Citco Security Center

Citco Security Center

The security of our client’s information is always a priority.  We have many security controls in place with regard to our people, processes and technologies (including dual-factor authentication) to help keep your information safe.  You can be assured that we are committed to protecting your personal information entrusted with us.

Working with Citco:

  • Citco will never request personal or private information from you in an email.
  • If you’re concerned that an email you’ve received from Citco might be fraudulent, or you want to confirm that the email originated from Citco, we will be more than happy to help you verify that it is legitimate.  Contact your Citco representative or refer to the contact details in last section.


There are also certain steps you can take to keep safe online. Kindly consider them carefully.

CITIC0604 blue   Protect your computer and mobile devices

CITIC0604 blue   Protect your online identity and accounts

CITIC0604 blue   Know the signs of phishing

CITIC0604 blue   Report an online security issue to us


Protect your computer, network and mobile devices

By ensuring the security of your computer and mobile devices, you can reduce the risks of your personal information falling into wrong hands. As your first line of defense, here are things you can do to help prevent your computer, network and mobile devices from being hijacked.


CITIC0702 blue  Regularly update your OS, anti-virus, anti-spyware and use spam filters

Always make sure you run the current version of OS and patches, anti-virus and anti-spyware on your computer or mobile device. Using good spam filters also helps in blocking emails that may contain malwares. Malicious software, or also known as malware, can put you at risk for identity theft, including recording keystrokes and capturing personal information such as passwords and usernames.


CITIC0702 blue  Protect your home wireless network

Most often, the default configuration on a home wireless network is not secure and configured with a low level of encryption. You should enable strong encryption and be sure to change your router’s default password.


CITIC0702 blue  Use the right firewall for your computer

Generally, computers already have a firewall and it is automatically turned on. However, you may still want to check your firewall settings by referring to support pages for your computer’s operating system.


CITIC0702 blue  Password-protect and encrypt your device

In case someone steals or finds your device, make it harder to access information stored there. Check the section below for tips in creating strong passwords. Almost all smart phones and other mobiles devices to date are also equipped with device encryption features


CITIC0702 blue  Be wary of unknown sources or senders of software downloads, emails and attachments

Download software from trusted sources only, and open emails and attachments from known and trusted senders only. Cybercriminals commonly send viruses and malwares thru legitimate-looking emails and trick users into downloading seemingly harmless software.  Consider using a browser plug-in or proxy service to report on the safety of web sites.


CITIC0702 blue  Be smart when using wireless networks

Make sure you are using a legitimate Wi-Fi hotspot, not one set up by hackers.  An employee of the airport, restaurant or coffee shop you are in, will be happy to tell you what name to look for. Also, do not transmit sensitive data over public or open Wi-Fi.  For example, never check your accounts or send confidential emails.  The risks are just too great.


CITIC0702 blue  Always log out of your session

Always log out of your account when you are done with it. This helps protect your information from people snooping around the web. Also, if you're on a shared computer or public computer, logging out when you are done prevents other users from using your account.


CITIC0702 blue  Lock your device

Most devices and smartphones can be configured to autolock and require a passcode or password to unlock it. Use this feature whenever possible.  They may also be configured (or invest in software) to automatically wipe the device in the event of too many incorrect password attempts.  In some cases, you may be able to locate your device using its GPS.


CITIC0702 blue  Test for vulnerabilities

Have your network and systems periodically tested for vulnerabilities.


CITIC0702 blue  Educate!

Educate your employees with regard to the latest security threats, especially phishing and BEC scams.  Employees have become the last bastion or last line of defense; they are the firewall and are the most vulnerable to attack.

 

Protect your online identity and accounts

Hackers and perpetrators of identity theft and fraud are constantly coming up with ways to steal your personal data – includes tricking you into giving it to them willingly or unwittingly. The steps below will help you fight any advances the cybercriminals are making in order to grab your personal data.


CITIC0702 blue  Create strong passwords and keep them private

Here are five tips for creating strong passwords. We highly recommend you follow them, whether in your personal or business life.

    1. Strong passwords are at least eight characters long.
    2. Use upper- and lowercase letters, numerals, and at least one special character (such as ! or @) in your passwords
    3. Devise a “pass-phrase” that makes sense to you. For example, to turn “quick red fox” into a strong password, use it this way: qu1ckREDDfox! Not only do you have a strong password, it also helps you commit the password to memory or use a password vault or password keeper.
    4. Avoid using one password for all. If a hacker somehow learns, for example, your email password, then the first thing he’ll do is see if it’s also your banking and credit-card password.
    5. Never tell anybody your password. Never write down a password. Even just a risk of revealing it renders a strong and unique password useless.

And don’t use the same password for multiple systems!


CITIC0702 blue  Check your web browser is in secure session

Before making transactions online, or providing your personal information online, look for https at the beginning of the website address. The “s” in https stands for ”secure” and this ensures you are sending information encrypted to the target computer (this does not guarantee though that the computer you are accessing is legitimate). You should see https persists in pages or otherwise it may not be secure.


CITIC0702 blue  Be careful of who is asking you for information

Be aware of phishing emails, online scams, web sites, phone calls and other means that cybercriminals use to steal personal information. Be suspicious of emails demanding you to act urgently and asking for your personal data such as usernames, passwords or PINs – even if it seems to be from someone you know. Never click any links or download any attachments on the suspicious email. See the section below for tips on how to spot phishing.


CITIC0702 blue  Don’t reveal too much

Avoid oversharing your personal information on social media sites. Don’t provide information about your physical address, where you work or attend school. Never reveal personal information that might be the answer to a secret question used to reset your password.

The trick is to treat your personal data as you would your money.


CITIC0702 blue  Monitor your account regularly

Taking time to look at your account information, at least once a month, will help you detect and address any suspicious activity before it can cause serious damage. Watch out for any indication that your identity may have been stolen or your accounts may have been tampered with. Also, staying vigilant goes hand in hand with acting quickly. Once you have suspected your account has been compromised, report it to us immediately. For contact details, refer to the last section.


CITIC0702 blue  Never reveal your government ID number

Never provide this information unless you have initiated the contact with the person or company that has requested it and have confirmed their identity.


CITIC0702 blue  Use strong authentication

Many institutions offer dual-factor authentication.  During the authentication process, you will be prompted for additional information such as a one-time-passcode sent to you via SMS or email.  You should choose to use strong authentication whenever available


Know the signs of phishing

Phishing is a scheme that uses legitimate-looking emails and phony websites to trick you into disclosing personal information. It is likely to be phishing, when it:

  • Offers you money.
  • Threatens some dire consequence if you do not immediately log on and take action.
  • Threatens to close or suspend your account if you do not take immediate action by providing specific information about you or your company.
  • Requires you to enter organizational or personal information directly into the e-mail or submit that information some other way.
  • Solicits your participation in a survey where you are asked to enter personal information.
  • States that your account has been compromised or that there has been third-party activity on your account and requests you to enter or confirm your account information.
  • States that there are unauthorized transactions on your account(s) and requests your account information.
  • Asks you to enter your UserID, password or account numbers into an e-mail or non-secure webpage.
  • Asks you to confirm, verify, or refresh your account information.
  • Directs you to a screen that asks you to provide additional data beyond your normal login information.
  • Asks you to validate account information for banking systems you do not use.

If an email seems suspicious, do not open it, click links within it or respond to it. Simply delete it from your inbox.


Report an online security issue to us: 

CITIC0503 blue              USA:

 

1.800.457.2251

CITIC0217 blue

   webhelp@citco.com

Ireland:

 

1.800.570015

 

 

UK:

 

08.001693105

 

 

SNG, HK, MNL:

 

1.800.48480000 Then press ‘1’