By: Gene Fredriksen, Security Strategy Consultant
It’s that time of year again when people think about their New Year’s resolutions. These typically involve losing weight, eating healthy and exercising more. While most people do not consider making resolutions around improving their cybersecurity efforts, it is important to do everything possible to thwart scammers.
However, just like with many health-based resolutions, it can be very daunting for people to change their cybersecurity practices overnight. Trying to do too much, too fast, is why many resolutions fall by the wayside soon after the New Year’s celebrations are over. Most experts tell us that slow and steady is the right way to change habits, and that small changes stick better because they aren’t as intimidating. As a security strategy expert, I encourage people to incorporate small changes to their cybersecurity prevention efforts to be more successful. By doing so, they can increase cybersecurity awareness and protect themselves against scams and attacks.
Here are some suggested resolutions to help your staff protect your financial institution’s information, as well as their own personal data. Consider sharing this information as educational materials with your cardholders, too, so they can improve their cybersecurity health as well.
Take Extra Care with Emails
Scammers use email or text messages to trick people into giving them their personal information. Why? If a person offers sensitive details willingly, the scammer’s goal of stealing their information becomes easy. That is why scammers launch thousands of phishing attacks every day — and they’re often successful. The FBI’s Internet Crime Complaint Center reported that $57 million has been lost to phishing schemes in one year. Scammers often update their tactics, but here are some of the most common ways that phishing emails and text messages try to trick people into providing sensitive information.
- Appearing as though they’re from a company the person knows or trusts – like a bank, a credit card company, a social networking site, an online payment website or app, or an online store.
- Telling a story to trick the person into clicking on a link or opening an attachment.
- Claiming that there’s been suspicious activity or log-in attempts or there’s a problem with a person’s account or payment information.
- Asking to confirm personal information.
- Including a fake invoice and offering a link to make a payment.
- Claiming a person is eligible to register for a government refund or provide coupons for free products.
How to Protect Yourself from Phishing Attacks
Email spam filters may keep many phishing emails out of inboxes. But scammers are always trying to outsmart spam filters, so it’s a good idea to add extra layers of protection.
Here are four “resolutions” that would be valuable educational information for your employees and cardholders to start putting into practice for their own personal protection. Your IT resources are hopefully already aware of how to best apply these recommendations for your financial institution.
- Use security software to protect your computer. Set the software to update automatically to deal with any new security threats. Outdated software makes your device more vulnerable to hackers.
- Protect your mobile phone by setting software to update automatically. These updates could give you critical protection against security threats.
- Back up your data regularly. Make sure those backups are outside your home network. You can copy your computer files to an external hard drive or cloud storage.
- Use strong passwords. There are many ways to create a strong password, like making sure your password is at least 12 characters long with uppercase and lowercase letters, numbers and symbols. Avoid using common words, phrases, or anything related to your personal life. Many services will ask you to select security questions – when you choose these, think of all the information you posted on social media, including your family names, important dates, pet names, hobbies, etc. Scammers will research your online profile to find the answers to those security questions.
It is critical to protect the data and personal information of your financial institution and for your employees and cardholders to protect their personal data as well. Let’s make 2022 the year we take action and pay greater attention to the importance of cybersecurity.
Gene Fredriksen is a co-founder and current executive director of the National Credit Union ISAO and the principal cybersecurity consultant with PureIT CUSO. He has previously held the positions of CISO for PSCU, Global CISO for Tyco International, principal consultant for security and risk management strategies for Burton Group, vice president of technology risk management and chief security officer for Raymond James Financial, and information security manager for American Family Insurance.
Fredriksen served as the chair of the security and risk assessment steering committee for BITS, and also served on the R&D committee for the financial services sector steering committee of the Department of Homeland Security. He also served as an advisor on various cybersecurity steering committees for the administrations of George W. Bush, Bill Clinton and Donald Trump, assisting in the preparation of the president’s Cybersecurity Position Paper.