Jenson Strock, Marketing Specialist
This October marks the 20th annual Cybersecurity Awareness Month – and the need for preparedness is only growing.
Global cybercrime costs are expected to grow 15% over the next three years, reaching $8 trillion in 2023, according to Cybersecurity Ventures.
As cybercriminals get more elusive, it is important to take the proper steps to protect yourself – or your business – in the online space.
Cybersecurity Awareness for Individuals and Families
A potential cyberattack can present itself various ways – like text, e-mail, and social media messages. As you browse, there are several ways you can protect yourself. Here’s what the Cybersecurity and Infrastructure Security Agency (CISA) suggests:
Fraudsters are tricky and they don’t rely on one sole method to trick you. Be cautious of unexpected emails, texts, and even friend requests on social media.
Recognize and Report Phishing
Phishing is when a criminal tries to get you to open a harmful link or attachment that may infect your device or attempt to steal your personal information. They are made to look like they come from a trusted source.
According to the CISA, common red flags to look out for in a phishing attempt include urgent or emotionally appealing language, requests to send personal or financial information, untrusted shortened URLs, and incorrect email addresses or links.
If you believe you have been the target of a phishing attempt, don’t click on any links or attachments. Instead, report it. When it comes to email, you will typically find options to report the message near the person’s email address or username. Another way to send a report is by clicking the “report spam” button in the toolbar or settings.
Finally, make sure to delete that message.
Use Strong Passwords
The CISA suggests creating a password that is at least 16 characters long; is made up of mixed case letters, numbers, and symbols; and is unique to each account.
While it may be difficult to remember several long passwords, it is best to avoid saving them all in a file on a computer. According to the CISA, a password manager is the best course of action.
Turn on Multifactor Authentication (MFA)
Multifactor authentication (MFA) helps keep your accounts safe by creating a barrier of entry. To turn yours on, simply go to your account or app settings, look for and turn on MFA (it may be called two-factor authentication or two-step authentication), and confirm. You can select which method you’d like to use. Generally, the options include receiving a code or text by email, using an authentication app, or biometrics like facial recognition or fingerprints.
Cybersecurity Awareness for Businesses
It’s no surprise that bad actors are on the lookout for easy targets, and business owners that don’t take the steps to protect their assets put themselves at risk.
The CISA suggests four ways you can make it harder for criminals to gain access to protected information.
As a business, your employees are your front line for security. Make sure cybersecurity awareness is a priority that employees are trained on periodically.
Provide Phishing Training to Employees
Your employees should be able to spot the telltale signs of phishing. Criminals are always improving the way they target businesses, so training should be regularly held. You can find resources with material that is ready to go at no cost through your IT provider or a nonprofit. You can find training resources through the CISA online here.
Require Employees to Use Strong Passwords
As with your individual safety, employees should be required to use passwords that are long, random, and unique for all work-related accounts. It’s also a good idea to provide a password manager that can create, store, and fill in passwords automatically, making it easier for employees to use strong passwords.
Password protection should extend to your software, too. Many hardware and software products come with default usernames and passwords that are physically labeled on the device or accessible online. It’s good practice to ensure your staff changes all default credentials.
Require MFA Wherever Possible
Having a code sent to your email or cell phone may be the most convenient method, but more secure options are out there.
The CISA encourages businesses to either utilize an authentication app or “phishing-resistant” MFA, like a FIDO security key or a smart card.
Update Business Software
One of the best ways to protect your business against an online attack is to keep your software up-to-date and replace anything that’s no longer supported. Enable automatic updates and make sure to test and deploy the latest versions of your business’s operating systems and third-party software.
Make sure to keep employees in the loop, and explain why updates should not be delayed. Encourage them to set up automatic updates on their own computers and have them reach out to your IT department before installing any software or apps on company devices.
Reporting cybercrime is a key part in bringing offenders to justice. Even if you were just a potential target of a cyberattack, it’s important that authorities are made aware before another person falls victim to the scam.
There are a number of ways to report a potential cybercrime. According to the CISA, here’s who you can contact.
Don’t feel embarrassed if you’ve fallen victim to a cybersecurity attack. The most important thing you can do now is take steps to report, recover, and protect yourself going forward.
Local Law Enforcement
If you believe you’ve been the victim of an online scam, you can reach out to your local police department or sheriff’s office. They are obligated to make a formal report and when necessary, they should refer you to other relevant agencies.
Your Community’s Victim Service Provider
Many communities throughout the U.S. now have victim advocate programs, as cybercrime becomes more widespread. Advocates can help you find resources and provide emotional support as you pick back up the pieces following an attack. The CISA has provided a list of victim service providers online.
Internet Crime Complaint Center (IC3)
The Internet Crime Complaint Center (IC3) is a partnership between the FBI and the National White Collar Crime Center. Agents will review your report and make sure it gets into the hands of the right state, local, or federal agency. You can file an IC3 complaint here.
Federal Trade Commission (FTC)
The Federal Trade Commission (FTC) does not generally resolve individual complaints. However, the agency also runs the Consumer Sentinel, an online database used by law enforcement worldwide in search of patterns of misbehavior. You can file an online FTC complaint here.
You can also receive help through the FTC hotline at 1-877-IDTHEFT (1-877-438-4338).
Your Email Provider
It’s good practice to delete spam and other suspicious emails, but you can further improve your cybersecurity by reporting cybercrime attempts to your email provider. For most widely used services, reports can be made at the click of a button. You can also block an address from continuing to send you messages. However, be warned that scammers will change email addresses and sometimes even spoof real ones.
If you give out your personal or financial information online and later realize that it may have been a scam, contact your bank through a trusted trusted customer service number. Remember, you can always go to your bank’s website for additional contact information.
Explain what happened and request to close or freeze any accounts that may have been compromised or fraudulently opened under your name.
If you’re ever unsure, it’s best to play it safe; and our Waterford bankers are always available to help.
Cybersecurity Next Steps
After you report a potential cybercrime, it’s important to keep any relevant evidence.
Evidence may include things like canceled checks, certified mail, chatroom texts, credit card receipts, social media messages, money order receipts, phone bills, copies of emails, copies of web pages, or any wire receipts.
Be sure to keep those receipts – whether they are physical payment receipts or records of conversations. These items could prove to be useful ammunition against a criminal should a business or investigator require them.
Keep this information in a safe spot in case you are asked to provide it to investigators.
The best way to protect yourself, your loved ones, and your business against cybercrime, is to stay informed. For more information on cybersecurity or managing your money online, check out the “Security and Privacy” section of our website.
About the Author
Jenson Strock is a Marketing Specialist at Waterford Bank, N.A. She was born in the Toledo area and went on to work for years in TV news, sparking her passion for all things local. After making the jump to banking, her goal remains the same: to help neighbors and businesses in the community thrive. If you’d like to connect with Jenson or learn more about protecting yourself online, please contact us here.