October is National Cybersecurity Awareness Month
National Cybersecurity Awareness Month occurs every October as a national campaign designed to increase the public’s awareness of cybersecurity and cyber crime issues. The campaign is organized by the National Cyber Security Alliance, a consortium of public and private sector sponsors who share a concern about protecting the public from Internet threats.
To celebrate National Cybersecurity month, here are some tips to help keep you more secure online:
8 Tips to Protect Your Identity
Identity theft continues to be one of the fastest growing crimes in the United States. In 2017, there were 16.7 million victims of identity fraud in the U.S., according to Javelin Strategy and Research. Union Bank recommends following these tips to keep your information – and your money – safe.
- Don’t share your secrets.
Don’t provide your Social Security number or account information to anyone who contacts you online or over the phone. Protect your PINs and passwords and do not share them with anyone. Use a combination of letters and numbers for your passwords and change them periodically. Do not reveal sensitive or personal information on social networking sites.
- Shred sensitive papers.
Shred receipts, banks statements and unused credit card offers before throwing them away.
- Keep an eye out for missing mail.
Fraudsters look for monthly bank or credit card statements or other mail containing your financial information. Consider enrolling in online banking to reduce the likelihood of paper statements being stolen. Also, don’t mail bills from your own mailbox with the flag up.
- Use online banking to protect yourself.
Monitor your financial accounts regularly for fraudulent transactions. Sign up for text or email alerts from your bank for certain types of transactions, such as online purchases or transactions of more than $500.
- Monitor your credit report
Order a free copy of your credit report every four months from one of the three credit reporting agencies at annualcreditreport.com.
- Protect your computer.
Make sure the virus protection software on your computer is active and up to date. When conducting business online, make sure your browser’s padlock or key icon is active. Also look for an “s” after the “http” to be sure the website is secure.
- Protect your mobile device.
Use the passcode lock on your smartphone and other devices. This will make it more difficult for thieves to access your information if your device is lost or stolen. Before you donate, sell or trade your mobile device, be sure to wipe it using specialized software or using the manufacturer’s recommended technique. Some software allows you to wipe your device remotely if it is lost or stolen. Use caution when downloading apps, as they may contain malware and avoid opening links and attachments – especially from senders you don’t know.
- Report any suspected fraud to your bank immediately.
12 ways to Protect Your Mobile Device
Your mobile device provides convenient access to your email, bank and social media accounts. Unfortunately, it can potentially provide the same convenient access for criminals. We recommend following these tips to keep your information – and your money – safe.
- Use the passcode lock on your smartphone and other devices. This will make it more difficult for thieves to access your information if your device is lost or stolen.
- Log out completely when you finish a mobile banking session.
- Protect your phone from viruses and malicious software, or malware, just like you do for your computer by installing mobile security software.
- Use caution when downloading apps. Apps can contain malicious software, worms, and viruses. Beware of bogus programs and/or apps that feature simulated ad interactions or display intentionally misleading buttons or layouts. Also watch for apps that ask for unnecessary “permissions.”
- Download the updates for your phone and mobile apps.
- Avoid storing sensitive information like passwords or a Social Security number on your mobile device. However, if you choose to store passwords on your phone, consider using a “password keeper,” which allows you to store sensitive information using a passcode.
- Tell your financial institution immediately if you change your phone number or lose your mobile device.
- Be aware of shoulder surfers. The most basic form of information theft is observation. Be aware of your surroundings especially when you’re punching in sensitive information.
- Wipe your mobile device before you donate, sell or trade it using specialized software or using the manufacturer’s recommended technique. Some software allows you to wipe your device remotely if it is lost or stolen.
- Beware of mobile phishing. Avoid opening links and attachments in emails and texts, especially from senders you don’t know. And be wary of ads (not from your security provider) claiming that your device is infected.
- Watch out for public Wi-Fi. Public connections aren’t very secure, so don’t perform banking transactions on a public network. If you need to access your account, try disabling the Wi-Fi and switching to your mobile network.
- Report any suspected fraud to your bank immediately
8 Tips for Protecting Yourself Online
Every year, millions of consumers fall victim to cybercrime. According to the 2017 Norton Cyber Security Insights Report, 143 million U.S. consumers were victims of cybercrime – more than half of the country’s adult online population – with losses totaling nearly $19.5 billion. Follow these tips to help keep your information safe online:
- Keep your computers and mobile devices up to date. Having the latest security software, web browser, and operating system are the best defenses against viruses, malware, and other online threats. Turn on automatic updates so you receive the newest fixes as they become available.
- Establish strong passwords. A strong password is at least 8 to 12 characters and includes a mix of upper and lowercase letters, numbers and special characters. Avoid using passwords based on personal or easily accessible information, such as names, birthdays and common phrases (such as “1234” or “Password”) and never share passwords with coworkers, family or friends. Use different passwords for each account and change them regularly.
- Watch out for phishing scams. Phishing scams use fraudulent emails and websites to trick users into disclosing private account or login information. Do not click on links or open any attachments or pop-up screens from sources you are not familiar with. Also, look for common red flags such as misspellings, grammatical errors, requests marked as “Urgent!” or “sensitive”, and/or emails from personal email addresses rather than a business email account.
- Recognize and avoid bogus website links. Cybercriminals embed malicious links to download malware onto devices and/or route users to bogus websites. Hover over suspicious links to view the actual URL that you are being routed to. Fraudulent links are often disguised by simple changes in the URL. For example: www.ABC-Bank.com vs. ABC_Bank.com.
- Keep personal information personal. Hackers can use social media profiles to figure out your passwords and answer those security questions in the password reset tools. Lock down your privacy settings and avoid posting things like birthdays, addresses, mother’s maiden name, etc. Be wary of requests to connect from people you do not know.
- Secure your internet connection. Always protect your home wireless network with a password. When connecting to public Wi-Fi networks, be cautious about what information you are sending over it.
- Shop safely. Before shopping online, make sure the website uses secure technology. When you are at the checkout screen, verify that the web address begins with https. Also, check to see if a tiny locked padlock symbol appears on the page.
6 Ways to Protect Your Business from Business Email Compromise Scams
Companies of all sizes are being targeted by criminals through business email compromise scams. In these scams, cybercriminals gain access to an employee’s legitimate business email through social engineering or computer intrusion. The criminal then impersonates the employee ¾ often a senior executive or someone who can authorize payments ¾ and instructs others to transfer funds on their behalf. Union Bank recommends the following tips to help businesses and employees avoid business email compromise attacks:
- Educate your employees. You and your employees are the first line of defense against business email compromise. A strong security program paired with employee education about the warning signs, safe practices, and responses to a suspected takeover are essential to protecting your company and customers.
- Protect your online environment. It is important to protect your cyber environment just as you would your cash and physical location. Do not use unprotected internet connections. Encrypt sensitive data and keep updated virus protections on your computer. Use complex passwords and change them periodically.
- Use alternative communication channels to verify significant requests. Have multiple methods outside of email – such as phone numbers or alternate email addresses – established in advance through which you can contact the person making the request to ensure it is valid.
- Be wary of sudden changes in business practices or contacts. If an employee, customer or vendor suddenly asks to be contacted via their personal e-mail address, verify the request through known, official and previously used correspondence as the request could be fraudulent.
- Be wary of requests marked “urgent” or “confidential.” Fraudsters will often instill a sense of urgency, fear or secrecy to compel the employee to facilitate the request without consulting others. Use an alternative communication channel outside of email to confirm the request.
- Partner with your bank to prevent unauthorized transactions. Talk to your banker about programs that safeguard you from unauthorized transactions such as call backs, device authentication and multi-person approval processes.
For more tips, see the FBI’s Internet Crime Complaint Center’s public service announcement.
If you fall victim to a business email compromise scam:
- Contact your financial institution immediately to notify them about the fraudulent transfer and request that they contact the institution where the fraudulent transfer was sent.
- Contact your local Federal Bureau of Investigation office as they might be able to freeze or return the funds, if notified quickly.
- File a complaint, regardless of dollar loss, at www.IC3.gov