In this day and age, computer and cyber-related crimes are often in the news. Criminals have a myriad of ways in trying to get at you and your financial data. Customers are frequently the target of identity theft as a result of the onslaught cyber-related crimes. The Frederick Community Bank wants you to be educated and prepared with the information you need to help you to stay clear of fraudsters and identity theft.
Proper Cyber Security Fundamentals:
Keep all of your Personally Identifiable Information (PII) safe and secure. PII is the Holy Grail for identity thieves and hackers as it will allow them to open new accounts and take out credit in your name. Even partially data that you may think is innocuous is gold for the identity thieves as it may be the last piece they needed since they got the other information from other sources.
PII such as your Social Security Number (SSN), Full Name, Address, professional identification numbers (typically in regulated industries) should never be shared with anyone that you didn’t initiate the contact or communication with first. Hackers and Identity thieves have the tools to spoof, or fake, the phone numbers and emails they are sending communications from. ALWAYS contact your bank and other critical services by the contact information you have on them and NOT from the email, text, or phone call someone sends to you.
You also need to be careful on what devices or machines you access your or input your PII on. Public computers that you find in hotels or the public library aren’t necessarily secure. Also, using a friend’s or family member’s device to check an email may lead to your credentials being compromised if their devices has malware on it (this applies to iOS devices and Android devices too).
When accessing websites and apps, always make sure they are encrypted. On web browsers its usually indicated by the padlock icon to the left of the URL (the https:// address you are visiting).
How do the crooks get the information they need?
Identity Thieves and hackers can get your PII through other ways than just the data breeches you hear about regarding different stores and payment processors, they can get it directly from you without you realizing it! Crooks can make convincing emails, messages, or fake websites that spoof the website you want to go to and have you input your credentials that way. This method is called a man in the middle attack as they pass off your data to the service you are trying to access. It is very important to remember to never click on an email address or link that is sent to you from an unsolicited source, even if its from someone you know.
Crooks also get their vast amounts of data on you from Social Media. Most people don’t realize the birthday reminders they set in social media websites like Facebook can be used by crooks to get their birthday information, or their hometowns as places they were born or born nearby. Be selective in what you share online and with who you share it online.
OK What Next? Passwords…
Now that you know not to give out information to strangers and only to trusted contacts that you have the contact information for, you may wonder what next? The next thing to focus on is password safety. NEVER reuse passwords for other services. Why do you ask? Well the answer is a technique hackers use to breach your accounts called Credential Stuffing. If you use the same passwords for all your services, and one of those services has a breech, the hacker now has your username and password for other types of accounts. For example, in the multiple breeches of Yahoo mail in the past years, hackers got a treasure trove of user data that allowed them to attack other services because people used the same password for their Yahoo email and their other email accounts and social media platforms.
Also, never share your password with anyone. Your bank will never want to know your password or security questions. On that note, you should also treat your account security questions as passwords themselves. Don’t use information that can be gleamed publicly like your mother’s maiden name, or favorite color. You can add a unique phrase to each of the answers to make them stronger to guessing attempts but are easier for you to remember, i.e. Q: What’s your mother’s maiden name? A:MyMomisAwesome+Smith, etc.
How do you keep all these different accounts and use different passwords without losing your mind? A simple and elegant solution called a password manager. Services like 1Password, Bitwarden, Dashlane, and Keeper all provide a wonderful service where you create a strong master password and the password manager creates unique strong passwords for your other services so you only need to remember one. This is different from autofill functions of browsers as those functions will save your password only on that one device instead of a central vault that you can access anywhere (iOS, Android, Windows). Combined with Two-Factor Authentication (2FA) solutions like Authy by Twilio, of Google Authenticator by Google, and Microsoft Authenticator; password managers help to keep your accounts and your PII safe and secure from hackers and identity thieves.
Devices and PCs
One of the best things you can do for yourself is to make sure you PC or device’s Operating System (OS) is updated and current, along with software updates for the applications or apps on your PC or mobile devices.
OS updates are a potentially confusing area for customers as they rely on their devices to tell them they are up to date. However, many manufacturers have their update process say that the device is up to date in the update app even if the last update was from three years ago. It is up to you the consumer, to know what version of your OS your device is on and what the manufacturer has available. You can often do this by visiting the manufacturer directly and see what their newest version they are running for their OS. You can also find out what the End of Life (EOL) for your device will be when it is scheduled not to receive further updates. If your device can no longer support the newest OS, you may consider getting your device replaced as soon as possible as it no longer will be getting critical security updates for the OS.
Cybersecurity Training
Here are some free resources for individuals and businesses:
- From Microsoft – Basic Concepts of Cybersecurity
- From CISA – Cyber Essentials
- There are also many videos on YouTube as well!