You Are Responsible

It's up to you to make sure your computer is secure. The TSP is not responsible for losses from your account because you accessed your account from a compromised computer.

What You Can Do

  • Make sure your web browser meets TSP requirements: It must support Secure Sockets Layer (SSL) and 128-bit encryption.
  • Install regular updates and software patches to your operating system and to major applications that connect to the Internet or open anything sent from the Internet:
    • Internet Explorer
    • Adobe Reader
    • Java
    • Windows
    • Office
    • iTunes/QuickTime
    • Adobe Flash
  • Run a personal firewall on your computer.
  • Install and run security software and keep it updated:
    • Anti-virus
    • Anti-spyware
    • Anti-malware
  • Only use computers that you know and trust for accessing sensitive sites such as the TSP website. Don't use computers that are used for risky activities, such as file sharing, gaming, or Internet gambling.
  • Protect your passwords:
    • Use a password manager that encrypts its database.
    • Use different passwords on different sites.
    • Change your passwords frequently.
  • If your Web browser offers an AutoComplete feature, disable it. As a result, your Web browser will not save your TSP account number or Web password that you have entered into form fields on the Web.
  • Close your Web browser when you are finished accessing your account to clear your browser's memory of your sensitive account information. Click the X at the top right-hand corner of your internet screen. Logging off the TSP website will not clear your browser's memory.
  • Protect sensitive data (e.g., media on hard drives and thumb drives):
    • Use encryption software to protect against loss.
    • Securely wipe or destroy media before disposing of it.
  • Secure your wireless network.
  • Avoid using unfamiliar networks when you access sensitive sites.
  • Be especially careful using social networking sites.
  • Practice good defense:
    • Don't open suspicious e-mails.
    • Don't click on links in an e-mail, even if they seem okay (news alerts).
    • Don't open e-mail attachments directly. (Save the file and run a virus scan.)
    • Be cautious of new technologies. Computer criminals exploit changes in the environment.
  • Visit US-CERT (United States Computer Emergency Readiness Team) sites to get the latest information on security threats and fixes: