Information Security Tips from MissionSquare Retirement

As our lives become increasingly more digital and technology-driven, it's important to ensure your personal information is protected from cybersecurity threats. Our MissionSquare Retirement Security Guarantee protects you from losses to your MissionSquare Retirement account(s) that are the result of unauthorized activity through no fault of your own. To ensure you're protected under this guarantee, be sure to use the security best practices below.

1. Never Give Your Password Over the Phone
   Be wary of anyone asking for your account password, claiming to need it to access your account. It is likely a cybersecurity attack. MissionSquare Retirement will never request your password for any reason.

2. Know the Dangers of Reusing Passwords
   • Using the same passwords across all online accounts increases your risk and makes a hacker's job easier — similar to providing a robber with a master key to your apartment, garage, and car.
   • When thinking of a password, don't use your favorite sports team, a family member's name, or common names. A great approach to selecting a strong password is using passphrases and then altering them for different accounts. For example, "RetirementCorp" could be altered to read "ReT!rem3ntCorp," "C0rpR3tir3menT," etc., modifying the phrase for different accounts.

3. Understand Botnets
   The term "botnet" comes from combining the words "robot" and "network." Botnets are networks of computers controlled and instructed to:
   • attack other computers;
   • send spam or phishing emails;
   • deliver ransomware;
   • install spyware; or
   • perform other similar malicious acts.
   And, all this can happen without users knowing what is occurring. Here are some basic tips for avoiding membership in a botnet:
   • Don't click on suspicious links.
   • Don't download unrequested attachments from emails.
   • Employ good antivirus and antispyware software, installed from a reputable source.
   • Avoid online ads that are telling you your computer was infected; these can be malware in disguise.
   • If you already have antivirus and antispyware software, check to see if they are activated, patched, and up to date. Perform a complete, in-depth scan.
   • Ensure your firewall is on and set it to the maximum-security level.
   • Keep all your software up to date, especially your browser, Adobe Flash, Adobe Reader, and Java applications.

4. Don't Log in Using Untrusted Computers
   Whenever possible, use only devices you own and trust, such as those at your job. At best, public computers are good for public information, such as checking the weather or news. However, uses that require a password carry additional risks. A password is only as secure as the computer or network it is used on. As such, never log into a sensitive account from a public computer, such as computers in a cyber cafe, hotel lobby, or conference hall. It is impossible to know who may have used a computer prior to each use, and whether that machine may have been infected accidentally or deliberately. Signing into accounts, such as your personal email account, could be an invitation to hackers. As a last resort, and if there is no choice other than the use of a public computer, a prompt password change at the next available use of a trusted computer would be the best follow-up strategy.

5. Avoid Using Public Wi-Fi
   Public Wi-Fi is inherently insecure. Public Wi-Fi is available virtually everywhere — in stores, libraries, restaurants, commuter trains, stations, airports, etc. — but so is the danger of using public Wi-Fi. The best advice is not to be lulled by the convenience of Wi-Fi, but to exercise skepticism and implement precautions to secure your computers, mobile devices, and personal information.
   
   If you can choose between secure and unsecure, a secure Wi-Fi network is always the safer option. But, be careful:
   • These attacker-established rogue connections often have names similar to the legitimate networks to entice unaware visitors. Always validate the spelling of the network name before connecting.
   • Wi-Fi networks may appear secure, but can include hidden features that copy and record keystrokes, as well as all your credentials and other personal information.
   • Wi-Fi networks provide convenience. They are not set to ensure confidentiality. Avoid using to access or share sensitive information.
   Avoid making any financial transactions or using credit cards on public Wi-Fi, which can provide identity thieves with valuable information. Beware of the following red flags:
   • a prompt asking you to provide personal information, such as credit card numbers
   • a prompt asking you to re-enter your username and password
   • a notice saying your web browser's security certificate is invalid
   If you encounter any of the above, log off and shut down your computer immediately, and contact a technical resource.

6. Practice Safe Online Banking
   As more and more banking is done online, you should be aware of these safe practices:
   • If possible, have two factors of authentication implemented on your mobile phone banking app and on your online account:
     • The first factor will typically be your username and password.
     • The second factor can be a response to a security question, a PIN sent via text or email, or an email asking you to click a link to confirm you own the account.
   • Regularly check your banking statements and your email for any suspicious activity.
   • Set up text and email alerts to notify you of banking transactions processed.
   • Never conduct banking from a public Wi-Fi network.
   • Disable automatic login.
   • Always log out when you are done.

7. Use Safe Online Shopping Practices
   Online shopping has made our lives easier; less waiting in lines at stores or sitting in traffic. With this convenience, though, comes the potential for credit card theft and identity fraud, among other hacker threats. Here are some tips to protect yourself:
   • Use a separate email account specifically assigned for online shopping.
   • Avoid online shopping from a device that is not yours.
   • Avoid online shopping on public Wi-Fi networks.
   • Avoid saving your credit card credentials to an online account. Although it may seem a bit tedious to type in this information every time a purchase is made, it can be of benefit if the retailer's data is compromised; your information is not saved there.

8. Be Careful When Clicking Accept
   Not everyone reads website or mobile app terms and conditions. Technology users often scroll and click "Accept" to quickly allow an application to be installed and used. However, when installing or using new software, it's best to read the terms and conditions before clicking "I agree" or "Accept" to see what is buried in the fine print. If left unread, users can unknowingly install adware that can compromise their systems to other cyber threats or give the application owner permission to access and/or share to personal information.

9. Smart Travel Practices
   It's important to secure your personal information when traveling. Below are some best practices for traveling safely and securely:
   • Avoid taking anything with your Social Security number on it.
   • Eliminate unnecessary credit cards or items that you carry that can be stolen or compromised.
   • Avoid taking your checkbook — this contains sensitive information such as your bank name, account number, address, name, etc.
   • Verify callers to your hotel room; if you receive a call asking for a credit card number from the hotel "front desk," visit the front desk in person to validate the request.
   • Avoid using public or shared computers.
   • Keep credit cards and passports in RFID-protective covers.

10. Quick Security Reminders
    • Conversations — When in public or traveling, be cautious when discussing business with colleagues. Your conversation may be overheard by others. When discussing confidential information, agree to hold off on the conversation until you can be assured of privacy.
    • Major News Events — When a major news event happens, cyber criminals may take advantage of the incident and send phishing emails with a subject line related to the event. These phishing emails often include a link to malicious websites or an infected attachment, or are a scam designed to trick recipients into divulging personal information or giving money.
    • Paper Documents — You should protect data in both digital and paper formats. Documents containing confidential information should be kept away from prying eyes, locked in a safe location, and disposed of in bins for shredding.
    • Trust Your Instincts — Common sense is often your best protection. If an email, phone call, or online message seems odd, suspicious, or too good to be true, it may be an attack.

We encourage you to review these tips periodically. Helping to protect your account and personal information is a priority at MissionSquare Retirement. Please see MissionSquare Retirement's Security Guarantee for additional information on how protect your account. Thank you for helping us keep your account as secure as possible.