I SERVED ON A GRAND jury earlier this year. We heard more than 100 cases during our three-month stint. Our task was to issue an indictment if the state showed probable cause that a crime occurred. If we indicted, cases would then move on to traditional jury trials.
Some cases involved cybercrime. Others included private records subpoenaed by the District Attorney’s office from technology and phone companies, financial institutions, hospitals and commercial businesses. The experience was eye-opening. I learned that cybercrime is a huge threat and that my private data isn’t so private.
I also concluded that my knowledge of cybersecurity was lacking, so I set out to get a better handle on the topic. I want to share some important things I learned.
Let’s start with the distinction between cybersecurity and data privacy. Cybersecurity is the practice of protecting computing devices and data against unauthorized access or attack. Data privacy refers to a person’s ability to determine when, how and to what extent personal information is shared with others. In this article, I focus on cybersecurity.
Cybersecurity matters because the consequences of cyberattacks can be so unpleasant. HumbleDollar readers probably are most interested in the financial impact, which can be significant. Cybercriminals can drain your brokerage and bank accounts. They may make unauthorized charges on your credit and debit cards. They can steal your identity and use it to file for government benefits, open credit card accounts, file for tax refunds, destroy your credit rating or commit crimes. You may be able to recover your assets if you’re a victim. But do you really want to put that to the test?
Cybercriminals attack us in three primary ways. First, there’s physical theft. Criminals use confidential data on stolen devices for financial gain.
Second, there are technology-based attacks. Cybercriminals use powerful computers to guess possible passwords until they find the correct password to log into networks, computers or online accounts. They may use their expertise to hack into business and personal networks which, in turn, give them access to connected devices. They can steal confidential information as it’s transmitted over unsecured public wireless networks or intercept communications between users and domain name servers to re-route users to malicious websites. They also may download malicious software onto their victims’ devices.
Third, there are social-engineering attacks. Criminals use psychology to exploit human nature and manipulate us. Their aim is to trick us into voluntarily giving up confidential data, downloading malicious software or visiting malicious websites. These attacks are particularly effective because they cause us to do things that circumvent our security defenses.
There are some basic things most of us can do to protect ourselves that don’t require much technical knowledge or effort:
Cognitive protections. This starts with commonsense, knowing what to anticipate and staying alert. Familiarize yourself with social-engineering scams so that you recognize them if you’re targeted. Accept the fact that you’re up against worthy adversaries who must be taken seriously. Never let down your guard when you’re online.
Device protections. Use strong PINs or biometrics to unlock your electronic devices. Update operating system and applications software as soon as updates are available, because they often provide essential security fixes. Use internet security software and back up your devices. Protect your devices from theft by keeping them in your possession when in public. Think carefully about the apps and data you put on your mobile devices, asking yourself, “What would happen if this device was lost or stolen?” Use “find my device” apps, which enable you to see the location of your stolen devices and erase the data on them. Never go after criminals yourself. Call the police.
Network protections. Use wired ethernet networks or secured private wireless networks. Don’t use unsecured public wireless networks. Set your browser to use “https connections only” for safer and more secure encrypted connections. Better yet, seriously consider using a VPN (virtual private network) service provider to encrypt your data as it travels across networks.
Account protections. Safeguard your accounts with passwords that are unique, long and complex. This is doubly important for sensitive accounts like email, bank, brokerage and credit card accounts. Use a password manager app to help you use strong passwords and use two-factor authentication wherever it’s available. Review your financial accounts regularly to spot problems as soon as possible. Also, set up email or text alerts for your financial accounts so that you’re notified of transactions or changes to your profiles. Set up alerts with your credit card companies to notify you if new accounts are opened with your Social Security number. Protect your credit card accounts by using virtual credit card numbers for online transactions. Check for known data breaches of your email accounts.
Behavioral habits. Email, text messages and social media are ripe targets for scam artists. Never click on links or attachments in emails or messages unless you trust the sender. Even then, use caution, because a criminal may be impersonating a friend or family member.
Rick Moberg is the retired chief financial officer of a publicly traded software company. He has an MBA in finance, is a CPA and has a passion for personal finance. Rick lives outside of Boston with his wife. Check out his previous articles.