Security and you
At Aviva, we fully understand your concerns about online security and privacy. We strive to provide a safe and secure online environment for you by regularly updating our security technology, and employing a range of methods, to give you complete ease of mind. It is also important that you take measures to protect yourself. The following is a compilation of useful online security hints and tips to follow.
General security practices
Always choose strong and secure passwords for your email, financial services and online banking accounts, and online portals. They should meet the following criteria:
- Be at least 8 characters long;
- Contain a combination of uppercase, lowercase alphanumeric characters, and special characters
- Avoid having the password using guessable information such as login user-id, personal telephone number, birthday or other personal information.
- User password should be kept confidential and not be divulged to anyone.
- Avoid having the same passwords for different accounts, and practise good housekeeping by changing your passwords regularly.
Disable the file and printer sharing function in computers unless necessary, especially when they are connected to the internet. Be cautious and do not install software, run programs or media of unknown origin.
Avoid downloading or using content from questionable, suspicious or illegal sources such as Torrent sites or pirated media. These sources often distribute media files that contain viruses that may compromise your security.
Update and patch your computer's operating system and anti-virus regularly to ensure you are protected against new threats and vulnerabilities.
Lastly, always do regular back-ups of your important and sensitive information.
Using wireless networks
When setting up your home wireless networks, do remember to secure your home wireless networks using WPA-2 encryption and choose a strong WPA-2 encryption key. Avoid using WEP as this is not secure.
Also, please avoid carrying out online banking, financial transactions or transacting any sensitive information if you are using a public Wi-Fi network or any untrusted Wi-Fi network. Such data transmissions and transactions may be vulnerable to malicious users accessing these same public or untrusted networks.
Always enable a screen-lock for your mobile devices. There may be confidential and private content on your devices and the last thing you want are uninvited guests viewing them!
"Jail-breaking" your phone or installing software, running programs or viewing media from questionable or illegal sources is also strongly discouraged. These acts may override existing controls designed by the manufacturer to protect your security and confidentiality.
Data Synchronization of Mobile Devices can be Dangerous. Some smart phones have features that allow data synchronization between mobile device and cloud services in near real time. For users who had enabled the data synchronization, sensitive information sent via SMS or emails by financial institutions (FIs), such as one- time passwords (OTPs) , could be accessed by criminals if their login credentials to the cloud services have been compromised.
Synchronize Only as Needed - to synchronize the files on needed basis only.
External storage devices and other plug & play media (for corporate users only)
It is also important to keep online security in mind when at the workplace. Use only company-issued external storage devices such as thumb drives or external hard disks for work-related file transfers.
Do put the external storage devices into a SECURED & LOCKED drawer or cabinet.
Never attempt to connect your personal devices or devices of questionable origin onto your company computers. The device drivers embedded may contain malware that may compromise your company's security.
Aviva will never ask for your login credentials FOR ANY REASON. NEVER DIVULGE YOUR LOGIN CREDENTIALS SUCH AS USERNAMES, PASSWORDS OR PIN NUMBERS TO ANYONE WHO CLAIMS TO BE A REPRESENTATIVE OF AVIVA.
Should you forget your login credentials, you may submit a request to reset your password by clicking on the "Forgot Password" link at the login page of the Aviva portal that you are at. An email with a temporary password will be sent to your personal email account registered with us. You may also contact us to assist you with resetting your login credentials.
As above, please protect your email accounts, especially for web-based email services like Gmail, Hotmail and Yahoo! Mail with strong passwords. Use a reputable and trusted email client, and ensure email clients are using secure protocols like TLS 1.0 (include screenshots), and above.
Be extra careful with unsolicited emails and email attachments of unknown or questionable origin; we strongly recommend deleting them and not opening them at all!
Never disclose any personal or financial information to people you don't know. If sending confidential or important attachments, protect them by using a trusted compression utility and a strong password. Thereafter, always send the passwords to these protected attachments separately to the recipient via a different mode of communication, for example by SMS or a phone call.
When surfing the internet
When accessing your Aviva account, online banking or other sensitive sites, ensure that the "HTTPS" protocol is enabled. You can identify this from the "Green Lock" on the address bar of your web browser.
Always use trusted software, web browsers and anti-virus and firewall software on your devices, and update them regularly.
Do end your online sessions properly by logging out of portals and accounts, and clear the browser cache after that – this reduces the risk of a stranger using the device after you and assessing your accounts and visited web-pages. Thus, where possible, do not perform online transactions on public computers or across public Wi-Fi access points.
Avoid enabling the internet browser option for storing or retaining user name and password of the websites. This is to reduce the risk of malicious user using the stored login credentials to perform illegal / unauthorized transactions.
Browse only trusted sites and avoid visiting sites of questionable origin. And never disclose personal or financial information at little-known or suspicious websites.
Using 2FA authentication and One-time password (OTP)
For Aviva, inform us immediately when you have changed your phone number so that we can update your records. Otherwise, you may not be able to receive the OTP passwords to allow you to login to our portal.
Never share any OTP SMSes with anyone. Your OTP SMSes are private and confidential, and is provided to allow ONLY YOU to be able to access a company's secured sites and services. This is the same for Aviva.
Using your credit card
With online shopping and online transactions gaining widespread acceptance and popularity, it pays to be extra careful with how and where you use your credit cards on the internet.
Only use your credit card for online shopping using a trusted computer or mobile device, and do your online shopping with reputable online vendors.
Using untrusted computers or devices, such as cybercafé computers, or a jail-broken phone, may compromise your security. Similarly, never divulge credit card or debit card numbers, card holder name, CVV numbers and any credit card information to little-known or suspicious websites or persons. These untrusted devices and websites may collect your credit card information and send them to unauthorized parties (with malicious intent!) without you knowing.
Finally, your credit card issuing bank should be your first point of contact if you suspect that a fraudulent transaction has taken place, or if your card details have been leaked or stolen. The hotline number may be found at the back of your credit card or the issuing bank's official website. In most cases, the bank will terminate the card to prevent unauthorized transactions from occurring.