Reduce your risk significantly by adopting some basic best practices.
Even before the coronavirus outbreak, cyber fraud was increasing at alarming rates. But as the trend toward a more remote workforce has taken hold, it has accelerated further. Arkose Labs, a fraud prevention company, detected and stopped 1.1 billion online fraud attacks during the first half of 2020 — double the volume compared to the second half of 2019. By the end of 2020, it had analyzed more than 15 billion online sessions, stopping 4.6 billion attacks.1
No person or organization is immune from these attacks; government agencies, private companies and individuals all remain potential targets of identity theft, transactional fraud and ransomware. The Federal Trade Commission reports that, as of June 30, 2021, identity theft reports related to government benefits scams alone had increased 2,917%, impacting employees and employers across the country.2
With the acceleration of cloud storage and the move toward quantum computing, the security challenges will persist and evolve. In a recent survey conducted by Thales, 46% of companies say nearly 60% of sensitive data stored in the cloud is not encrypted.3
Fortunately, there are simple, tangible steps you can take to reduce your risk of loss. The following best practices will significantly increase the security surrounding your data, assets and overall online safety.
The pervasiveness of cyber fraud
Cybercriminals constantly evolve their attack methods, looking for new opportunities to bypass controls and, ultimately, steal assets and money.
- 2.3M fraud reports
In 2020, the Consumer Sentinel Network, the Federal Trade Commission’s database that stores reports from consumers about problems they experience in the marketplace, registered more than 2.3 million fraud reports, totaling $3.4 billion in total fraud losses.
- 56% have been breached
Globally, 56% of companies surveyed say they have experienced a data security breach at some point, and 47% say they saw an increase in cyber-attacks in the past year.
- 688 malware threats per minute
McAfee Labs observed 688 malware threats per minute by Q1 2021.
Continually Update Your Computer and Mobile Devices
Cybercriminals frequently gain access to information by using known flaws in the software and operating systems that run your computer or phone. Updates are crucial; patching these flaws and vulnerabilities can make it less likely that you will become a victim of a successful cyberattack.
You can easily program your phone and computer to update automatically, effectively managing the patches for you. Here are instructions for iPhones and phones using Android and Microsoft operating systems.
Read Using Mobile Devices Securely for additional advice on maximizing the security of your mobile device.
Employ Antivirus Software and Anti-malware Protection on Your Computers
Cybercriminals also use technical attacks to deploy viruses, botnets, malware, keyloggers and spyware to infect or take over your machine. Most new machines will come with a free antivirus software trial preinstalled that you can purchase once the trial is over, but there are literally hundreds of antivirus applications available. Make sure the software solutions you choose provide adequate protection, keep them updated with the latest virus definitions and schedule full scans to run at least once per week.
Almost all internet service providers (ISP) offer a free subscription to antivirus software, as it is in their best interest to keep you secure. Check with your provider for download instructions, but keep in mind that free subscriptions may not be sufficient for small businesses, which may benefit from extra protection.
For more information, read Protecting Your Home Computer.
Use Good Password Habits
Change your passwords every three to six months, create strong passwords that are difficult to guess, and do not repeat passwords across multiple websites. New research indicates that long passwords can be just as effective as passphrases if you avoid terms or names that can be directly tied to you. Remember to use a combination of letters, numbers and symbols whenever possible.
For a brief description of passwords and passphrases, visit SANS Security Awareness.
Using a password “vault” can help you securely keep your passwords all in one place. Password vault programs are available for mobile devices and computers.
Strengthen Your Home Network
It may seem daunting to actively manage all your devices, but starting with your internet router will improve your security at the source. Change the password from the default provided by your ISP, and choose the appropriate encryption, starting with at least Wi-Fi Protected Access 2 (WPA2). Also, check your router to see what is connected; the number of items connected may surprise you. To view a quick guide regarding router security, read Router Security: How to Setup Wi-Fi Router Securely from Norton.
You can purchase protection against cyberattacks for every internet-connected device in your home, including game consoles, smart TVs and appliances.
Access to your computer and devices
For mobile devices, enable a PIN/passcode and choose the option within your settings for auto-lock. For computers, keep multiple profiles, which will enable you to apply restrictions to accounts used by younger children.
Remember, if you have programmed your phone or computer to accept someone else’s fingerprint or Face ID, that person will have access to almost all of your applications that make use of these forms of authentication.
Back Up the Data on Your Computer and Your Mobile Devices
Even the best machine or device may become compromised or crash. Regular backups to an external hard drive will help you recover your information in these situations. They can be purchased at any electronics store and programmed to perform nightly backups of either specific files or everything on your computer. Make use of redundant backups by using an external hard drive and a secure cloud provider for irreplaceable items, such as family photos.
You can now easily back up many mobile devices to the cloud storage space that is owned and hosted by a vendor such as Google, iCloud or Box. But use caution when sending financial information to cloud storage, which is more appropriate for photos, contacts and media.
Talk to Your Children and Family About Internet Security
Young children are vulnerable to even the most basic of cyber tricks. Teenagers, while savvy, are online more frequently and often visit riskier sites, such as file sharing platforms for movies, videos and games. And older family members often have what every criminal wants: financial assets and limited digital knowledge.
Local community colleges and libraries frequently offer internet safety courses. Additional resources are also available on the Federal Trade Commission website and on Northern Trust’s Security Center.
Understand and Protect Against Identity Theft
Certain types of personal information can be used to commit fraud, such as account takeovers, unauthorized money transfers or new lines of credit opened in your name. This may result from malware on your computer, social engineering that tricks you into giving personal information over the phone or internet, or a thief stealing your mail or trash to access personally identifiable information. You can protect against identity theft by following several best practices — including shredding sensitive documents, avoiding suspicious links and attachments in your email, learning to recognize and block smishing attacks and reviewing your credit report on a regular basis.
Opt in for electronic statements whenever possible to avoid the risk of stolen mail and eliminate the need for shredding.
To learn more about social engineering, read Fraud Prevention Tips for Consumers. For a full list of identity theft prevention tips, read Identity Theft – Protecting Your Identity.
Know What To Do if You Become a Victim
If you discover that your information has been exposed, you may want to enable a fraud alert or a credit freeze on your credit information. A fraud alert on credit reports requires potential creditors to contact you and obtain permission to open new accounts or lines of credit. A security freeze may help block institutions or lenders from accessing your credit report, unless a pre-set PIN is provided to “thaw” the report, which prevents them from opening new accounts in your name.
Consumers are entitled by law to receive a free credit report from each of the credit reporting bureaus once a year. Go to annualcreditreport.com or call 877 322 8228 and follow instructions to access your reports.
For more detail and additional actions to take after becoming a victim of identity theft, read Protecting Your Identity After a Breach.
Keep Control of Your Information
Do not automatically hand over social security numbers, account numbers or other highly sensitive information just because you are asked. Also, never release your credit or debit card information to someone who initiates contact with you.
Organizations and businesses that request access to your social security number may not actually need it. Use alternative forms of identification whenever possible, and stay alert for medical, insurance or even tax fraud.
As the above best practices demonstrate, you do not need to be a technical expert to improve your security. But you do need to stay informed and adopt good habits. For additional education and other important steps to take, visit the Northern Trust Security Center.