Welcome to Windsor Federal Savings!

	250 Broad Street Windsor, Connecticut 06095 860.688.8511



>	Online Banking for Consumers

>	Online Banking for Businesses

>	eStatements

>	Demo - Online Banking


>	Enroll in Online Banking

>	Online Banking Security - Multi-Factor Authentication Solution

>	Online Banking Security - Anti-Phishing Solution from Comodo

>	Frequently Asked Questions (FAQs)

>	Online Best Practices

>	Contact Us

>	Privacy Policy

>	Home

Windsor Federal Savings -
Best Practices for Consumers to Stay Safe Online

The Internet is a fantastic resource for everyone. It's great to go shopping in our slippers and make contacts around the world in minutes. But there are dangers we all have to recognize. Can we really trust a site asking us for our financial information? And just who are these new business contacts we're cultivating? And how trustworthy is that site selling the latest MP3 gadgets?

The fact is that online fraud is growing by 30% annually. Not to mention the fraudsters are becoming more and more sophisticated every day. Email scams are virtually unlimited.

Shopping online may feel like digital Russian roulette. You are at a site that has exactly what you are looking for, but you wonder... are they a legitimate site? ... will you be able to get redress if you have a problem? ... will this transaction leave your PC vulnerable to viruses? ... will your personal information be safe? You think you have no way to check their "trust credentials" and unless you are at a "big" site you may not feel safe shopping with them.

These best practices put control of your Internet activities back in your hands with technology, tools and information that let you assess the trustworthiness of the sites you are visiting. In fact, with these simple practices, your online shopping experience will reach a new level of identity and trust assurance that you have never been able to achieve before.

Seven Best Practices that every Consumer should know to ensure identity and trust assurance on the Internet - because
in a virtual world, you can't trust virtually everyone.

1) Verify the authenticity of a web site with a new, FREE web content verification tool - Comodo's VerificationEngine� - "Green is Good to Go".

The facts:

In a world where a million web sites are created every single day and you get lots of emails asking for your sensitive information, you need to establish the legitimacy of entities with which you are interacting. Now you can have it, for free, with VerificationEngine (VE).

This tool allows you to verify that specific content is legitimate to the website it claims to be. So for instance, if you go to a PayPal site from an email notice, with VerificationEngine, you can verify that the site is really from PayPal (or eBay, or your favorite bank).

With VE installed, simply place your mouse over the company logo/name and if a green outline appears around your screen, the site is verified as coming from the company it claims to be. Green is Good to Go!

Simply go to www.vengine.com to download and install Comodo's VerificationEngine plug-in for free (a very small file that is less than the size of an average HTML email).

2) Make sure your emails can be trusted and have not been tampered with.

How can you ensure that people really know that it was you who sent an email to them and that the email was not intercepted during transmission?

The only way to guarantee this is to digitally sign your emails. Download a free Comodo email certificate to assure people that your email is really from you. Ideal for those sensitive and confidential transactions.
All you do is go to www.comodo.com/free-e-mailcert for your free email certificate.

3) Keep your passwords safe.

First, pick "strong passwords" - that is passwords that have special characters in them, (e.g. %, ^ ) that cannot be easily guessed by a Key-logger or Trojan. Also, don't pick your birthday or your first/ last name.

Another option that is safer is to use password protection software. There are numerous solutions available to help manage all those log-ins and passwords and many allow a single click log-in to web sites. One free solution is called iVault which can be downloaded at: www.comodogroup.com/products/i-vault/

4) Get your computer protected with security solutions - Firewall, Anti Virus, Anti Spyware and Anti SPAM.

a) Use a firewall

A firewall protects you against bad hackers, some viruses and some spyware. It can also stop your computer from being hijacked and used to infect other machines or send spam emails.

If you do not have a firewall installed, in Windows XP, switch on Windows Firewall.

If you use a broadband internet connection, consider getting a router that has a built-in firewall.

For older operating systems, get a commercial firewall from a reputable company.

There are many firewall products on the market today and one free, high quality and easy to use firewall is Comodo's Personal Firewall, www.personalfirewall.comodo.com .

b) Use anti-virus software

Anti-virus software continually scans your computer for viruses. It also checks incoming email and web sites for viruses. It is not included in your operating system so you will need to get and install a copy.

Anti-virus companies include Symantec, McAfee, and Comodo. Microsoft publishes a complete list of compatible software.

Make sure your anti-virus software is automatically updated to identify new threats as they emerge.

Keep your subscription current. An out-of-date virus scanner is no use at all.

Don't open attachments in emails from people you don't know.

c) Prevent spyware

Spyware is a general term for a program that surreptitiously monitors your actions. While they are sometimes sinister, like a remote control program used by a hacker, software companies have been known to use Spyware to gather data about customers. In most cases a firewall and anti-virus software will not prevent spyware. You need additional software to keep it at bay.

Be careful about programs you download and install. Are you certain that they won't harbor unwanted extra programs or advertisements?

Don't install software from an unknown or untrustworthy source?

Be careful about which websites you visit. Are they trusted? Are they reputable?

Get an anti-spyware program and keep it up to date. Products include: Microsoft Anti-spyware, Spyware Blaster, Spy Sweeper, Spybot Search and Destroy and AdAware.

d) Filter out unwanted 'spam' email

There are a number of tactics which can reduce the volume of spam you receive.

Don't click on anything in a spam email, even to "unsubscribe." If possible, don't even open it.

Use a throwaway email address for trivial online registrations.

There are many excellent anti SPAM solutions on the market today - many of which allow you to control the security setting. A free option is Comodo's anti SPAM solution at
www.comodogroup.com/products/antispam.html.

e) A final note - Take advantage of Windows Updates

Since there are always people discovering new ways to attack computers on a regular basis you also need to update your computer's operating system (the Windows software which makes it work). This helps stop worms attacking your computer but can also deliver other performance and security improvements.

Go to Microsoft's Windows Update site and install all the recommended patches.

In particular, install Windows XP Service Pack 2 if you don't have it already.

Regularly update Microsoft Office applications.

Keep anti-virus software and other applications up-to-date.

5) Don't forget the importance of backing up your important data.

Make a regular backup of your important data, store it in a different location and periodically check that it is actually backing up the right data.
(www.backup.comodo.com)

6) Physical security is always important.

Security mark your computers and other valuables.
Keep a note of all the serial numbers.
Think about locks, window locks, alarms and so on to make your home safer.
Don't leave discarded computer boxes outside your home - it's an advertisement to burglars.
Keep laptops in a nondescript but padded bag.

7) Avoid Identity theft and fraud.

Never give anyone your user ID, PIN or password, even if they appear to be a representative of a trusted firm. (This is where VerificationEngine can take the guesswork out of verifying that the site can be trusted.)

Be particularly wary of emails that appear to come from banks, credit card or other trusted companies asking you to update your security information.
Always type the web address of trusted websites into the browser yourself. Don't click on links in emails.
Don't enter personal or financial information unless the web address starts with 'https://' and there is a small padlock in the frame of the web browser window. (If you roll your mouse over the padlock, you will see additional company information to help establish trust.)
If an email offer sounds too good to be true, it probably is.
Be wary of anything that tries to alter your dial-up internet access.

Four Best Practices that you should expect from eMerchants

If they don't follow these best practices - they might not be keeping your private information secure and private.

1) Make sure your merchant uses a High Assurance SSL Certificate.

SSL certificates are the technical term for certificates that verify that a site uses encryption when it is receiving or sending sensitive information and there is a legitimate business behind the website. You can tell if a site uses encryption by looking for a gold padlock on the bottom of any page that handles sensitive data.

But all padlocks are not the same!

While all padlocks look the same - they're not. Some SSL certificates only ensure that the site uses encryption. High assurance SSL certificates, on the other hand, perform both verification processes - the encryption and business authentication process. Both verification steps are critical for your safety because encryption without business validation is as risky as giving your house key to someone you don't know - it puts your privacy (not to mention your worldly goods) at extreme risk.

But since all padlocks look the same -- to distinguish high assurance from low assurance sites, simply roll your mouse over the padlock (if you have installed VE) and a high assurance site will list the business name and address that owns the site. A low assurance site will only include domain information and no business information.

If the site you are on only uses encryption proceed with caution.

2) Make sure your merchant performs regular vulnerability scanning of their servers.

Why do we suggest this? Even if merchants use best practice High Assurance SSL certificates on their web site to obtain personal information from you, you need to be confident that your personal and financial information is not then vulnerable to hackers at the merchant site.

Regular vulnerability scanning using HackerProof� ( www.comodo.com/hackerproof ) gives you confidence that your data is safe. How can you tell? Look for a web site trust seal indicator that shows the merchant is hacker proof.

3) Look for logos that can be verified on merchant sites.

Many sites display many logos - BBB, FDIC, credit card logos and such. But how do you verify that the site is authorized to display these logos? A Content Verification Certificate (CVC) authenticates the legitimacy of brands and logos. When a merchant uses CVC's, your VerificationEngine, can verify that content is legitimate (Green is Good to Go!), in other words, when a merchant has a CVC, you can verify that a brand or a logo or an affiliation to another business is legitimate such as BBB online or TRUSTe.

4) Ensure that your Merchant uses a Corner of Trust indicator.

By using the innovative Corner of Trust logo ( www.trustlogo.com ) across their entire site, merchants have the opportunity to demonstrate trust and assurance on every single web page, so regardless of what you are looking at, you always have the ability to check the merchant's trust credentials. The Corner of Trust lets you instantly see the site's basic trust credentials whether the online session is encrypted and if the business behind the website can be validated.