Our always-connected way of life, convenient and delightful as it is, has created something of a perfect storm for digital crime. The Internet of Things, combined with weak identity verification and antiquated controls, has cultivated a target-rich environment for fraudsters and cyber criminals.
Currently, there is no 100%, foolproof way to protect personal data from being stolen. We have entrusted far too many entities with our information – information that often can't be changed after exposure. That said, there are things you can do – both on the job and in your free time – to make it more difficult for crooks to profit from your personal data.
Chances are good at least some of your personally identifiable information is already for sale on the underbelly of the internet known as the Dark Web. Things like Social Security numbers, mother's maiden name and passwords are, by themselves, not all that valuable. However, when combined to create a more complete profile of an individual (especially one with good credit), those data points become highly sought-after commodities.
Selling stolen profiles on the digital black market has become so lucrative that many illegal data dealers offer buyers full-fledged services and guarantees, including training, customer support and even refunds if the stolen data doesn't turn out to be accurate. That is why it's so critical to be intentional about protecting your information, and of course, your members' information.
Here are three simple things you can do to limit the risks:
Get Wise to Phishing Scams
Fake emails from fraudsters aren't as easy to spot today, especially in the workplace. Laser-targeted whaling scams go after busy executives, as well as their assistants and administrative staff. Particularly if you are a C-suiter, you must make it a priority to get educated on modern phishing attempts. Remember, thanks to social engineering, even lesser-known, personal details about you are being sold to phishing artists. Your spouse's name, the vacation you just took, your child's school – all of this can be included in an email to give you a false sense of familiarity with the sender.
Stick to time-tested best practices anytime you open an email, a text message or any other digital communication you are not expecting: Do not click on links; do not open attachments.
Patch, Patch and Patch Some More
It's critical you keep all antivirus software and operating systems up to date.
In January, we learned that nearly every computer, smartphone and server in existence was operating with a vulnerable chip processor. Although this is one of the broadest security holes to-date, there are sure to be more eye-opening "whoa" moments just like it this year and well into the future. To protect yourself from this and other, as-yet-unknown threats, set all of your devices (phones, internet-connected office equipment, servers, computers, IoT gadgets, etc.) – at the credit union and at home – to accept automatic security updates.
And, be careful not to fall for fake patches. When something like the recent Meltdown and Spectre flaw gets widespread media attention, cyber scammers take advantage of the notoriety to spread viruses. If you receive an unexpected alert prompting you to install a patch, check with your IT department first. It could be a look-alike capable of spreading malware throughout your network.
Be Mindful of the Tech You Talk To
Voice assistants like Amazon's Alexa and Microsoft's Cortana, although still new and evolving, are finding their way into more homes and workplaces. This is true across industries, but financial services is sure to be one of them as more consumers demand digital access to their accounts via Google Home, Amazon Echo and other voice-activated IoT devices. The FBI recently said it can neither confirm nor deny that it wiretaps these devices. If the good guys can do it, rest assured, the bad guys can, too. Keep the microphone turned off when you are not using these devices.
The same goes for your smartphone. Many free apps, especially games, are fronts for data collection companies. Some even use ad-tracking audio signals to build a profile that details what you've seen and where you've been. Combine that data with your mother's maiden name and SSN, and you've become an even more appealing mark for identity thieves.
Being cognizant of simple precautions like the ones recommended above is a common sense beginning. While these tried-and-true maxims may not safeguard against super sophisticated attacks, they are good basics to live by to protect not only yourself, but also your members.
Paul Love is Chief Information Security Officer for CO-OP Financial Services. He can be reached at paul.love@co-opfs.org.
© Arc, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to TMSalesOperations@arc-network.com. For more information visit Asset & Logo Licensing.