Over the last few years, I’ve done a lot of writing for clients on the topic of data security. I’ve pored over reports and talked to experts for articles and white papers on POS systems, smart cards, data breaches and mobile technology. While I am struck by how complex and enormous the problem of cybersecurity has become, I am also surprised by how indifferent we are when it comes to protecting our personal information and identities. We could keep our data a lot more secure with just a few simple preventative steps.
Each year, Verizon compiles information about cyber crime in its Data Breach Investigations Report. It has become must reading for anyone interested in data security. In the 2015 report, Verizon noted that 700 million records were compromised last year, resulting in an estimated financial loss of $400 million. Altogether, there were 79,790 security incidents and 2,122 confirmed data breaches. And that doesn’t count the most recent revelations from the Office of Personnel Management that over 22 million federal employee and contractor records were hacked, the largest cyber attack ever on the U.S. government.
The Washington Post recently editorialized that our government’s response to cyber attacks has been “lazy and complacent.” With major U.S. breaches tied to foreign governments such as Russia, North Korea and China, our response has been slow or non-existent. “Cyberconflict does not fit neatly into other types of war, espionage and crime. It is asymmetrical, favoring a smaller, stealthy attacker over the defender,” the Post said. Unfortunately, it is not always clear who to take action against and whether retaliation might result in more harm to our already-vulnerable U.S. networks.
Equally troubling is how unconcerned and careless people are when it comes to securing their personal identity, bank and credit card information, computers and mobile devices. Many people still don’t password-protect their smart phones, laptops or Wi-Fi routers, or they keep their passwords taped to their monitor. Duh.
When I was researching payment system breaches, I found that retail businesses don’t always maintain strict controls over their systems. One of the most common oversights is failure to change the default password that comes with the POS system! Other not-so-brilliant mistakes include giving employees unrestricted access to network computers and allowing vendors access to internal systems.
As consumers, we can do a lot more to protect ourselves. Sure, it’s a nuisance to remember passwords, but they at least give some level of protection. Experts say that we should always opt for a higher level of security when given a choice. At least two-factor authentication is recommended. It’s also not a good idea to stay logged on to a website or app after you’re done viewing it, even though many sites offer that option. It’s especially important to log off of an e-commerce site after you’ve made a purchase or viewed your account. Also, you should avoid logging into personal banking and e-commerce sites when you’re using free, public Wi-Fi.
And speaking of account balances, hopefully you are monitoring your bank and credit card balances frequently. It’s easy to do with an app. You’ll be able to spot any suspicious charges or withdrawals, and act on them quickly.
Be sure to update your software and operating systems regularly, install antivirus software and backup your computer onto an external drive. When you’re finished with your computer for the day, turn it off. You may also want to turn off your smartphone’s Wi-Fi and Bluetooth service if you are in a public space.
A whole blog post could be written about being prudent about the sites you visit, forums you post comments on, and invitations you receive from Facebook and LinkedIn. If you’ve never heard of the person who’s asking you to connect, maybe that’s a clue. Needless to say, never share personal information or agree to send money.
Then there are the phishing emails that land in your email box daily. The best thing to do is just delete them. Even emails from friends can be suspicious, especially when they contain a link and no explanation. Generally it’s a sign that your friend’s contact list has been hacked.
There are lots of resources available to help you protect yourself and your business from cyber crime.
You can report Internet fraud on the Internet Crime Complaint Center (IC3) website. IC3 is a partnership between the FBI and the National White Collar Crime Center.
More information is available at these sites:
- Federal Trade Commission – Data Security (for businesses); Privacy & Identity (for consumers); IdentityTheft.gov (how to report ID theft)
- Joint law enforcement/industry task force – LooksTooGoodToBeTrue.com (tips on avoiding scams)
- Department of Homeland Security – Cybersecurity; Stop. Think. Connect
- Better Business Bureau – Securing Your Personal Data (for business owners)