The field of cybersecurity has been in the news a lot lately. From Twitter accounts being hacked to gasoline pipelines being disrupted, it seems like threats to our computer systems and data are everywhere. That sounds exaggerated, but it is uncomfortably close to the truth. The FBI’s Internet Crime Complaint Center received 791,790 complaints in 2020, an increase of more than 300,000 from 2019. Losses from cybercrime are predicted to reach $6 trillion in damages globally in 2021.
Thankfully, there are several relatively simple steps we can take and habits we can get into that can make us a much more difficult target for cybercriminals. Most of the following tips focus on actions individuals can take, but it’s important to understand that personal cybersecurity habits affect not only the individual but can have a very real impact on the security of the organization they work for and even people they are connected to online.
Perhaps the most important thing to take away from a discussion of cybersecurity is that a large percentage of cybercrime involves a human action that makes the crime possible. Much like thieves testing door handles to find unlocked cars, cybercriminals are constantly trying to take advantage of lapses in security. Leaving your car unlocked is an invitation to thieves and so is inattention to computer security.
Phishing and email scams
Do not click the link! Phishing is a form of cybercrime where the perpetrator sends out fraudulent email, hoping that the receiver will unwittingly provide personal information. Most of us have seen the emails that just seem too good (or too bad) to be true. Clicking a link in those emails will often take a user to a login site that looks a lot like the real business it is spoofing but is actually just gathering login information. If a user enters their username and password, the criminal wins.
Careful attention to the contents of an email you receive can go a long way towards avoiding falling victim to phishing. Watch for some of the following:
- Incorrect sender domain name (e.g., citibank.anyname.com instead of citibank.com)
- Incorrect or generic salutation (e.g., Dearest Mr. John)
- Poor grammar or spelling
- Watch for emails that attempt to spread fear, confusion, or frustration
- An offer too good to be true, or bad news that requires immediate attention
- Incorrect links – remember that the word you see in a link is not necessarily where it leads to. Hover over links to see the actual URL or web address
- Do not assume an email is safe just because you recognize the sender. A name and even an email address can be easily spoofed
Cybercriminals are getting more sophisticated, though, and some phishing emails can be hard to spot. Again, the best precaution is do not click the link! An email stating that your account is overdrawn can be alarming but calling the bank or logging into your account directly is the safest way to check your account, not clicking the link in the email.
Extortion and monetary theft
Extortion or monetary theft is another frequent cybercrime. Fake IRS notices, mock invoices and threats of computer damage are all ways cybercriminals prey on unsuspecting users. Take extra caution when any request is made that requires immediate payment. Especially watch for scams that require you to wire transfer money, get a certified check or buy gift cards. If you are still unsure, talk to someone about it, even if it is uncomfortable. A quick call or verification can save a lot of money.
Careful attention to password habits is another important item that individuals can do to protect their information and identities. A password is like the key to the lock on the door. Lose it, or make it too easy to duplicate, and you are likely to get compromised. Some good password habits are as follows:
- Use longer passwords – at least 8 characters and preferably 12
- Have a unique password for every site you visit
- Use a mix of capital and lowercase letters, numbers, and special characters
- Don’t write them down, especially not in a plain text from, like in a document or spreadsheet
- If you must write passwords down on paper, add characters that you will omit when using them and store them in a safe place
- Better yet, use an encrypted password manager to store your passwords
A good way to make an easily remembered password is to put together some easily remembered words, numbers, or phrases, add special characters, and then add part of the site name to the mix. For instance, let us say you need a password for your Amazon account. Use the first 3 letters of Amazon, 2 special characters, the last 4 digits of your childhood phone number and the last 3 letters of the site, and another special character at the end. So, you would end up with Ama@!1234Zon$. It is a complex password that will be different for every site, yet easy for you to remember.
Password managers are an excellent way to organize your passwords and eliminate the need to remember them. There are several good options available, just be sure to do some research to make sure the one you choose is secure. At a minimum, a password manager should save your data in an encrypted format, meaning that the password is never visible to a cyberthief.
Getting into the habit of locking your computer or smartphone is also important, especially when in public places or at work. Remember that if a person can get access to your computer, they can likely access all your saved accounts and financial documents. An unattended and unlocked work device can lead to the compromise of the entire company network. Locking your computer can help prevent a serious loss of information.
Along with locking, here are some additional good habits that can help you avoid computer disaster:
- Be more aware of what you are clicking on and what sites you are visiting
- Be careful what data you store and be aware of where you are storing it
- Back up data regularly, whether to an external drive or cloud storage
- Make sure your operating system, software and antivirus are updated regularly – automatic is best
We hope some of these tips will be helpful to you and more importantly, make you more aware of what you are doing online. Simply being attentive and minding some basic cybersecurity hygiene are effective tactics in avoiding becoming a victim of cybercrime.