Develop strong passphrases, which are different than passwords. A passphrase may contain multiple symbols and spaces, is typically a long string of characters and is not grammatically correct.
- Create a user ID and passphrase used only for MyGuideStone® or the GuideStone Employer Access® Program (EAP).
- If one of your user ID’s or passphrases were compromised, maintaining multiple passphrases on different platforms limits the likelihood of cybercriminal success.
- Do not share your user ID and passphrase with anyone.
- GuideStone® will never ask for your passphrase via email, text or over the phone. Your passphrase is encrypted, even from GuideStone employees.
- Create a strong passphrase that cannot be guessed.
- Use upper- and lowercase letters, numbers and special characters when creating a passphrase. Do not use your name, email, birthdate, or any other personal information.
- Avoid using sequential or repeating characters (e.g., ABCD or 7777).
- Change your passphrase regularly.
- If you change your passphrase, then older passphrases that may have been compromised without your knowledge will no longer be valid.
- If you haven’t changed your passphrase in a while, consider changing your passphrase now.
Update your profile with a mobile phone number.
- Allows for multi-factor authentication via text
- This adds an extra security step for select transactions.
- Enables security text alerts to your phone
- GuideStone can immediately notify you when certain activity occurs.
Enroll in Voice Biometrics.
- Adds an additional layer of security when speaking with GuideStone.
- Voice Biometrics provides the same level of security as fingerprint and facial recognition technologies you already use on you cell phone, tablet, and other devices.
- Our Voice Biometrics creates a mathematical representation of your voice. No actual recordings of your voice are stored.
- Call GuideStone and ask about enrolling in Voice Biometrics. The process only takes a few minutes.
Safeguard your mobile device.
- Password-protect your device or enable biometric security (fingerprint, facial recognition, etc.) if available.
- If your mobile phone no longer has a network signal or allows only emergency calls, it may have been hacked using a technique called Subscriber Identity Module (SIM) swapping or phone porting. Contact your mobile phone carrier immediately.
- Ask your mobile phone provider about setting up a PIN so they can verify your identity when you contact them.
- Do not download apps to your phone outside of the official app store.
- Keep your mobile phone operating system and apps up-to-date.
Secure your email.
- Fraudsters often target your email accounts to steal your contact information or to read your email — including your most frequent business transactions and company relationships. If they have breached your email account, fraudsters can potentially have any email you receive copied and forwarded to them.
- Enable multi-factor authentication on all your email accounts if your email provider offers it.
- Review unsolicited emails carefully. Never click links or attachments in unsolicited emails or texts, especially those warning you to take immediate action.
- Create an email account used only for financial relationships.
Secure your home computer.
- Fraudsters can install malware or viruses on your computer, allowing them to track your activity or even remotely take it over.
- Install antivirus software on your computer, setting up automatic updates and regular scans of your machine. Some internet providers include software as part of their service.
- Keep your computer operating system and other software programs up-to-date.
- Do not grant anyone remote access to your computer. A fraudster could install malware or viruses and maintain control of your computer without your knowledge.
Enable strong Wi-Fi security for your home network.
- An unsecure wireless network is an open door for fraudsters to access sensitive information about you.
- Ensure the network is password-protected with a strong password, not the default password supplied by the router.
- Avoid sharing the password with guests, and create a separate guest network for them that you do not use.
- Ask your internet provider about other ways to increase security on your wireless network, such as device-level access.
- Avoid public Wi-Fi access points when interacting with sensitive data such as checking email or entering login credentials. These public Wi-Fis are convenient but also vulnerable to malicious software that can steal your login credentials and monitor your activity.
Be cautious of phishing attempts.
- Mouse over the sender’s email address to confirm legitimacy.
- Using phishing emails and texts, fraudsters will attempt to disguise their messages to look like correspondence from legitimate companies. These messages contain fraudulent internet links or malicious file attachments.
- Hover over links to read URL addresses before you click.
- Phishing emails and texts can be hard to spot. Be careful responding to or clicking on any links unless you are sure that the message is legitimate.
- Navigate directly to an organization’s website through a new browser window instead of clicking on any link in the message.
- Report any suspicious messages you receive that claim to be from GuideStone.
- We may ask you to forward the message or include it as an attachment so our Security team can investigate. Let us know if you clicked on any links or entered any personal information on a website.
- Learn more about phishing from the Federal Trade Commission (FTC).
Monitor account activity.
- Review your accounts at least monthly for unauthorized activity.
- You know your account activity better than anyone else. Contact us if you see anything unusual.
- Don’t opt out of security text alerts.
- This is the quickest way you can be notified of unauthorized activity.
- Keep your contact information up-to-date.
- Updated information enables us to contact you quickly and send information to only your current address.
- View your credit reports.
- You are entitled to a free credit report each year from each of the following three agencies: Equifax®, Experian and TransUnion®.
Browse the internet safely.
- Log out when finished.
- This prevents fraud when moving from one website to another.
- Beware of spoofed websites.
- Do not click on suspicious links in an email or text message.
- Use a saved bookmark or type the web address yourself.
- Make sure the website is “s”ecure by looking for the “s” in “https://”, which is at the beginning of most website addresses.
- Look for a locked padlock next to the web address in your browser, which indicates the website certificate.
- Always use the most up-to-date version of your web browser. Most browsers can be set to update automatically.
Use social media networks wisely — think before you share.
- Oversharing can put personal information at risk. Social network profiles are often available to the public. Fraudsters search the internet for personal details about you. With enough personal information, fraudsters may be able to convince others that they are you. Furthermore, if you share your location or travel plans online, criminals will know when you are not at home, leaving your home at risk.
Use our Cyber Protection Checklist for a printable PDF document listing steps you can take to mitigate cyber fraud.