Cybersecurity Best Practices

 

What is cybersecurity?

Cybersecurity is the practice of defending computers, servers, mobile devices, electronic systems, networks and data from malicious attacks.  It's also known as information technology security or electronic information security.

 

Why is cybersecurity important?

  • Cyberattacks affect all people.  Recent reports show that hackers attack a computer in the US every 39 seconds.

  • The fast changes in technology will cause a boom in cyberattacks.

  • Cyberattacks can compromise your personal data and potentially give hackers access to your financial accounts, resulting in fraudulent transfers or identity theft.

  • The fast changes in technology will cause a boom in cyberattacks.

    • Faster speed of broadband service networks (5G) create an expanded multidimensional cyberattack vulnerability.

    • The arrival of modern technologies such as IoT (Internet of Things) is greatly increasing the number of connected devices to the extent that there will be around 200 billion connected devices by the end of 2020.

    • More use of cloud computing leads to increased cybersecurity risks.

 

Common Types of Cyber Threats

Credential Replaying

Explanation: Most people re-use passwords and usernames.  Cybercriminals hope to access a few accounts by using a large stockpile of stolen login credentials.

Example: Cybercriminals acquire login credentials, test them in large numbers against financial institutions' websites to find matches, then request fraudulent fund transfers.

 

 

Malware

Explanation:  Malware (Malicious Software) is created to damage &/or disable a computer, computer systems, steal data or gain unauthorized access to networks.

Examples:  Viruses, worms, trojan horses, ransomware and spyware

Safeguarding against:  Install the most up-to-date antivirus and anti-spyware software on all of your devices that connect to the Internet.  Run regular scans to update your software when available.  Make sure that your networking equipment and computers are all still supported by the manufacturer.

 

 

Phishing

Explanation:  Cybercriminals pretend to be a trustworthy source in order to acquire sensitive personal information. (i.e. user names, passwords, social security numbers and credit card details.)

Example: An email from what seems like a legitimate email address instructs you to click on a link to take action (e.g., “validate your account,” “confirm your identity,” “access your tax refund…”).  The link brings you to a website requiring you to enter your personal information.  

Safeguarding against: Hover over any links that appear questionable to reveal the true destination before clicking.  Beware that secure websites start with https, not http.  Use trusted security software and set it to update automatically.  Do not give any personal information over email or private message.

 

 

Spoofing

Explanation:  A fake email header that gives the impression the email is from someone or somewhere other than the actual source.  The goal is to trick the recipient into opening and responding to the email. 

Example: Your advisor receives an email from a cybercriminal who impersonates you and confirms a fraudulent wire transfer.

Safeguarding against: Carefully check the incoming emails for the proper email address and the accuracy of the spelling of the sender's name.  If an email or phone call are questionable, contact the sender directly, using the email address or phone number you have on file for that individual.

 

 

Email Account Takeover

Explanation:  The cybercriminal hacks your email account and reads your emails to learn about you and your habits.  He or she can then pose as you to steal your money.      

Example:  Your email is hacked, and posing as you, the cybercriminal emails your advisor instructions to forward funds to an account.

Safeguarding against:  Make sure to follow proper identification processes.  Use secret passwords, phone call verifications and video chats to help verify the identity of the people you correspond with.           

 

 

Social Engineering

Explanation:  Manipulating or impersonating others to divulge sensitive, private information and then demanding financial transactions be executed to avoid consequences.

Example: You receive an email from customer support at an online shopping website that you frequently buy from telling you that they need to confirm your credit card information to protect your account.  Without thinking twice, because you trust the online store, you send not only your credit card information but also your mailing address and phone number.  A few days later, you receive a call from the credit card company telling you that your credit card has been stolen and used for thousands of dollars of fraudulent purchases.

Safeguarding against: Be selective about who you allow to join your social networks.  Be cautious about the information you choose to share on social media, keeping your personal information private (e.g., home address, phone number, employer, vacation dates, birth date).

 

 

 

 

 

Sources:

Charles Schwab & Co., Inc

USA.Kaspersky.com

www.intellectualpoint.com