Reduce your risk significantly by adopting some basic best practices.
Even before the coronavirus outbreak, cyber fraud was increasing at alarming rates. For example, Arkose Labs, a fraud prevention company, detected and stopped 1.1 billion online fraud attacks during the first half of 2020, double the volume compared to the second half of 2019.1
Unfortunately, the pandemic has only accelerated this already disconcerting trend. Seizing the moment of increased digital activity and higher anxiety, cybercriminals have ramped up efforts to steal sensitive information and engage in extortion. For instance, by April 21, when the pandemic was still in its early stages, the FBI reported already having received more than 3,600 complaints about COVID-19-related scams.2
Further, no person or organization has been immune from these attacks; government agencies, private companies and individuals have all been impacted. Sadly, specific assaults have even included phishing attacks against first responders and fake COVID-19 websites with malware to sinisterly trap those searching for information about the virus.2
Clearly, extra vigilance is required during this time. Fortunately, you can reduce your risk significantly by following some straightforward best practices, which have and will continue to be the best defense against cybercrime in any environment.
The Pervasiveness of Cyber Fraud
Cybercriminals constantly evolve their attack methods looking for new opportunities to bypass controls and ultimately steal assets and money.
In 2019, the Consumer Sentinel Network, the Federal Trade Commission’s database that stores reports from consumers about problems they experience in the marketplace, registered over 1.7 million fraud reports, totaling $1.9 billion in losses, an increase over 2018. (Consumer Sentinel Network Data Book 2019, January 2020).
Globally, 49% of companies surveyed say they have experienced a data breach at some point and 26% say they have been breached in the last year. (2020 Thales Data Threat Report Global Edition).
McAfee Labs observed 375 malware threats per minute in Q1 2020. (McAfee Labs COVID-19 Threats Report, July 2020).
Cybercriminals frequently gain access to information by using known flaws in the software and operating systems that run your computer or phone. Updates are crucial; patching these flaws and vulnerabilities can make it less likely that you will become a victim of a successful cyberattack.
You can easily program your phone and computer to update automatically, effectively managing the patches for you. Here are instructions for iPhones and phones using Android and Microsoft operating systems.
Read Using Mobile Devices Securely for additional advice on maximizing the security of your mobile device.
Cybercriminals also use technical attacks to deploy viruses, botnets, malware, keyloggers and spyware to infect or take over your machine. Most new machines will come with a free anti-virus software trial pre-installed that you can purchase once the trial is over, but there are literally hundreds of anti-virus applications available. Make sure the software solutions you choose provide adequate protection, keep them updated with the latest virus definitions and schedule full scans for at least once per week.
Almost all internet service providers (ISP) offer a free subscription to anti-virus software, as it is in their best interest to keep you secure. Check with your provider for download instructions, but keep in mind that free subscriptions may not be sufficient for small businesses, which may benefit from extra protection.
For more information, read Protecting Your Home Computer.
Do not repeat passwords across multiple websites, change your passwords every three to six months, and create strong, difficult-to-guess passwords. New research indicates that long passwords can be just as effective as passphrases if you avoid terms or names that can be directly tied to you. Remember to use a combination of letters, numbers and symbols whenever possible. For a brief description of passwords and passphrases, visit SANS Security Awareness.
Using a password “vault” can help you securely keep your passwords all in one place. Password vault programs are available for mobile devices and computers.
It may seem daunting to manage all of your devices, but starting with your internet router will improve your security at the source. Change the password from the default provided by your ISP, and choose the appropriate encryption, starting with at least Wi-Fi Protected Access 2 (WPA2). Also, check your router to see what is connected; the number of items connected may surprise you. To view a quick guide regarding router security, read How to Boost Your Router Security from Consumer Reports.
You can purchase protection against cyberattacks for every internet-connected device in your home, including game consoles, smart TVs and appliances.
For mobile devices, enable a PIN/passcode and choose the option within your settings for auto-lock. For computers, keep multiple profiles, which will enable you to apply restrictions to accounts used by younger children.
Remember, if you have programmed your phone or computer to accept someone else’s fingerprint or “Face ID” that person will have access to almost all of your applications that make use of these forms of authentication.
Even the best machine or device may become compromised or crash. Regular backups to an external hard drive will help you recover your information in these situations. They can be purchased at any electronics store and programmed to perform nightly backups of either specific files or everything on your computer. Make use of redundant backups by using an external hard drive and a secure cloud provider for irreplaceable items, such as family photos.
You can now easily back up many mobile devices to the cloud storage space that is owned and hosted by a vendor such as Google, iCloud or Box. But use caution when sending financial information to cloud storage, which is more appropriate for photos, contacts and media.
Young children are vulnerable to even the most basic of cyber tricks. Teenagers, while savvy, are online more frequently and often visit riskier sites, such as file sharing platforms for movies, videos and games. And older family members have what every criminal wants: financial assets and limited digital knowledge.
Local community colleges and libraries often offer internet safety courses. Additional resources are also available on the Federal Trade Commission website and on Northern Trust’s Security Center.
Certain types of personal information can be used to commit fraud, such as account takeovers, unauthorized money transfers or new lines of credit opened in your name. This may result from malware on your computer, social engineering that tricks you into giving personal information over the phone or internet, or a thief stealing your mail or trash to access personally identifiable information. You can protect against identity theft by following several best practices — including shredding sensitive documents, avoiding suspicious links and attachments in your email, learning to recognize and block Smishing attacks and reviewing your credit report on a regular basis.
Opt-in for electronic statements whenever possible to avoid the risk of stolen mail and eliminate the need for shredding.
If you discover that your information has been exposed, you may want to enable a fraud alert or a credit freeze on your credit information. A fraud alert on credit reports requires potential creditors to contact you and obtain permission to open new accounts or lines of credit. A security freeze may help block institutions or lenders from accessing your credit report, unless a pre-set PIN is provided to “thaw” the report, which prevents them from opening new accounts in your name.
Consumers are entitled by law to receive a free credit report from each of the credit reporting bureaus once a year. Go to annualcreditreport.com or call 877.322.8228 and follow instructions to access your reports.
For more detail and additional actions to take after becoming a victim of identity theft, read Protecting Your Identity after a Breach.
Do not automatically hand over social security numbers, account numbers or other highly sensitive information just because you are asked. Also, never release your credit or debit card information to someone who initiates contact with you.
Organizations and businesses that request access to your social security number may not actually need it. Use alternative forms of identification whenever possible, and stay alert for medical, insurance or even tax fraud.
As the above best practices demonstrate, you do not need to be a technical expert to improve your security. But you do need to stay informed and adopt good habits. For additional education and other important steps to take, visit the Northern Trust Security Center.
Arkose Labs, Fraud & Abuse Report Q3 2020 Data-Driven Analysis of 2020 Fraud Trends, retrieved from https://www.arkoselabs.com/resourceasset/q3-2020-fraud-and-abuse-report/ on October 1, 2020.
The United States Department of Justice, Justice News, retrieved from https://www.justice.gov/opa/pr/department-justice-announces-disruption-hundreds-online-covid-19-related-scams, retrieved on October 9, 2020.