Reduce your risk significantly by adopting some basic best practices.
The first half of 2019 has shown a striking increase in reports of financial fraud, and most targets are not the large financial institutions we hear about in the news. According to a 2019 Internet Security Threat Report by Symantec, cybercriminals are diversifying their targets and using stealthier methods to commit identity theft and fraud. Notably, supply chain attacks, which use loopholes in third-party services to attack individuals, are up 78% from 2018; malicious scripts, which bait victims into clicking on otherwise trusted web content, have increased by 1,000%; and email is now responsible for spreading 92% of all Malware (malicious software).1
Criminals are taking aim at individuals and small businesses, which lack the dedicated security teams and myriad of technical controls that big companies employ. By directing attacks against individuals or small businesses, criminals are more likely to infiltrate and gain access to sensitive information with minimal effort.
So what can you do – without big company resources? Fortunately, you can reduce your risk significantly by following some relatively straightforward advice. Review the below best practices and implement them – as basic or unnecessary as they may seem – and you can greatly improve the security of your personal and financial information.
The Pervasiveness of Cyber Fraud
Cybercriminals constantly evolve their attack methods looking for new opportunities to bypass controls and ultimately steal assets and money.
In the U.S., 1.4 million fraud reports totaling $1.48 billion in losses were reported to the Federal Trade Commission in 2018 (Consumer Sentinel Network Data Book 2018, February 2019).
Globally, 60% of businesses say they have been breached at some point in their history, with 30% experiencing a breach within the past year alone. In the U.S., the numbers are even higher, with 65% of organizations claiming they have been breached “sometime” and 36% within the past year (2019 Thales Data Threat Report Global Edition).
780,000 records were lost per day in 2017 (McAfee’s Economic Impact of Cybercrime, February 2018).
Cybercriminals frequently gain access to information by using known flaws in the software that operates your computer or phone. Updates are crucial; patching flaws can make it less likely that you will become a cybercrime target.
You can easily program your phone and computer to update automatically, effectively managing the patches for you. Here are instructions for iPhones and phones using Android and Microsoft operating systems.
Read Using Mobile Devices Securely for additional advice on maximizing the security of your mobile device.
Cybercriminals also use technical attacks to deploy viruses, botnets, malware, keyloggers and spyware to infect or take over your machine. Most new machines will come with a free anti-virus software trial pre-installed that you can purchase once the trial is over, but there are literally hundreds of anti-virus applications available. Make sure the software solutions you choose provide adequate protection, keep them updated with the latest virus definitions and schedule full scans for at least once per week.
Almost all Internet Service Providers (ISP) offer a free subscription to anti-virus software, as it’s in their best interest to keep you secure.
For more information, read Protecting Your Home Computer.
Do not repeat passwords across multiple websites, change your passwords every three to six months, and create strong, difficult to guess passwords. New research indicates that long passwords can be just as effective as passphrases if you avoid terms or names that can be directly tied to you. Remember to use a combination of letters, numbers and symbols whenever possible. For a brief description of passwords and passphrases, visit SANS Security Awareness.
Using a password “vault” can help you securely keep your passwords all in one place. Password vault programs are available for mobile devices and computers.
It may seem daunting to manage all of your devices, but starting with your internet router will improve your security at the source. Change the password from the default provided by your ISP, and choose the appropriate encryption. Also, check your router to see what is connected; the number of items connected may surprise you. To view a quick guide regarding router security, read How to Boost Your Router Security from Consumer Reports.
You can purchase protection against cyberattacks for every internet-connected device in your home, including game consoles, smart TVs and appliances.
For mobile devices, enable a PIN/passcode and choose the option within your settings for auto-lock. For computers, keep multiple profiles, which will enable you to apply restrictions to accounts used by younger children.
Remember, if you have programmed your phone or computer to accept someone else’s fingerprint, that person will have access to almost all of your applications that make use of fingerprint authentication.
Even the best machine or device may become compromised or crash. Regular backups to an external hard drive will help you recover your information in these situations. They can be purchased at any electronics store and programmed to perform nightly backups of either specific files or everything on your computer. Make use of redundant backups, by using an external hard drive and a secure cloud provider for irreplaceable items, such as family photos.
You can now easily back up many mobile devices to the cloud – storage space that is owned and hosted by a vendor such as Google, iCloud or Box. But use caution when sending financial information to cloud storage, which is more appropriate for photos, contacts and media.
Young children are vulnerable to even the most basic of cyber tricks. Teenagers, while savvy, are online more frequently and often visit riskier sites, such as file sharing platforms for movies, videos and games. And older family members have what every criminal wants: financial assets and limited digital knowledge.
Local community colleges and libraries often offer internet safety courses. Additional resources are also available on the Federal Trade Commission website.
Certain types of personal information can be used to commit fraud, such as account takeovers, unauthorized money transfers or new lines of credit opened in your name. This may result from malware on your computer, social engineering that tricks you into giving personal information over the phone or internet, or a thief stealing your mail or trash to access personally identifiable information. You can protect against identity theft by following several best practices, including shredding sensitive documents and reviewing your credit report.
Opt-in for electronic statements whenever possible to avoid the risk of stolen mail and eliminate the need for shredding.
If you discover that your information has been exposed, you may want to enable a fraud alert or a credit freeze on your credit information. A fraud alert on credit reports requires potential creditors to contact you and obtain permission to open new accounts or lines of credit. A security freeze may help block institutions or lenders from accessing your credit report, unless a pre-set PIN is provided to “thaw” the report, which prevents them from opening new accounts in your name.
Consumers are entitled by law to receive a free credit report from each of the credit reporting bureaus once a year. Go to annualcreditreport.com or call 877.322.8228 and follow instructions to access your reports.
For more detail and additional actions to take after becoming a victim of identity theft, read Protecting Your Identity after a Breach.
Do not automatically hand over social security numbers, account numbers or other highly sensitive information just because you are asked. Also, never release your credit or debit card information to someone who initiates contact with you.
Organizations and businesses that request access to your social security number may not actually need it. Use alternative forms of identification whenever possible, and stay alert for medical, insurance or even tax fraud.
As the above best practices demonstrate, you do not need to be a technical expert to improve your security. But you do need to stay informed and adopt good habits. For additional education and other important steps to take, visit the Northern Trust Security Center.
- Symantec. 2019 Internet Security Threat Report. ISTR Volume 24. Retrieved from https://www.symantec.com/content/dam/symantec/docs/reports/istr-24-executive-summary-en.pdf