With continued uncertainty regarding the COVID-19 pandemic, it’s safe to say that fraudsters will continue to exploit our situation to commit fraud. The seemingly dire picture is perpetuated by data breaches that have exposed our Personally Identifiable Information (PII). The reality is that everyone’s PII may already be on the Dark Web and it’s only a matter of time before our name is next on a criminal’s list (www.foxnews.com/tech/your-personal-data-may-be-on-the-dark-web-what-you-need-to-know). The question may not be if someone will try to access my network, device, or accounts, but when?
In order to fully understand how vulnerable we are, it is imperative that we review and assess our digital footprint. By “digital footprint” I mean our online accounts with their login information, Internet browsing habits, how we use our email, and how much information we share on social media.
Data breaches include any combination of dates of birth, phone numbers, email addresses, and account numbers with usernames and passwords. With your PII in hand — or portions of it — identity thieves try their luck on different retail or bank websites to hack your accounts or create new ones in your name (www.wsj.com/articles/how-to-use-a-free-password-managerand-make-your-logins-safer-11642341602).
Presuming an identity thief has your information and is seeking to access your accounts, there are three main entry points he or she can use: your Network, your Devices, and your Accounts. This is where we make a stand and protect ourselves.
Ensure your network has a firewall to stop threats before they access your devices. Internet Service Providers (ISPs) have this already in place. Make sure it is on or you can call their customer service for help on setup. You can also change the preset name and password on your internet router. If you change the name on your router, it will make it more difficult to identify which ISP you use, the type of router, and any vulnerabilities it may have.
Next, set up a guest “Wi-Fi” account and separate password for your guests. Unfortunately, we can’t always ensure that everyone who enters our home is as mindful about cybersecurity as we all need to be. You may open your network to vulnerabilities if a guest with an infected phone gains access to your network and password.
Always update the software on your devices when prompted. These updates generally include security patches for newly identified vulnerabilities. This will ensure the software on your devices is protected against the latest threats.
Use facial recognition to unlock your phones or set up at least a six-digit PIN to unlock your device. You can also set up a PIN for your SIM card on your phone and, perhaps more importantly, place a lock on your number with your cellular service provider to prevent anyone from porting your number onto another device.
Never click on links in text messages or emails, even if they appear to be from your bank or your utility company. The more tech-savvy fraudsters clone legitimate websites and embed links in emails to lure you to click on them to download malware on your machines and devices. Instead open up your browser and look up the website.
Refrain, as best you can, from giving your cellular telephone number and email at retail stores. Any company that does not employ the best cybersecurity protocols will be susceptible to attack. Sadly, we can’t assume companies will promptly announce a breach when it occurs (scarincihollenbeck.com/law-firm-insights/cyber-security/not-report-a-data-breach-costly). The best option, then, is to use temporary or “burner” cellular numbers and/or a separate email just for retailers. Google Voice is an option when giving your phone to join rewards programs, for example.
Use a Password Manager and never reuse Passwords. This cannot be stressed enough. With so many accounts and logins, it is easy and tempting to reuse the same ones. There are several free and paid managers you can download from the app store. Bitwarden, 1Password, and LastPass continue to make the top-rated lists. I recommend at least 16-character passwords with numbers, letters, and special characters and change them every 90 days. Luckily, password managers can create new and complex passwords with ease. All you need to do is remember the master password for the manager to access the list of your logins.
In addition to complex passwords, use multifactor authentication (MFA) when logging onto your accounts online (learn more about MFA at cybersecurity.osu.edu/cybersecurity-you/passwords-authentication/multifactor-authentication). MFA is an added security feature to login to your accounts. In short, the MFA app will generate a code that you enter after your username and password. If your login credentials have been compromised, the person trying to hack into your account will be prompted to enter this code, making it virtually impossible to gain access. Google has its own authenticator and Authy is also a great choice. Fortunately, more banks and retailers are adding this feature to their websites.
Finally, “anonymize yourself” as much as possible. Use an alias instead of using your first and last name in your email address. Instead of firstname.lastname@example.org, use email@example.com. Also use aliases on your social media accounts and make everything private. While it may feel great to have your friends wish you a happy birthday on Facebook, it may not be worth having your date of birth on there for everyone to see.
Remember, if you take certain precautions to make accessing your network, devices, and accounts difficult to ID thieves (i.e., implementing long and complex passwords and using MFA codes), they will likely move on to the next person because they generally don’t have the patience to keep trying. In my line of work, most if not all victims reuse passwords, liberally share information on social media, and click on links from unknown senders.
[Jay Santiago is a pseudonym for a former local police officer now in federal law enforcement who grew up here and moved back.] ■
© 2022 NFCCA [Source: https://nfcca.org/news/nn202202f.html]