We’re all growing increasingly concerned about personal and financial cyber security. The following story, shared with us by our digital security consultant, is just one of many examples of how hackers and identity thieves are finding new ways to access our personal information and deeply disrupt our lives:
"They just clicked on an innocent looking email link,
which downloaded an agent that encrypted the person's files: pictures, documents, videos, music, everything.
Then an email arrived offering the encryption key for a stiff fee. Fortunately, we were able to restore everything from a backup and they didn't have to pay.”
Don’t let something like this happen to your client. Here’s our list of 10 ways that your client can protect her identity, finances and devices in our increasingly digital world. Be sure to discuss these steps with your client. You should also consider taking these steps yourself.
Finances and Identity
1. Monitor bank and investment accounts regularly and order a credit report. The only way to make sure your financial accounts and the personal information associated with them are kept private is to check. By federal law, everyone is entitled to an annual free credit report from each of the three major credit bureaus. Use these reports to see whether anyone has opened new accounts under your name.
2. Consider two-step verification for your bank and other online financial accounts. Most financial firms now offer an optional two-step verification approach to increase your security as you access your account. Two-step verification requires an additional security code along with your standard login. Your bank or email provider sends this new security code to your phone, an alternate email address or a physical code generator to ensure that it’s really you logging into your account.
3. Be alert to impostors, and avoid clicking through emails. Don’t click through the email alerts from your financial providers. Instead go directly to your online account to take any necessary action. Emails that look legitimate for your financial institution may easily be phishing emails. The links in these emails can direct you to fraudulent versions of your providers’ websites and collect your personal information or download malicious software onto your computer.
4. Always access your accounts from a secure location.
Everyone loves “free wifi,” but unsecured wireless access points, such as those you may use at airports, coffee shops and hotels are easy to intercept. An experienced hacker could collect the information you’re using to log in to your accounts. A safer alternative is purchase a subscription to a paid hotspot provider in which the networks are password protected and often have additional levels of security.
5. Be thoughtful about the information you share. Social media has become a fun and efficient way to keep up with our loved ones, but posting too much personal information online opens you up to identity theft. Pictures from the exclusive resort or international trip you took with the family may highlight you as a target. Personality quizzes, product pages you’ve “liked” and even alumni affinity groups on social sites all provide information that can compromise you. Scammers can use your information to develop a pretty sophisticated profile for social engineering attacks. These attacks send you highly-targeted emails pretending to be from a place you’ve visited or someone close to you, trying to get you to select a link to an infected website.
Computers & Mobile Devices
1. Use anti-virus software and back up your computer regularly. Your devices can fall prey to many dangers, both outside attacks (for example, malware, Trojans, viruses) and internal forces (for example, hard drive failure, user error). Protect yourself from outside attackers with anti-virus software. Even Macs gets viruses these days. To safeguard yourself from internal forces, back up all your data regularly.
2. Always keep your phone, computer and software up-to-date. Up-to-date software is the only way to ensure you have the latest security on your devices. This is particularly true of Adobe Flash and Java, two very popular programs that power many internet-based applications. Attacks through these two programs are among the most common.
3. Use strong unique passwords on all your devices and accounts. Don’t reuse the same password on different sites or devices. It’s also a best practice to answer all those security questions with non-personal answers. So have fun and make that first car a “57 Corvette.” To remember all of these passwords, consider using a password manager. Password manager programs secure all your passwords and logon information in one encrypted database, requiring you to only remember one password.
4. Make sure you correctly secure your home wireless networks. When setting up your home wireless network, always change the default ID and the default password. Even though you can’t remember the login, Cybercriminals know all the default settings for all wireless routers.
5. Erase your personal information when disposing of old devices. When you want to recycle, donate or just trash your old device, it’s important that you erase all the stored personal information. You never know where the device will end up.
Always logout when you’re done. It’s easy to skip, but it’s good practice to always log out of each website when you’re finished. Logging out lessens the chances of falling prey to session hijacking and cross-site scripting exploits.
For over a generation, we’ve watched digital technological innovations explode. We’ve enjoyed increasing conveniences we never knew we desired, and we are only just beginning to address the difficult questions of personal privacy and security versus access. Greed has never waited for philosophical debates, and each day brilliant hackers find new ways to access our information. We hope these 10 ideas can help you and your client safeguard your digital information and accounts for now.