1. Don’t let your important documents (e.g. passport, driving licence) and credit/bank details get into the wrong hands and don’t issue photocopies of such documents unless you really have to. Take out document/card insurance such as CPP to assist if these documents are lost/stolen.
2. Don’t use a PIN number with a value that an attacker could find out – using your birth date is asking for trouble and change PINs on a quarterly basis – sooner if instinct tells you to.
3. Use your hand to shield against overlooking your PIN number when using a shop’s card machine.
4. Subscribe to a service such as Equifax to keep an eye on your credit record – if you get black marks, you can quickly track if they are yours or an attacker’s and take action.
5. Use a password safe such as “Password Agent” or similar on your PC to store credit card numbers, bank information, username and passwords for web sites, etc – don’t have them on your PC in plain text.
6. Always read the warning messages that appear when you login to your bank – they are there for a reason!
7. Never click a hyper-text link in an e-mail purporting to be from your bank, credit card or any organisation with which you have credentials that could be stolen. Open your browser and use your favourites, or manually type in the bank or other address (not the address that is in the e-mail) - this will stop you from falling prey to phishing attacks.
8. Never open e-mail attachments – first scan them with anti-virus software to make sure they don’t have a malicious payload. Turn off the preview pane.
9. Always use a personal firewall, anti-virus and anti-trojan software on your computer, select strong passwords and use the best security you can for PDAs & mobile phones. Never use a public PC for anything private or sensitive.
10. If using wireless networking, use an SSID that doesn’t identify you or the location, disable SSID broadcast, use MAC filtering, don’t use DHCP – use static IP addresses instead, use WPA-PSK as a minimum and make sure the router has a strong password set for administrative access.