Nordea logotype

Printed by user 2012.02.08

Data security

Data security instructions in a nutshell

There is a technical as well as a human side to data security. Users can actively contribute to maintaining data security in their operational environment.
Technological security solutions may prove insufficient if the users are not aware of the risks involved, or if they are careless, for example by leaving their passwords available to outsiders. Data security is not merely a technological question but consists of many factors.

However, ordinary users need not know every detail. It suffices well to know what the worst threats are and how to protect oneself against them. An overall picture of the situation and preparedness against threats are sufficient protective measures.
These instructions have been divided into two sections: summary of Netbank's security practice and general data security on the Internet. These general instructions are meant for all computer users and especially Internet users.

The instructions mainly focus on technological threats and protection against them. The purpose of these instructions is to make things understandable even to an inexperienced user. Therefore, the used terms and instructions may not be entirely fitting from the viewpoint of a data security expert. These instructions were written with the Windows operating system in mind, but they are applicable to other systems as well.

General data security on the Internet

Below is a summary of matters concerning general data security and threats on the Internet. Further information and instructions are available at www.arvutikaitse.ee (in Estonian).


Information you leave behind

Surfing on the Internet leaves log files on the computer and on the pages you have visited. Back-up copies of the documents you make are often saved on the hard disk. The programs you use keep count of the files you open in them etc. If you visit the Internet from a computer that is also used by other people, it is especially important to delete the temporary files saved by the computer.


Viruses and other harmful programs

Do not open or execute any programs unless you are certain of their safety. This applies especially to attachments to e-mail and to uploading of files from websites or execution of programs directly from websites. These files may contain different kinds of harmful programs.
Harmful programs are designed to cause harm or damage. Examples of harmful programs: viruses, Trojan horse, worm, remote control programs.


Electronic mail

E-mail is the most common distribution channel of harmful programs. If an e-mail attachment has been sent by a person you do not know, do not open the file. If the file was sent by someone you know, you can always ask about the contents of the attached file and why it has been sent to you. If he or she does not recognise the file in question, do not open the file to find out. Do not execute the attached files .exe, .bat, .com, .vbs or .reg-files, no matter who sent them or for whatever reason.
Links within a message should also be treated with caution since a harmful attachment may be disguised as a normal-looking Internet link.

Files executed from the Internet

If a file is available on the Internet, first think if you really need to upload or install it. Since uploading of files from the Internet always involves risks, you should carefully consider if it is necessary. Important things to consider include the reliability of the pages, the contents of the program to be uploaded and whether you can trust the announcement about the contents.

Protection against harmful programs

New versions of programs

At least your operating system, Internet browser and e-mail program should be updated sufficiently often. Updating means retrieving the improvements and corrections made by the provider. The software provider usually publishes updates on its Internet pages where users can upload the updates onto their computers. The program settings may also be defined to retrieve updates from specified pages at intervals.

New and increasingly dangerous security holes are found in computer programs all the time and the providers try to fill these holes as soon as they are detected. It is a kind of race involving attack and counter attack. For instance, the Code Red worm rampant on the Internet was based solely on the fact that the software had not been updated for a year. This worm succeeded in utilising the security hole and spread destruction all over the Internet. The reliability of Internet pages determines whether the user can be certain that, for example, a file uploaded from the pages does not contain viruses. Well-known pages that the user trusts and uses often (for example www.nordea.ee) can be assumed to be reliable.

Check the settings of the software you use

It is especially important to check the settings of your browser and virus protection program. Problems are usually caused by cookies, javascript and ActiveX components. On the other hand, virus protection programs do not often give instructions on what to do when a virus is detected. In addition, you should define in your virus protection program that all files are checked for viruses and not just files of a specific type.
 

Anti-virus software

An up-to-date anti-virus program is an efficient way of protecting oneself against harmful programs. Remember to check your hard disk as well every now and then. The program can also be set to run the check automatically at intervals. If your virus protection program has the option for background protection, remember to use it always.
Viruses can destroy documents or other files and send them all over the Internet. They can also secretly eat into the stability of your computer and change the content of your files etc. Viruses are a serious threat to your computer.
Your protection program may be a comprehensive package subject to a separate charge or anti-virus software available for free upload. We recommend that you use as new and comprehensive a program as possible. In that case the best option would be chargeable software.
You should update your anti-virus software as often as possible by retrieving new search strings  i.e information on new viruses. If these descriptions of harmful programs are not retrieved into the protection software often enough, it will not be able to recognise, for example, a new virus. The update of the anti-virus program can be uploaded manually from the provider's Internet pages or by clicking the Update button in the program.

Control and hindrance of traffic between your computer and the net

Firewall

By using a firewall you can define what kind of traffic is acceptable between your computer and the Internet. If you do not have this kind of a guard, any program on your computer can contact the Internet when you are online. In some cases offenders can intrude into your computer through its "holes". You may not even notice that this is happening in the background. When using a firewall it is important to define the programs that are authorised to access the Internet. Do not allow Internet access to any programs that do not require access in order to operate. A simple test is to deny Internet access from all programs and then check if, for example, your e-mail program is operational. If not, allow access for the program in question.

Protection of privacy.

Encryption ensures privacy

Reliable encryption software keeps your personal or confidential documents and other important files safe on your hard disk. To keep your e-mail strictly confidential, use encrypted e-mail. When entering your personal data, for example, in forms on the Internet, make sure that the information is transmitted as encrypted and that only the recipient of the information can read it. When you go with your browser, for example, to a net bank, the locked lock icon in the browser window (small, location depends on used browser) certifies that the connection is encrypted. You can usually obtain more information on the used encryption protocol by moving the mouse on the lock or by double-clicking the lock. Our recommendation for encryption is strong encryption.


File and printer sharing

File and printer sharing makes it possible to share the resources of a computer with other users. If the file and printer sharing option is selected and no user password, for example, is specified, the files on the computer may be accessed quite freely from the Internet. Therefore, it is very important to check that the resources of a computer linked to the Internet have not been shared.

Minimising the damage

Back-up copies

When an accident occurs, recovery may prove a challenge. Back-up copies on important documents and databases at sufficient intervals are worth gold and prevent disaster. Back-up copies should be made either on disks (files can be packed with packing software to save space) or you can burn them on a CD-ROM. The files can also be transferred to a safe place on another hard disk. Always store the back-up copies safely in another building under lock and key

When using a computer that is not yours

If you are using a computer at work/school or other premises in public use, keep these important precautions in mind.

  • Acquaint yourself with the data security policies and procedures of the premises! Find out what you are allowed and not allowed to do with the computer. Check the problems related to the system.
  • Always follow the confirmed data security guidelines and never compromise on them. You can easily jeopardise the data security of other users, and in the worst case, of the whole working place.
  • Since you have no control over a strange computer and you cannot know what has been installed on it and by whom, be very careful: never use a computer like this to process confidential information unless your work absolutely requires it.
Do not hesitate to contact persons responsible for data security or ADP if you suspect that something has occurred or is occurring, which may endanger data security, or if you recognise a deficiency in data security. Do not delay even if you have caused the problem yourself through carelessness. It is essential that the problem is located and solved quickly