1. Be aware that you ARE a target. We hear it in Cyber Security circles pretty often; “I/we/my company doesn’t have anything Hackers want.” According to Verizon’s Data Breach Investigations Report (DBIR) for 2018, 76% of breaches were financially motivated. Attackers want your Personally Identifiable Information (PII) so they can assume your identity not only to steal your hard earned money from your bank accounts and Paypal account but also to apply for fraudulent credit cards. Cyber Criminals will even go as far as stealing a very young child’s identity to apply for credit and open up fraudulent accounts. Additionally, Cyber Criminals want to assume your identity so they can victimize your friends, family, and colleagues.
2. Freeze your credit report with all 4 of the major credit reporting agencies (Yes, there are four!) and your “Phone Credit” with NCTUE. You should freeze your credit with Equifax, Experian, TransUnion, and Innovis. You can read more on freezing your credit by reading this article by Brian Krebs from KrebsonSecurity.com. Additionally, according to this article by Krebs, Cyber Criminals are also opening fraudulent cell phone accounts even after consumers have frozen their credit. Krebs tells readers that most mobile phone providers do not check applicants’ credit with the major Credit Reporting Bureaus, but instead use the National Consumer Telecommunications and Utilities Exchange (NCTUE). To freeze your credit with the NCTUE, you can call them at 1-866-349-5185.
3. Avoid phishing scams. ZDNet published an article that states 1 out of every 100 emails is a phishing attempt, but phishing isn’t just for email anymore. Your Social Media accounts are also targets of phishing scams. To minimize your risk, do not forward or respond to suspicious emails or posts. Additionally, don’t open unexpected attachments or embedded links. If you have any doubts about the message’s validity, contact the individual or organization that reportedly sent or posted it in a separate email or message. Monitor your accounts for suspicious activity. Whether it’s in email or on social media, beware of:
- Messages with misspellings and typos, multiple fonts, or oddly-placed accents.
- Messages that claim to have your password attached. Facebook will never send your password as an attachment.
- Mismatched links: when you hover over a link, look at the status bar at the bottom of your browser window, and make sure the link actually goes to the place shown in the email.
- Messages asking for your personally identifiable information.
- Messages claiming that your account will be deleted or locked unless you take immediate action.
4. Use encryption and strong passwords! We can’t prevent cyber attacks entirely, but we can make it harder for the perpetrators to gain access to the sensitive information that is within our control.
- Encrypt sensitive emails.
- Use a secure messaging application, and don’t send sensitive information through social media chat programs.
- Defend Yourself with Virtual Private Network (VPN) when using public wifi.
- Encrypt your hard drive and your Cellphone data.
- Use Multi-factor authentication whenever possible.
- Use strong passwords, don’t reuse them and don’t write them down. Use a password manager!
5. Secure your devices and update (everything) often. Most modern operating systems have at least a basic firewall that can help protect your computer from external attacks. Install anti-virus protection; there are numerous inexpensive or free options. Schedule all of your devices to perform automatic and frequent updates for their operating systems and all installed applications. Uninstall unneeded applications whenever possible. Don’t leave your devices unsecured and be conscientious of what you plug into your devices. Last but not least, if your device is lost or stolen, follow this guide from Consumer Reports.