While getting hacked can be scary, there are steps you can take to reclaim control.
In life, there is no such thing as a sure thing, and technology is no exception. Devices fail. Software can have flaws. Algorithms can be buggy. Additionally, there can be lapses in a security system for a computer or Wi-Fi network. The truth is that, regardless of how diligent you have been with your digital security, a day may come where you realize that a worst-case scenario has come to fruition. You have been hacked, and your files, accounts and other important data are now exposed and vulnerable. In this moment, questions will likely begin to race through your mind. How are you going to respond? What are you going to do first?
The first thing to do is to not panic. It’s critical to remain calm so you can act quickly and decisively. If your hack has occurred on your work computer or device, do not attempt to fix the problem. Notify your IT support specialist and rely on their professional expertise. If the hack has transpired on your personal device or home network, however, you will need to take direct action to protect yourself and limit the damage.
Change Your Passwords
The easiest step you can take is to change all your passwords. From bank and utility accounts to social media profiles and email platforms, the average person can have dozens of different passwords that they use to operate online. Due to this sheer volume, it can be a daunting prospect to comprehensively rework all your digital passwords. To make it easier, work strategically, focusing on the most important accounts first. You can also employ a password manager to make the process easier and ensure that you can remember the new passwords you are generating.
Even after you change your passwords, stay vigilant regarding your financial accounts and continuously monitor for any unauthorized activity. If you notice anything out of the ordinary, contact your bank or financial institution and report suspicious transactions. You can also consider putting a credit freeze on your credit files, which can mitigate lasting harm to your financial reputation. Lastly, when contacting your bank, use a device you know you can trust.
Scour and Start Over
Once you have secured your online accounts and taken action to protect your financial health and reputation, you should move toward repairing your compromised machine. Use your antivirus software and run a comprehensive scan of your device. If you don’t have antivirus software already installed, you can and should download a strong program. There are a glut of affordable programs that you can download directly onto your computer, tablet or mobile phone. Just be sure to conduct appropriate due diligence to ensure you are selecting a robust program. Now is not the time to skimp on security!
For additional peace of mind, you may want to consider reinstalling your device’s operating system in its entirety. Keep in mind to not reinstall from backups, which should only be employed to recover personal files. For some, this step may feel challenging and beyond the scope of their knowledge and capabilities. If that is the case, consult with a professional. Working with a digital security or computer repair expert will give you additional confidence that your reinstallation is being carried out correctly.
You’re Not Powerless
There is no way to guarantee total security when operating online. For evidence of this, you only have to look at the news. Hardly a week goes by without a story reporting on a large company experiencing a major data breach. Therefore, despite an individual’s best efforts, hacks may still happen. The important thing is how you choose to respond. By staying calm, securing your digital accounts, cleaning your machine or reinstalling the operating system completely, you will empower yourself to overcome a security breach and move forward as an even savvier internet user.
Your home can still be your castle – even in the digital age
Home cybersecurity used to be fairly straightforward, but these days the situation has changed. With the internet playing an increasingly dominant role in how we live and work, you should take a moment to examine whether your personal Wi-Fi network is truly secure. Here are a few easy tips and tricks for how you can best protect yourself and your home in the digital age.
Your wireless network
Consisting of a modem and a router, wireless network devices are responsible for bringing the internet into your home and directing it to all your internet-compatible devices.
You need to change the default administrative password within the router to establish control over the configuration of your home system. Be sure to use a password that is difficult to guess. Try using a random series of words that are easy for you to remember. Employ numbers if possible and capital letters for extra security. At the end of the day, you want to protect yourself by making sure that only devices you know and trust have access to your Wi-Fi network.
For extra security and peace of mind, you can even consider installing a guest network. That way, you can let visitors connect their devices but avoid opening yourself up to potential security problems.
To have confidence in your cyber security, you will want to take a hard look at the strength of all your passwords – from your wireless network to the passwords you use for each device and application.
You should try to use a different password for each device and account. This can be a daunting prospect, as it is now common to have dozens of accounts that require a password. Use a password manager tool if you are having difficulties. There are a variety of different services out there, and you can easily compare features and prices online.
Finally, don’t forget about enabling two-step verification wherever possible. Two-step verification is where two authentication steps are performed sequentially to verify whether an attempted login is legitimate. Often, this process involves a login through an online account and then the entry of a numerical code that is either emailed or texted to the account holder.
It’s wise to become familiar with all of the devices you foresee needing to connect to your wireless network. While in the past this largely consisted of a couple of personal computers, it now could include everything from smartphones and television sets to printers, refrigerators and cars. Educate yourself not only on each device’s make and model, but also its IP address. You’ll also want to save yourself some headaches by enabling each device to download and install automatic security updates.
Unfortunately, no matter how cautious you are, you may still have a security lapse someday. You should have a contingency plan in place and regularly archive your important files and programs.
There are many different strategies you can take to make this easier. You can store your data on the Cloud with end-to-end encryption. You could save it to an external hard drive. Or you could even go the untraditional route of burning your data to a CD. Whatever you decide, you will want to make sure that you can reliably restore your data following a security breach. The good news is that many mobile devices already support automatic data backups, and there are numerous software options out there that are cost effective and relatively easy to use.
Final Thoughts Creating a cyber-secure home network can feel like a challenge. But the benefits of doing so far outweigh the costs. By adhering to these steps, you will be able to create an online experience that is fun and efficient but that does not skimp on security.
Best practices to help keep your remote environment secure
While working remotely at home provides flexibility and social distancing in this time of COVID-19, it may also open the door to unexpected and unwanted security issues and breaches. By taking a few simple and important steps, you can securely work and have peace of mind that your business is continuing to operate without introducing added risks.
Risks that present themselves range from nuisances and disruption, such as with “Zoombombing” [a disruptive intrusion by hackers into a video conference call], to device and network compromise with viruses, spyware or ransomware.
Here are some best practices to keep your remote environment secured:
When using Zoom or other remote meeting sites that provide audio and video connectivity, be sure that the security settings are activated to only allow screen sharing by the host, or designated others who have a need. Also be sure to use access passwords or codes available only to the invited participants that are provided in the invite prior to the meeting.
Equipment, Software and Hardware
Often the organization does not provide all equipment or supplies necessary to ensure remote access. The proper protection of information to which the user has access involves connection to the Internet, local office security, and the protection of physical information assets. Below are some of the additional items that may be required:
- Broadband connection;
- Paper shredder;
- Secured office space or work area; and
- A lockable file cabinet to secure documents when unattended.
Remote users using personal equipment are often responsible for:
- access to the internet;
- the purchase, setup, maintenance or support of any equipment or devices not owned by the company; and
- ensuring current and active antivirus, firewall and malware protection is installed, functioning and updated regularly.
Security and Privacy
Organizations often have policies regarding user logical security responsibilities. Here are a few such responsibilities, which should translate to the work-from-home environment:
- Log off and disconnect from the company’s network when access is no longer required, at least daily;
- Enable automatic screen lock (if available) after a reasonable period of inactivity;
- Do not provide (share) their user name or password, configure their remote access device to “remember me,” or automatically enter their username and password;
- Enable a firewall at all times;
- Ensure virus protection is active and current; and
- Perform regular backups of critical information using a secure storage solution.
Additionally, companies often implement additional logical security procedures for remote users. These may include:
- Disconnect remote user sessions after 60 minutes of inactivity;
- Access to company owned technology applications to use commercially available encryption technologies, such as multi-factor authentication, or use of a Virtual Private Network (VPN);
- Update the virus pattern on a regular and frequent basis;
- Provide a reasonable backup solution; and
- Perform regular audits of the company supplied equipment to ensure license and configuration compliance.
Company policies regarding physical security should also carry over into the remote-office. Here are some steps to consider:
- Maintain reasonable physical security of your remote office environment. This includes access to both company and personal technology equipment and documents;
- Limit the use or printing of paper documents that contain sensitive, confidential or non-public private information (NPI), and restrict requests for and handling of NPI to only what is essential to perform your job; and
- Ensure documents containing sensitive, confidential or NPI are shredded and rendered unreadable and unable to be reconstructed.
It is entirely possible to work remotely. A home office can be made secure by adhering to the steps above. Bear in mind that working at a hotel or a cabin or anywhere internet service allows for access presents security issues that may compromise privacy.
For further information, reach out to Tom Weyant, Director, Risk Management & Continuous Improvement, CQA, CFE, directly at email@example.com or visit www.alliantnational.com/newsroom for additional information and articles related to cyber security and internet privacy.
Are you ready?
Can you spot when you’re being phished? One of the first steps is fully understanding what phishing is. Unfortunately, it’s not as fun as heading to the stream with your waders. Phishing can take place via phone call, text, or email, but the latter is the most common place. The attacker will pose as a legitimate institution in an attempt to get secure information from their target. Some examples include those spam calls you receive from the “IRS” robot asking for your social security number.
Over email, things can get a little bit more malicious. It’s common sense to know that an unsolicited robotic voice asking for your social security number isn’t legitimate. However, what happens when you receive an email with a link that you wouldn’t usually give a second glance to? Cyber attackers rely on that lack of attention to target vulnerable users. Here are some ways to tell if the email you’ve received is a phishing email:
- Remember that if it seems too good to be true, it probably is. Those flashy designs advertising expensive items for free could (and in all likelihood will) result in identity theft.
- Be mindful of emails from unknown senders insisting that you act urgently. The attacker is trying to pressure you into acting without thinking.
- Watch out for unknown hyperlinks and attachments. They’ve gained popularity over recent years. They avoid giving you all the details in the email to avoid looking immediately suspicious and urge you to click on the link for more information. Never click on a link from an unknown or untrustworthy sender.
All of that might seem like a lot, but knowing what to look out for is the first step in protecting yourself from cyber-attacks. After a while it will all become like second nature. There are also plenty of other preventative steps that you can take to ensure that you and your inbox are protected.
Spam filters can go a long way toward stopping malicious content from getting to your inbox at all, and you can update your browser’s security settings to block fraudulent websites from opening at all. Setting up two-factor authentication with your financial institutions and any website where your bank data may be stored can help protect you as well.
Jigsaw and Google have partnered to keep an up-to-date phishing quiz to see if you’re ready to identify phishing attempts that may come your way. You can take it here.
Be mindful of the potential hazards with an increasingly online-only landscape
As news continues to break, it becomes more and more apparent that the COVID-19 pandemic will have a lasting effect on our industry. While it’s critical that we learn to adapt amidst the crisis, it’s also imperative that we be mindful of the potential hazards that can come with shifting into an increasingly online-only landscape. Here are some of the things to watch out for as we navigate through this difficult time.
Increase in Wire Fraud and Phishing
There is no way to avoid electronic communications throughout this pandemic. Be vigilant against phishing emails, incorrect email addresses, slightly off signature blocks and dated lingo, and emails coming in at odd hours (implying the fraudster may be abroad). Always call a verified telephone number to confirm changes to wire instructions. Click on this link for more information on what to watch out for.
TIP: Have a plan in place – meet with your IT department, and talk to your insurance agent to see how you can protect yourself against these scams.
Fraud & Forgery
Unfortunately, tumultuous times often only embolden fraudsters further. That’s why it’s important now, more than ever, to treat remote closings with the same care and caution as mail-away closings. Here are some red flags common to fraud and forgery claims: (1) the property is a part of a “flip” transaction; (2) the property is vacant land; (3) the deed to the seller is a recently recorded quit claim deed. Click on this link for more red flags.
Powers of Attorney
Powers of Attorney (POA) are ripe for fraud. Carefully examine the powers that are granted in any POA, and confirm that the POA was given freely and purposefully for the intent for which it will be used. Require a fresh POA if the POA presented is more than six months old. If you have reason to question the capacity of the principal, or have questions about the validity of the POA, contact your local Alliant National underwriter for approval before proceeding.
TIP: If your state allows the use of remote online notarization (RON) technology and the county recorder will accept electronically signed instruments for recording, recommend using RON so the principal can sign the required documents instead of appointing an attorney-in-fact.
Undue Influence and Duress on the Elderly
With COVID-19 threatening the elderly more than any other demographic, we have a responsibility to ensure we’re mindful of any potential undue influence or duress from unscrupulous heirs or caregivers. If the person holding title is elderly or is sick, be sure to dig in further before agreeing to conduct the closing.
Hard Money Lenders
Hard money lenders aren’t regulated by state or federal law. Generally, hard money lenders do not collect loan applications or otherwise vet their borrowers. This practice creates a higher potential for fraud by third parties posing as legitimate borrowers. If something feels off, it probably is. For more information on what to look for with these transactions, click on this link.
Note: Seller-financed purchased money loans are not considered hard money lenders.
Crime Watch Program We take the safety of our clientele very seriously. Because of that, Alliant National offers a $1000 reward to any agent who helps identify and prevent a forgery or scam. Be sure to contact the hotline to report anything that may feel like fraudulent activity. To submit a claim for a reward, click here: https://alliantnational.com/title-claims/crime-watch-program/.