Cybersecurity 101: How to Protect Your Identity and Data
June 23, 2021 | By Aaron Tawil, CFP®
In today's ever-evolving world, cyber fraud has become one of the greatest threats we face. When it comes to protecting yourself against cyber fraud, there are several elements to consider.
Let’s begin with identity theft.
What is Identity Theft?
Identity theft happens when a criminal steals information about you and uses that information to commit fraud, such as requesting unemployment benefits, tax refunds, or a new loan or credit card in your name. If you don’t take precautions, you may end up paying for products or services that you didn’t buy – and dealing with the resulting stress and financial heartache.
Your personal information exists in numerous places all over the internet. Every time you browse or purchase something online, watch a video, buy groceries, visit your doctor, or use an app on your smartphone, information about you is being collected. That information is often legally sold or shared with other companies.
If just one of these sources of stored information gets hacked, criminals can gain access to your personal data. It is best to assume that some information about you is already available to criminals and consider what you can do to slow down or detect the use of your information for fraud.
The most common cyber threats
Cybercriminals are creative when it comes to identity theft and fraud. These are some of the techniques often used to gain access to your financial accounts, mobile accounts, or computer hardware:
Email Account Takeover: A cybercriminal hacks an email account and reads emails to learn about the victim and their habits, so they can ultimately pose as the victim to steal money.
Malicious Software: Malicious software, often called malware, is created to damage or disable computers and computer systems, steal data, or gain unauthorized access to networks.
Phishing: Cybercriminals pretend to be trustworthy sources to acquire sensitive personal information such as usernames, passwords, social security numbers, and credit card details.
Password Re-use Attack: Because it’s common to re-use passwords and usernames for online accounts, cybercriminals can obtain a victim’s login credentials, test them in large numbers against financial institutions' websites to find matches, and then request fraudulent fund transfers.
Social Engineering: This involves manipulating or impersonating others to divulge sensitive, private information, and then demanding financial transactions be executed to avoid consequences.
Call Forwarding: The cybercriminal takes over the victim’s cell phone number, and begins impersonating the victim or rerouting their calls.
Spoofing: The cybercriminal uses an email header that gives the impression it’s coming from a legitimate source, with the goal of tricking the recipient into opening and responding to the email. Phone spoofing is a comparable cyber threat that involves using a phone number that is similar to a familiar source.
How to Protect Your Data
Security threats exist anywhere you send or receive data online. To improve your cybersecurity, be sure to take each of the following steps:
1. Use a password manager to store passwords.
2. Protect your bank and brokerage accounts by using two-factor authentication and voice recognition.
3. Protect your mobile devices and accounts:
Choose a username that is dissimilar to your name and email address and never use information that can identify you (social security number, birthday, anniversary).
Use a unique password for each account, and avoid re-using passwords for other accounts.
Utilize multi-factor authentication for extra login protection.
Create a pin or passphrase to protect against SIM Swaps and Phone Porting.
Remove old or lost devices from accounts so they are no longer considered “trusted.”
Activate a PIN or lock function for your mobile device. Using a PIN is the simplest and most important thing you can do to ensure security on your mobile device.
4. Protect your computer and devices by using antivirus software and regularly performing manufacturer and software updates.
5. Understand the different ways that scammers can attack you:
If a pop-up message on your computer tells you that you need to call a number to fix a problem, it’s probably a scam; have your computer professionally cleaned.
If someone on the phone asks you to allow them to connect to your computer remotely so that they can fix a problem and you don’t know that person, hang up; it’s a scam.
If you receive a two-factor challenge code and it says not to share it with anyone, then don’t, regardless of who initiated the call.
If you receive a two-factor challenge code and it says that it’s only intended to be used online, don’t share.
6. Protect your email account:
Do not open or respond to emails that look suspicious.
Do not open an attachment you were not expecting.
Do not click on a link in an email unless you are 100% sure it is safe to do so.
Do not be fooled by ‘phishing’ attempts.
Be wary of messages from companies that already have your email address.
If you receive an email from someone you do not know or one that looks suspicious, do not accept it.
Do not post your work email address on forums, websites, and blogs unless absolutely necessary.
Never reply to a spam message.
Utilize the spam filter.
Don’t Fall Victim to a Cyberattack
The risk of falling prey to a cyberattack isn’t likely to go away in the future. To protect yourself today, you need to be aware of the types of attacks hackers use to capture sensitive information and defraud their victims. Start by choosing strong, unique passwords for all your online accounts. Use two-factor authentication whenever you can. Finally, educate yourself on what common email, phone, and internet scams look like so you can spot them in the future.
For more steps on how to make yourself a difficult target for cybercriminals, read this short, free guide.