Do Your Part, Be Cybersmart
October is Cybersecurity Awareness Month. In past years, you may have ignored the issue as cybersecurity might have felt like a problem for large companies or an issue for the hero to help solve in a spy movie. But the world is changing, and fast. According to the National Cyber Security Alliance (NCSA), the first three months of 2020 saw a 20% increase in cyber fraud as cybercriminals took advantage of the global pandemic. In 2021, ransomware attackers caused the Colonial Pipeline to shut down their East Coast pipeline disrupting fuel supplies and causing frantic gas hoarding in Southeastern states. Cybercrime is hitting us at home, whether it's disrupting the supply chain or intercepting your pin number at a gas pump. It's up to each of us to do our part in protecting information and keeping it out of the hands of cybercriminals. Following are some helpful tips for you to remember while traveling, transitioning back to the office, working remotely, and protecting your digital home.
Protecting Yourself at Home and Away
It's crazy to think about how many devices in our homes are also connected to the internet. Of course, your personal computer, mobile devices, and tablets are connected, but have you thought about your fancy new thermostat, refrigerator, and security system? The list goes on and on. Innovation is great, but we need to remember that the more entry points we have into our digital homes, the more risk we run of becoming a victim of cybercrime. Follow these tips from the NCSA to protect your "digital home."
Secure your Wi-Fi Network. Your home’s wireless router is the primary entrance for cybercriminals to access all of your connected devices. Secure your Wi-Fi network and your digital devices by changing the factory-set default username and password to a strong username and password combination. Remember, a strong password should be at least 8 characters long, have a variety of characters (including numbers and symbol), and is not easy to guess. Resist the urge to use the same username and password combination everywhere. If you can't remember your passwords, consider using a secure Password Manager to help maintain your login information.
Stop auto-connecting outside your home. Some devices will automatically seek out and connect to available wireless networks or Bluetooth devices. This instant connection opens the door for cybercriminals to remotely access your devices. Disable these features for networks outside your home so that you actively choose when to connect to a safe network.
Stay protected while connected. Before you connect to any public wireless hotspot—such as at an airport, hotel, or café—be sure to confirm the name of the network and exact login procedures with appropriate staff to ensure that the network is legitimate. Your personal hotspot is often a safer alternative than free Wi-Fi. Only use sites that begin with “https://” instead of "http://" when online shopping or banking.
Double your login protection. Enable multi-factor authentication (MFA) to ensure that the only person who has access to your account is you. MFA requires you, and anyone else who is trying to log in as you, to use two or more pieces of information to gain access to an app or other digital resource. As an example, when logging in you may need to retrieve a code sent by text to your phone or by message to your email account, in order to complete a login. This is an example of MFA that can thwart the effort of an identity thief attempting to access to your accounts and your personal information. If you have the option, turn on multi-factor authentication for access to your email account, banking applications, social media accounts, and any other service that requires a login.
Maintaining security requires maintenance. Stop ignoring all of those pesky alerts telling you that your system is out of date. Whether it’s your computer, smartphone, gaming console, or other network devices, the best defense is to stay on top of things by updating to the latest security software, web browser, and operating systems. If you think that an alert might be fraudulent, do a little investigating to determine if your system is on the latest version of software and if there are any security patches that are required. If you have the option to enable automatic updates to defend against the latest risks, turn it on. If you’re putting something into your device, such as a USB device as an external hard drive or for storage, make sure your device’s security software scans for viruses and malware.
Keep tabs on your apps. Most connected appliances, toys, and devices are supported by a mobile application. Your mobile device could be filled with suspicious apps running in the background or using default permissions you never realized you approved—gathering your personal information without your knowledge while also putting your identity and privacy at risk. Check your app permissions and use the “rule of least privilege” to delete what you don’t need or no longer use and say “no” to privilege requests that don’t make sense. Only download apps from trusted vendors and sources.
Never click and tell. Limit what information you post on social media, including obvious personal details like your birthday and home address, and other specific information like where you like to grab coffee or your vacation plans. What many people don’t realize is that information like this is all that criminals need to know to target you, your loved ones, and your physical belongings — online and in the real world. Keep Social Security numbers, account numbers, and passwords private, as well as specific information about yourself.
Back up your information. Back up your contacts, financial data, photos, videos, and other mobile device data to another device or cloud service in case your device is compromised and you have to reset it to factory settings.
Connect only with people you trust. While some social networks might seem safer for connecting because of the limited personal information shared through them, you should also keep in mind who you allow to connect to your network, and limit these connections to people you know and trust. Disable location services that allow anyone to see where you are — and where you aren’t — at any given time.
Be extra cautious when traveling. Personal awareness is key to protecting your personal information from cybercrime. This might seem easier at home where you've thoughtfully put systems in place to protect your information. However, when you travel you may not be aware that you are leaving digital breadcrumbs all along the way. Don't let your guard down when using your digital devices away from home.
As we've seen recently, cyberattacks of businesses can have severe consequences to the general public. According to this Reuter's article linked here, the Colonial Pipeline attack was from a single password vulnerability. Many times hackers wait for opportunities based upon human error like an employee clicking a malicious link or connecting a device to an unsecured network. The following tips provided by the NCSA can help you stay mindful of protecting your company and customers' data.
Treat business information as personal information. Business information typically includes a mix of personal and proprietary data. While you may think of trade secrets and company credit accounts, it also includes employee personally identifiable information (PII) through tax forms and payroll accounts. Do not share PII with unknown parties or over unsecured networks.
Use strong passwords at work, as well as home. As “smart” or data-driven technology evolves, it is important to remember that security measures only work if used correctly by employees. Smart technology runs on data, meaning devices such as smartphones, laptop computers, wireless printers, and other devices are constantly exchanging data to complete tasks. Take proper security precautions and ensure correct configuration to wireless devices in order to prevent data breaches.
If you see something, say something. Your workplace depends on you to keep an eye on things that could lead to a vulnerability. If you notice that your software is not up-to-date, you receive a security alert, or you click on an email link that in afterthought seems suspicious, bring these issues to the attention of the person in your company in charge of security. Your participation could make all the difference.
Social media is part of the fraud toolset. By searching Google and scanning your organization’s social media sites, cybercriminals can gather information about your partners and vendors, as well as human resources and finance departments. Employees should avoid oversharing on social media and should not conduct official business, exchange payments, or share PII on social media platforms.
It only takes one time. Data breaches do not typically happen when a cybercriminal has hacked into an organization’s infrastructure. Many data breaches can be traced back to a single security vulnerability, phishing attempt, or instance of accidental exposure. Be wary of unusual sources, do not click on unknown links, and delete suspicious messages immediately. If you are approached on the telephone, by email or on social media by someone claiming to be a manager of your company, a government agency or other authority figure double-check before you release personal or business information. If the request is legitimate your employer will appreciate that you are thorough. If the approach is fraudulent you may have just saved yourself and your employer a great deal of grief and expense.
Staying cybersmart and doing your part can help in the fight against cybercrime. Use the month of October (Cybersecurity Awareness Month) each year to review these security protocols to ensure you are protected at home, while you are away, and at work. Share these tips with friends and family members so they can also learn to protect themselves. And remember, we are here for you! Even by following the above practices, you could still find yourself a victim of cybercrime and other forms of identity theft. We want you to remember that <FINANCIAL_INSTITUTION> has you covered! If you are an account holder with <EMBEDDED_ACCOUNT> you have Fully Managed Identity Theft Recovery. Should you feel your identity has been compromised online or otherwise, we have professional Identity Theft Recovery Advocates standing by. These Advocates work on your behalf to help you recover and reverse any damage caused by identity theft. Contact us or find out more about this and other benefits of <EMBEDDED_ACCOUNT> by visiting our website.