Online security
If you’re worried about your risk, you’re not alone. There is a hacker attack every 39 seconds.1 Fortunately, it can be easy to reduce your risk.
Long passwords don’t have to be hard to remember
But they do need to be difficult for someone else to guess. Here are some tips on how to make good passwords:
A good password not just any password that is long that has uppercase letters, lowercase letters, numbers and symbols. It should mean something to you but appear non-sensical to others. Ideally it is a string of characters that, if shown to another person for a couple seconds, would be nearly impossible for them to recall.
Protect your retirement account by creating your own online access first
Online safety tips
- Mix it up and string it out. Use lowercase and uppercase letters, symbols and numbers, preferably 12 or more characters in length.
- Protect each account. Give strong but unique passwords to each account you own, even non-financial accounts.
- Protect every device. Creating strong passwords for web-enabled devices, including your home router, can make it more difficult for cyber thieves to get in.
- Change passwords regularly. Consider doing so every 90 days.
- Vary usernames. Your username is your “first password.” Every time you create a new online account, give yourself a new username.
- Safely store usernames and passwords. Consider software or an app that creates and encrypts longer, stronger passwords, and stores them away from your device.
- Install a firewall. A firewall on your computer and router protects your machines from unauthorized intruders.
- Use updated anti-virus software and antispyware. Viruses can disable your computer, and spyware can steal your passwords and account numbers.
- Update software automatically. Creating strong passwords for web-enabled devices, including your home router, can make it more difficult for cyber thieves to get in.
- Use Wireless Protected Access 2 (WPA2) when setting up your home Wi-Fi. WPA2 is a safety technology that helps protect your wireless connection.
- Trust your gut instincts. If you get a popup window offering a system update, open your operating system messages application to see if the update is legitimate.
- Enable screen locking on your devices. Many devices offer security features that let you lock them remotely, or even erase all data if it is lost or stolen.
- Log out and close your browser windows. Reduce the possibility of unauthorized use of an account that’s already logged-in.
- Download cautiously. Some free games and free downloads are really tricks to get you to download viruses or spyware.
- Consider the information you share on social media sites. Review the social media site’s privacy and security settings to control who can see your profile.
- Look for “https” in the web address. “Https” is generally more secure than “http.” Avoid financial transactions on “http” sites.
- Avoid using public wireless networks. Use caution if a public wireless network asks you for personal or credit card information. Consider using your cell phone as a Wi-Fi hotspot for your laptop or tablet.
- Avoid public computers. Thieves install keystroke-tracking software on library or hotel lounge computers to steal usernames and passwords.
- Know your surroundings. Limit your use of financial apps when you’re where people can easily look over your shoulder.
- Double your login protection. Enable multi-factor authentication (MFA) to ensure that the only person who has access to your account is you.
- Consider professional assistance for managing your affairs. Financial professionals and legal advisors must act in your best interest.
- Safeguard financial information. Even well-meaning family or friends can be tempted when money is easily accessible.
- Do not share account login information. If you must share your account login information, change your password as soon as the assistance is no longer needed.
- Hang up on callers requesting account information. No reputable firm calls customers to ask for login information or to test their systems by asking that money be transferred to them.
- Change your usernames and passwords for all sites and accounts. This is especially important for sites that may contain financial and personal data.
- Ask your financial institutions to look for fraudulent activity. Many companies, including Nationwide, can set up alerts and monitor your account activity.
How Nationwide defends your data
If you access your account from a device you normally don’t use, you’ll be prompted to enter a code that’s sent to your mobile device or email address. This extra-step process, known as multi-factor authentication, adds extra protection to significantly decrease the risk of a hacker accessing your information.
- In addition to multi-factor authentication, Nationwide uses multiple layers of firewalls designed to block unauthorized access and other potential security threats.
- We also use Secure Sockets Layer (SSL) / Transport Layer Security (TLS), a standard security technology that encrypts information sent to and from our site. SSL/TLS ensures that all personal information — including retirement account data, Social Security numbers, usernames and passwords — remains confidential when sent between our website and your computer.
Our security team performs daily monitoring of our computer systems, looking for security violations and unwanted intrusions. We conduct periodic IT audits of the computing environment to look for potential vulnerabilities. And we are regularly audited by third parties to ensure proper security measures are in place and working as expected.
Nationwide provides ongoing training to all employees on keeping sensitive data private and protected. In-depth, role-based training also is given to associates in unique positions to enhance security and privacy. And we comply with all data security laws.
Tier 4 is the highest rating a data center can earn for availability. Nationwide uses two data centers designed to ensure data is available no matter when you want to access it.
We’re detecting and responding to vulnerabilities and threats, defending your data 24/7/365.