Each October, financial institutions like Amplify Credit Union celebrate Cybersecurity Awareness Month, a month-long campaign dedicated to teaching people about staying safe online. The idea is to encourage people to learn the cybersecurity tips and tricks that will carry over to the rest of the year. The more you change your behavior after reading an article like this, the better chance you stand at avoiding the next big email or phishing scam. With that in mind, here are seven ways to stay safe online and avoid being the future security threat in your network. Consider this Cybersecurity 101 for everyone who ever wanted to learn more about their data.
1. Enable Multi-Factor Authentication
How It Works: Multi-factor authentication is a security system that requires more than one form of identification to log into a website or an app. Whereas before you might have just used a password to log onto online banking, these days you can add a second form of verification. This method increases the security of your data and makes it much harder for people to log into your accounts.
One common form of multi-factor authentication is your thumbprint. These days, many apps—the Amplify Mobile app included—will give you the option to press your thumb to your smartphone’s keypad to verify your identity when you log in. Adding a thumbprint will ensure your financial information is safe even if your phone is lost or stolen. Since your phone is both password-protected and always in your possession, many websites and apps will also allow you to utilize your personal device to provide a second form of verification.
Next Steps: Check the security settings on each of your platforms. If multi-factor authentication is an option, familiarize yourself with the requirements and turn it on immediately.
2. Spice Up Your Password Selection
How It Works: Considering that the average American now has 27 unique logins to manage, the basics of password safety are (hopefully) common knowledge. Don’t use the same password across multiple applications; update your passwords semiregularly; never, ever store your passwords on an unsecured platform. But are you doing as much as you can to keep your passwords secure? Choosing to do only the bare minimum required during account creation—such as eight characters, one number, and one special character—may make your password easier to remember, but it also makes it easier to crack.
To keep your passwords as secure as possible, consider using a password manager or the password management system on your mobile device. These password managers can generate incredibly complex combinations of letters and characters on your behalf, and rather than memorize dozens of unique account logins, you only need to know—and two-step authenticate!—a single login. This is a smart choice for people who maintain a combination of personal and professional accounts on their devices.
Next Steps: Use a trusted website like CNET to research password manager applications or get comfortable with the password management system on your current device(s).
3. Always Update Your Devices
How It Works: Cybersecurity is an ever-evolving field. As software developers and security experts recognize new threats, developers regularly update their products to combat active threats. This is why it’s crucial to periodically download the latest version of both apps and applications on your devices. Even the smallest changes to these platforms can be significant from a cybersecurity standpoint.
If you cannot remember the last time you updated the apps on your phone, set aside some time in the next few days to go through and download the latest versions of your apps. Do the same with your laptop or desktop. If you’ve been putting off that system update for a few weeks now, close out of all your applications - make sure your work is saved! - and allow your computer to go through its much-needed update. Finally, if you do not have an antivirus system on your computer, find some room in the budget to make sure your device is safe and secure.
Next Steps: Update your apps and explore antivirus platforms for your computer(s).
4. Don’t Swallow the Phishing Hooks
How It Works: You’re probably not giving money to a Nigerian prince. But would you send some paperwork to your company’s CEO? In 2019, the Better Business Bureau released a list of some of the more common Business Email Compromise (or BEC) scams. In many of these campaigns, the emails will appear to be coming from the CEO or CFO of the company and ask employees to provide private information, such as new payment forms or W2 information. Remember, all it takes is one negligent employee to compromise the entire system.
But phishing emails are not just reserved for businesses. One conventional email phishing campaign plays on the compassion of unsuspecting individuals by asking them for help. Scammers will pretend to be a friend or a member of your extended family who has experienced an emergency while traveling abroad. In both cases - professional and personal - the best defense is a healthy skepticism. Check the sender’s email address, be wary of subject lines that feel out of line with the person in question, and never, ever reply or click on any questionable emails. Usually, a quick phone call or text message can clear these scams right up.
Next Steps: Be suspicious of all unexpected emails. Immediately verify any requests for information or money outside of email.
5. Don’t Overshare on Social Media
How It Works: You just had a great lunch with an old friend, so you did what many of us would do: you snapped a photo outside of the restaurant, shared it on Instagram, and tagged her in the post. Nothing to worry about, right? Wrong. Giving strangers information about your network and your everyday expenses - such as the restaurants you eat at and the people you travel with - can provide scammers with ways to approach you that feel authentic. Play it safe by setting your social media accounts to private or thinking twice before uploading new information.
Oh, and be wary of any of those games that make the rounds on social media. If the questions are asking you to provide identifying information (“Your Star Wars name is your childhood pet and the street you grew up on!”), the odds are good that not everyone is enjoying your answers for the same reasons. After all, that kind of information can be used to answer password security questions, making it easy for someone to log into one of your accounts.
Next Steps: Be careful with what you share on social media. You never know how it might be used.
6. Keep an Eye on Your Apps
How It Works: Many apps require some degree of access to your system to work as intended. For example, apps that use your location to identify nearby opportunities - shopping deals, low gas prices, etc. - have good reason to tap into your location services. But do these apps need to access your data even when they’re closed? If you aren’t careful with your settings, some apps will run in the background even when they’re closed, creating potential vulnerabilities in your device.
All of this assumes that these apps are operating in good faith. In 2019, the Russian-made FaceApp was all the rage with people who wanted to see what they would look like in their old age. After a little digging, however, journalists uncovered a scary loophole in the app’s terms and conditions: the developers of FaceApp retained potentially permanent rights to any photos you uploaded. The bottom line? Know what your apps are tracking - and what they’re doing with that information once it’s tracked.
Next Steps: Read the terms and conditions and double-check the data permissions for each app you download.
7. Be Careful When on Public Wi-Fi
How It Works: It’s not that you shouldn’t use public wi-fi networks in libraries in coffee shops; it’s just that you should be careful what you do while you’re on them. If you are spending a few hours catching up on some work at your favorite java joint, make sure you are not transmitting secure data over an unsecured network. Are you doing some research online and taking notes in Microsoft Word? You’re probably going to be okay. Are you logging into your banking accounts and your company’s remote server? Probably not a good idea.
In most cases, your phone is a better alternative to the public network. Setting up a password-protected hotspot will allow you to access secure information without worrying about the data you are transmitting. And while it may not be quite as fast as the public wi-fi network, saving a couple of seconds here and there is certainly not worth the damage that can be done by a dedicated scammer on the same system.
Next Steps: Avoid confidential information on public networks. Create a hotspot with your phone when all else fails.
And there you have it! Memorize these seven tips and exhibit a little caution with your connectivity, and the odds are good that you will never be a security threat to you, your family, or your business. If you want to stay on top of the latest cybersecurity news, be sure to bookmark www.staysafeonline.org, a helpful resource from our friends at the National Cyber Security Alliance.