Security best practices/tips
-
Secure website
- Secure Socket Layer technology is implemented to protect the
information transmitted over the internet. The website
should start with Https:// instead of Http://.
-
Protection of your personal information
- 2 factor authentication (2FA) is implemented to provide an
additional protection to prevent disclosure of your personal
information to someone else.
-
Password
- Should not share your login credentials (ie User ID and
password) with anyone. It is for your own use to enquire and
update your policy information.
- Change the password immediately when you receive the initial
password from us.
- Change regularly or if there is any suspicion that it has
been compromised.
- Password should be a combination of uppercase, lowercase
alphabets, numerals and symbol.
- Do not use password that can easily identify or relate to
you (eg date of birth or name of your close ones or
yourself).
- Do not reveal One-Time Password (OTP) generated by the
website to anyone.
- Should not choose the internet option to store or retain the
login ID and password.
-
Internet Browser session
- Clear the session’s cache and browsing history after each
session to remove your account’s information where
applicable.
-
Personal computer or device
- Anti-virus software must be installed. Virus signature files
should be downloaded regularly and keep up to date.
- Firewall should be installed and activated.
- Regularly update the security patches of your computer and
device operating system, anti-virus and firewall
applications.
- Do not use public computers or devices to access your
personal information or process transaction (eg: change of
personal particulars, bank accounts etc).
- Do not install software or run programs of unknown origin.
Security awareness
-
Malware
- Malware is a software that is intentionally designed to
cause harm and damage to a computer, server or computer
network.
- A variety of malware types exists which includes viruses,
worms, trojans, ransomware etc.
-
Malwares can be installed via
-
Free software
-
Illegal software
-
websites that you surf
-
software or programs attached in emails
-
Do not click on advertisements, pop-up links or screens and
banners while you are surfing internet.
-
Do not click or download programs, files from unknown
sources.
-
Install an anti-virus software and ensure that virus
signature files are regularly updated for protection.
-
Phishing
- It is a social engineering method where an attacker sends a
fraudulent message to trick an individual to disclose
confidential information such as personal information,
credit card numbers, bank account details.
- Upon obtaining your confidential information, attacker may
sell or use this information to perform fraudulent
transactions.
- This method can be triggered via a link in email. The link
may redirect you to a fake website that looks like a replica
of real website.
-
Protection
-
Be alert when emails, claiming to be from legitimate
source, seeking your confidential or personal
information.
-
Never input your credentials or personal information
in pop up screens from any websites.
-
Do not click on link in suspicious emails.
- In event that you identify any un-authorized transaction,
suspicious activities or security issues, please contact our
Customer Centre hotline.
-
For more phishing information, you may visit
https://www.csa.gov.sg/gosafeonline/Go-Safe-For-Me/HomeInternetUsers/Spot-Signs-Of-Phishing