to choose from, but the most common commercial products are from McAfee, Symantec (Norton) and Sophos.

Use personal firewalls

A firewall is a small program that helps protect your computer and its contents from outsiders on the Internet. When properly installed it stops any unauthorised traffic to and from your PC.

There are many effective programs to choose from. Common commercial examples are from Zone Labs , Symantec (Norton), McAfee and Computer Associates .

Read our password advice

Passwords are one of the keys to online account information. Your HSBC Internet Banking password and digital certificate permit access to the bank accounts.

Top Tips - ensure all users are aware of the following password tips

Keep them private
Do not be tempted to share your passwords with anyone.

Be unique
Try and create passwords that are unique, and that cannot be easily guessed by someone else, e.g., don't use your children's or pet's name, home telephone numbers or favourite sports team.

Mix letters, numbers and symbols
Passwords containing letters, numbers and symbols are far harder to guess.

Be different
Avoid using the same password for different services.

Never write them down
If you really do need to record a password then use a code system, or transpose some of the letters.
No one at HSBC will ever ask you for your Internet Banking password. If someone does ask you for it, he or she does not represent HSBC.

Change passwords
Always tell users to immediately change passwords that may have been compromised.

Use an anti-spyware program

Spyware is the term used to describe programs that run on your computer for the purpose of monitoring and recording the way in which you browse the web and the internet sites you visit. For example, spyware can combine information about your online behaviour with that of many other users in order to generate market research data. This information can be bought and sold by companies interested in improving the way websites are designed and how the internet is used.

You may or may not wish for your internet usage to be monitored in this way. In addition, just as spyware can be used to improve the online experience it can also be used to extract personal information that you have entered, including passwords, telephone numbers, credit card numbers and identity card numbers.

Spyware is often loaded onto a PC as part of a free download of another service - for example a service that claims to improve the performance of your PC. Sometimes your agreement to the download is requested in the small print, but spyware may also be loaded onto your PC without your agreement or knowledge.

Spyware is not the same as a virus in that it only records what you do rather than altering how your machine works. Because of this, anti-virus software is not effective in identifying and removing spyware; you will need to download and run a specialised anti-spyware program.

Anti-spyware security software currently available include McAfee, Spybot Search and Destroy, AdAware, Spyware Eliminator, Spyware Doctor and Microsoft antispyware. We strongly recommend that you install and use a reputable anti-spyware product to protect yourself against spyware on your PC.

Please visit www.banksafeonline.org.uk for further independent information on this topic.

Top Tips

1. File extensions
   Most operating systems use file extensions. For example, a word document ends with .doc and a photo image may end with .jpg
   
   By default some operating systems do not show these extensions. Whilst this presents cleaner looking file names, it also provides viruses with a means to hide. Any file that appears to have a double extension is almost certainly a virus and should be deleted. Use your computer's Help function for further instructions.
   
   
2. Ensure that all users are wary of opening unexpected email messages with attachments
   The most common way for a virus to spread is via email. Some viruses send copies of themselves to everyone in the infected PC's address book. This means it could appear to come from someone that you know.
   
   Never open an unexpected email attachment that contains a file ending with .exe, .pif, .vbs as these are commonly used with viruses.

Back to top

Keep your Internet Banking session secure

You should ensure that you and your users are aware of potential pitfalls and know the best way to deal with them. There are two key areas to focus on.

Logging in

Ensure you enter your correct password(s) without the details being inadvertently disclosed to someone who may be looking over your shoulder.

Logging off

Always remember to log off Internet Banking and close your browser when you have finished your online banking. This will clear all traces of your visit from the PC's memory.

Top tips

1. Memorise the keys to your access
   Your User name, password and digital certificate are your keys to accessing our online services. Only the right combination of these allows you access.
   
   
2. Don't use links to access our site
   Always enter the web address or use a Favourite. Do not use a link in an email as this may take you to a phoney web site, albeit one that looks like ours.

Back to top

Keep your email secure

Generally, email that is sent or received through a regular email address (e.g., yourname@yourbiz.com) is not secure or encrypted to protect the contents. Therefore, any sensitive information included in an email is at risk of being intercepted by unauthorised individuals. Never send Internet banking user names, passwords or digital certificates by email to anyone.

Top tips

1. Never send sensitive information by email
   Don't answer any unexpected email requesting personal information.
   
   
2. Be wary of opening unexpected email messages with attachments
   A common way for a virus to spread is via email. Some viruses send copies of themselves to everyone in the infected PC's address book. This means it could appear to come from someone you know.
   
   Never open an unexpected email attachment that contains a file ending with .exe, .pif, .vbs as these are commonly used with viruses.
   
   
3. Review your Internet Service Provider (ISP)
   Many ISPs now offer a range of services that include virus protection and spam email filtering of incoming email messages.

Protect your business – even when you are offline

Even when you are offline, there's much you can do to protect your business. This centres on keeping private information strictly private .

Top Tips

1. Keep details safe
   Don't be tempted to share User names, passwords or other unique personal identifiers with someone else.
   
   Don't provide personal information over the phone, or to a web site, unless the source has been verified, or unless you made the call yourself. HSBC would never ask for Internet passwords over the phone.
   
   You should remember your passwords. Do not keep any record of them in your wallet or purse.
   
   
2. Read your statements
   Review your bank and credit card statements for any unusual transactions or withdrawals and notify the bank immediately if you suspect any discrepancies.
   
   
3. Notify your bank of any changes
   Tell us of any changes in your business details (e.g. address change).
   
   
4. Store bank documents such as statements and cheque books in a safe place

Back to top