Security Practices

Always choose strong and secure passwords for your email, financial services and online banking accounts, and online portals. They should meet the following criteria:

• Be at least 8 characters long;
• Contain a combination of uppercase, lowercase alphanumeric characters, and special characters
  
• Avoid having the password using guessable information such as login user-id, personal telephone number, birthday or other personal information.
• User password should be kept confidential and not be divulged to anyone.
• Avoid having the same passwords for different accounts, and practise good housekeeping by changing your passwords regularly.

Disable the file and printer sharing function in computers unless necessary, especially when they are connected to the internet. Be cautious and do not install software, run programs or media of unknown origin.

Avoid downloading or using content from questionable, suspicious or illegal sources such as Torrent sites or pirated media. These sources often distribute media files that contain viruses that may compromise your security.

Update and patch your computer's operating system and anti-virus regularly to ensure you are protected against new threats and vulnerabilities.

Lastly, always do regular back-ups of your important and sensitive information.

When setting up your home wireless networks, do remember to secure your home wireless networks using WPA-2 encryption and choose a strong WPA-2 encryption key. Avoid using WEP as this is not secure.

Also, please avoid carrying out online banking, financial transactions or transacting any sensitive information if you are using a public Wi-Fi network or any untrusted Wi-Fi network. Such data transmissions and transactions may be vulnerable to malicious users accessing these same public or untrusted networks.

Always enable a screen-lock for your mobile devices. There may be confidential and private content on your devices and the last thing you want are uninvited guests viewing them!

"Jail-breaking" your phone or installing software, running programs or viewing media from questionable or illegal sources is also strongly discouraged. These acts may override existing controls designed by the manufacturer to protect your security and confidentiality.

Data Synchronization of Mobile Devices can be Dangerous. Some smart phones have features that allow data synchronization between mobile device and cloud services in near real time. For users who had enabled the data synchronization, sensitive information sent via SMS or emails by financial institutions (FIs), such as one- time passwords (OTPs) , could be accessed by criminals if their login credentials to the cloud services have been compromised.

Synchronize Only as Needed - to synchronize the files on needed basis only.

1. Only download and install applications from the official application stores (i.e., Google Play Store for Android). As an added precaution, check the developer information on the application listing, as well as the number of downloads and user reviews to ensure it is a reputable and legitimate application.
    

2. Disable the option to “Install Unknown App” or “Unknown Sources” in the mobile settings.
    

3. Exercise caution when clicking on advertisements embedded within applications that lead to third-party website prompting files downloads.
    

4. Do not grant permission to persistent pop-ups that request for access to your device’s hardware or data.
    

5. Ensure that mobile devices are installed with updated anti-virus/anti-malware applications that can detect and remove malware.
    

6. Regularly update the mobile devices’ operating systems and applications to benefit from the latest security patches.

It is also important to keep online security in mind when at the workplace. Use only company-issued external storage devices such as thumb drives or external hard disks for work-related file transfers.

Do put the external storage devices into a SECURED & LOCKED drawer or cabinet.

Never attempt to connect your personal devices or devices of questionable origin onto your company computers. The device drivers embedded may contain malware that may compromise your company's security.

Singlife will never ask for your login credentials FOR ANY REASON. NEVER DIVULGE YOUR LOGIN CREDENTIALS SUCH AS USERNAMES, PASSWORDS OR PIN NUMBERS TO ANYONE WHO CLAIMS TO BE A REPRESENTATIVE OF SINGLIFE.

Should you forget your login credentials, you may submit a request to reset your password by clicking on the "Forgot Password" link at the login page of the Singlife portal that you are at. An email with a temporary password will be sent to your personal email account registered with us. You may also contact us to assist you with resetting your login credentials.

As above, please protect your email accounts, especially for web-based email services like Gmail, Hotmail and Yahoo! Mail with strong passwords. Use a reputable and trusted email client, and ensure email clients are using secure protocols like TLS 1.2.

Be extra careful with unsolicited emails and email attachments of unknown or questionable origin; we strongly recommend deleting them and not opening them at all!

Never disclose any personal or financial information to people you don't know. If sending confidential or important attachments, protect them by using a trusted compression utility and a strong password. Thereafter, always send the passwords to these protected attachments separately to the recipient via a different mode of communication, for example by SMS or a phone call.

When accessing your Singlife account, online banking or other sensitive sites, ensure that the "HTTPS" protocol is enabled. You can identify this from the "Green Lock" on the address bar of your web browser.

Always use trusted software, web browsers and anti-virus and firewall software on your devices, and update them regularly.

Do end your online sessions properly by logging out of portals and accounts, and clear the browser cache after that – this reduces the risk of a stranger using the device after you and assessing your accounts and visited web-pages. Thus, where possible, do not perform online transactions on public computers or across public Wi-Fi access points.

Avoid enabling the internet browser option for storing or retaining user name and password of the websites. This is to reduce the risk of malicious user using the stored login credentials to perform illegal / unauthorized transactions.

Browse only trusted sites and avoid visiting sites of questionable origin. And never disclose personal or financial information at little-known or suspicious websites.

For Singlife, inform us immediately when you have changed your phone number so that we can update your records. Otherwise, you may not be able to receive the OTP passwords to allow you to login to our portal.

Never share any OTP SMSes with anyone. Your OTP SMSes are private and confidential, and is provided to allow ONLY YOU to be able to access a company's secured sites and services. This is the same for Singlife.

With online shopping and online transactions gaining widespread acceptance and popularity, it pays to be extra careful with how and where you use your credit cards on the internet.

Only use your credit card for online shopping using a trusted computer or mobile device, and do your online shopping with reputable online vendors.

Using untrusted computers or devices, such as cybercafé computers, or a jail-broken phone, may compromise your security. Similarly, never divulge credit card or debit card numbers, card holder name, CVV numbers and any credit card information to little-known or suspicious websites or persons. These untrusted devices and websites may collect your credit card information and send them to unauthorized parties (with malicious intent!) without you knowing.

Finally, your credit card issuing bank should be your first point of contact if you suspect that a fraudulent transaction has taken place, or if your card details have been leaked or stolen. The hotline number may be found at the back of your credit card or the issuing bank's official website. In most cases, the bank will terminate the card to prevent unauthorized transactions from occurring.

The Cyber Security Agency (CSA) is the national body overseeing cyber security strategy, education and outreach and industry development in Singapore. It is formed by the Infocomm Development Authority of Singapore (IDA) and like-minded partners from the public and private sectors in April 2008.

We encourage every Singapore Life customers to visit the CSA website at CSA | Gosafeonline to learn more about how best to reinforce your personal cyber security against cyber threats.

If you have any questions regarding how Singapore Life protects the cyber security well-being of our customers, please write to us at [email protected].

If you've shared OTP information with a third party and would like to report an alleged scam or fraud attempt, please send an email to [email protected] with the following details:

• Approximate time and date of the alleged scam or fraud
• Communication channel used (i.e., SMS, email, etc.)
• A copy of the scam or fraud message, if available