If a company or service you use has suffered a breach...
Change your password for that account immediately.
Consider the information you share on social media sites.
Review the social media site’s privacy and security settings to control who can see your profile. Be careful what you share with others.
If a web address begins with “https” rather than “http,” it’s generally secure. Avoid financial transactions on “http” sites.
Trust your gut instincts.
Beware of web pages that imitate your operating system’s update message window. If you’re surfing the web and get such a popup, consider closing the window and the site. Then go to your operating system messages application to see if the software update is legitimate.
Avoid using public wireless networks.
Use caution if a public wireless network asks you for personal or credit card information. Consider using your cell phone's data tethering feature to access the web with your laptop or tablet.
Be wary of public computers.
Don't use public computers at locations such as libraries, hotels and kiosks to access important accounts. Software may be installed that can capture everything typed on that system, including your passwords and account numbers.
Most smartphones and tablets offer password protection and security features that let you remotely lock your device or even erase all of your data if it is lost or stolen.
Install a firewall.
A firewall on your computer and router protects your machines from unauthorized intruders.
Use updated anti-virus and antispyware.
Viruses can disable your computer, and spyware can steal your passwords and account numbers.
If you visit a website that looks questionable, leave. Some free games and free downloads are really tricks to get you to download viruses or spyware.
If you think your device has been hacked...
Change your usernames and passwords for sites you use, especially sites that may contain information about your bank accounts. Contact your financial institutions to look for fraudulent activity. Many companies can set up alerting and monitoring on your account activity.
Update software automatically.
When a computer or mobile phone company discovers a security threat, they’ll create a fix for it. Set up your systems to update software automatically for added security.
Use WPA2 when setting up your home Wi-Fi.
Wireless Protected Access 2, or WPA2, is the safety technology that helps protect your wireless connection.
Create a strong password, and change it regularly.
Strong passwords contain a mix of lowercase and uppercase letters, symbols and numbers. Don’t use a password that’s easy to guess, like “12345” or “password.”
Use unique passwords for each account.
Using unique passwords protects your online accounts. If the password for one account is hacked, the others remain safe. Focus on your important accounts first. Think email, financial and social media accounts. And online shopping accounts that store your credit card numbers.
Don't let your web browser save or store passwords.
Also, don't store your usernames and passwords on your devices. Otherwise, anyone with access to your computer can log into your important accounts.
How do I remember my passwords?
It’s OK to write them down. Just make sure you take steps to secure that list. If someone can access it, they can access all of your accounts. If you write your passwords down on paper, lock it in a drawer or safe. If you keep them in a document on your computer, give it an anonymous name (not passwords.doc) and encrypt it, if possible. If you use an app to manage passwords, such as LastPass, SplashID, KeePass or 1Password, use a very strong, unique password to protect it!
Be cautious when selecting answers to security questions.
Most sites use one or more question-and-answer combinations to reset your password if you forget it or get locked out your account. When selecting the answers for these questions, don’t use anything that’s publicly known or that you’ve posted on social media sites. The secrecy of this information is just as important as your password. You may need it to get back into your account someday, but you want to ensure you’re the only one who can do so.
At Nationwide, protecting your personal information is important. We strive to ensure that our systems are safe, secure, and available. If you have discovered a potential security issue with our systems or applications (e.g., websites, mobile apps), we want to know about it so we can fix it. In doing so, we respectfully request that you adhere to the following guidelines.
The disclosure email outlines the vulnerability, along with supporting details (e.g., executed commands, tool output, affected assets). Screenshots and video recordings are highly encouraged
Vulnerability information is not publicly released unless Nationwide has granted you permission
Contact information is provided so we may contact you with any questions
Patience is exercised as we seek to understand the best method for mitigating the disclosed vulnerability
What You Can Expect from Nationwide
Serious consideration and review of every disclosure submission within three (3) business days
Nationwide will update you, as necessary, with mitigation effort status
No social engineering or phishing attempts of any kind against Nationwide employees and contractors
No denial-of-service testing
No use of malware
No testing that may cause damage to Nationwide’s systems