When shopping online, make sure the only “steals” you experience are great prices.
Even before the outbreak of the coronavirus, shopping online had become the norm for millions of people. From avoiding crowds to being able to access a wider range of products, it’s not difficult to see the benefits or understand its appeal.
But online shopping is not entirely without risks, particularly as it involves entrusting websites and applications with sensitive financial information. Still, there are many ways to protect yourself when shopping online. Implement the following tips to reduce risk and keep your shopping fun and worry-free.
Safe Sites and Due Diligence
One great way to reduce your risk is to restrict your shopping to sites you absolutely know are safe. Bookmark these sites for future use. If you think you may be on an imposter site, verify that the domain is correct, scrutinizing it down to whether any letters have been maliciously replaced with a number. If you do decide to branch out, conduct research into a site’s reputation, and look for keywords that are glaringly negative like “fraud,” “scam, “fake,” etc.
Create Thoughtful Passwords
On any e-commerce site you frequent, use a unique password. A strong password typically includes a combination of letters, numbers, and special characters. Avoid common personal information like your birthday, your name, or your address. If you struggle with remembering multiple passwords, consider employing a password manager.
It can be tempting to give large, well-known e-commerce sites your complete trust; but don’t let your guard down! Large online stores frequently include third-party sellers who may have less than noble intentions. Before handing over any of your personal or financial information, take a close look at the seller’s reputation, including reading any comments or reviews that are available. It is also always a good idea to review the store’s policies regarding third-party sellers and be wary of any sellers who are new to the site or who are listing their products at an exceptionally low price.
Keep a close watch on both your personal and professional credit cards for any suspicious-looking charges. It’s prudent to also set up alerts for any charges that are out of the ordinary or that do not match your usual spending patterns and habits.
When shopping online for personal items and especially when conducting your business shopping, do not use a debit card. Debit cards take money directly from your bank account, and if you are unlucky enough to become a victim of fraud, you will have a much more difficult time getting it back. If you are hard at work trying to build your independent agency, having a business credit card can also have numerous advantages. It is far easier to keep track of your business expenses with a company card, and many providers will even send you a monthly expense report that you can keep for your files. A business credit card often offers an additional level of protection than a normal consumer card. Some examples of extra protection include travel accident coverage, identity theft coverage and other various misuse policies.
Whether you shop online for personal reasons or business needs, everyone can benefit from being mindful of the potential risks involved when conducting online financial transactions. Scammers are plentiful, and there is no way to guarantee that your purchases will always be secure. But by being aware of the dangers and implementing a few easy security precautions, you can reduce your risk of becoming a victim and continue leveraging the power and convenience of the online marketplace.
What exactly is malware, and how can you safeguard against it?
You’ve heard the term. You’ve seen the warnings. You may have even been unlucky enough to experience an attack. But what exactly is malware, and what can you do to safeguard against it?
Malware: A Catch-All Term
Malware is an umbrella term for any type of malicious software. This can include anything from computer viruses, worms and Trojan horses (a malicious piece of software disguised as a legitimate program) to ransomware, spyware, adware or scareware.
Typically, anything that secretly works against the interests of a computer user can be classified as malware. Malware can infect almost any type of computer or digital device. Some but not all machines that are vulnerable to malware include: Windows computers, Macs, iPhones, iPads, Android devices and network servers. Viruses and worms are the most common types of malware, and both are spread by becoming embedded in executable software.
Why it Matters
Malware is used by hackers to gain access and pilfer the personal, financial, business or governmental data of unsuspecting individuals or organizations. Once this information is acquired, cybercriminals frequently seek to exhort money from their victims – either directly through ransoms (where the criminal blocks access to files or programs until the victim pays them money) or by engaging in identity theft.
Recent studies indicate that cybercrime is on the rise. A 2019 report revealed a 67 percent increase in security breaches over the past five years.[i] The cost of these attacks is truly staggering. According to the White House, “malicious cyber activity cost the U.S. economy between $57 billion and $109 billion in 2016.”[ii] The average cost of a data breach is $3.9 million according to IBM.[iii] While it may be tempting to think that only large multinationals are the targets of these attacks, 43 percent of breach victims were small or medium-sized businesses.[iv]
What Can be Done?
As with other industries, identity theft, fraud and other crimes are increasing throughout the insurance and financial services sectors. Still, there are numerous actions you can take to better safeguard your data.
A great first step is to purchase high-quality anti-virus software and install it across your devices. It is essential to purchase one from a well-known and trusted provider, and to have it consistently run scans on any machine that may be vulnerable.
You should diligently update both your operating systems (Mac/IOS, Windows, Android, etc.) and internet browsers (Internet Explorer, Google Chrome, Firefox, Safari and Microsoft Edge). Not only do these updates patch security holes, but they also better protect your data and offer enhanced features that can make your work life easier and more enjoyable.
When safeguarding your devices through the previous steps, it is always a good idea to back up your data and store it on an external hard drive where it will be retrievable in the future. By taking this precaution, you will ensure that you do not lose access to your most valuable data even if you are unlucky enough to experience a malware attack and have to consult a professional to repair your device.
Avoiding Phishing Scams and Ensuring Safe Title Transactions
One of the most common threats that occur during real estate transactions is a phishing scam, where criminals seek to gain access to nonpublic personal information (NPI), place malicious code on your device or convince you to change wiring instructions. To protect yourself from these scams, agents should be mindful of the following warning signs within a suspicious email:
- Poor spelling, grammar and generic greetings
- Requests for personal information
- An unusual sense of urgency
- Instructions to change wiring information
- Questionable-looking attachments or links that encourage a click.
Additionally, agents can reduce risk by transmitting data through encryption, using two-factor email authentications, maintaining a contact log for all transaction participants, eliminating the need for urgency and performing a risk assessment to identify security gaps.
Commit to Safety
Considering the fiduciary responsibilities that title agents possess, data security is of the utmost importance. Of course, no system is foolproof, but by knowing the risks and taking necessary precautions, agents can make significant progress toward protecting the integrity of their clients’ transactions.
While getting hacked can be scary, there are steps you can take to reclaim control.
In life, there is no such thing as a sure thing, and technology is no exception. Devices fail. Software can have flaws. Algorithms can be buggy. Additionally, there can be lapses in a security system for a computer or Wi-Fi network. The truth is that, regardless of how diligent you have been with your digital security, a day may come where you realize that a worst-case scenario has come to fruition. You have been hacked, and your files, accounts and other important data are now exposed and vulnerable. In this moment, questions will likely begin to race through your mind. How are you going to respond? What are you going to do first?
The first thing to do is to not panic. It’s critical to remain calm so you can act quickly and decisively. If your hack has occurred on your work computer or device, do not attempt to fix the problem. Notify your IT support specialist and rely on their professional expertise. If the hack has transpired on your personal device or home network, however, you will need to take direct action to protect yourself and limit the damage.
Change Your Passwords
The easiest step you can take is to change all your passwords. From bank and utility accounts to social media profiles and email platforms, the average person can have dozens of different passwords that they use to operate online. Due to this sheer volume, it can be a daunting prospect to comprehensively rework all your digital passwords. To make it easier, work strategically, focusing on the most important accounts first. You can also employ a password manager to make the process easier and ensure that you can remember the new passwords you are generating.
Even after you change your passwords, stay vigilant regarding your financial accounts and continuously monitor for any unauthorized activity. If you notice anything out of the ordinary, contact your bank or financial institution and report suspicious transactions. You can also consider putting a credit freeze on your credit files, which can mitigate lasting harm to your financial reputation. Lastly, when contacting your bank, use a device you know you can trust.
Scour and Start Over
Once you have secured your online accounts and taken action to protect your financial health and reputation, you should move toward repairing your compromised machine. Use your antivirus software and run a comprehensive scan of your device. If you don’t have antivirus software already installed, you can and should download a strong program. There are a glut of affordable programs that you can download directly onto your computer, tablet or mobile phone. Just be sure to conduct appropriate due diligence to ensure you are selecting a robust program. Now is not the time to skimp on security!
For additional peace of mind, you may want to consider reinstalling your device’s operating system in its entirety. Keep in mind to not reinstall from backups, which should only be employed to recover personal files. For some, this step may feel challenging and beyond the scope of their knowledge and capabilities. If that is the case, consult with a professional. Working with a digital security or computer repair expert will give you additional confidence that your reinstallation is being carried out correctly.
You’re Not Powerless
There is no way to guarantee total security when operating online. For evidence of this, you only have to look at the news. Hardly a week goes by without a story reporting on a large company experiencing a major data breach. Therefore, despite an individual’s best efforts, hacks may still happen. The important thing is how you choose to respond. By staying calm, securing your digital accounts, cleaning your machine or reinstalling the operating system completely, you will empower yourself to overcome a security breach and move forward as an even savvier internet user.
Your home can still be your castle – even in the digital age
Home cybersecurity used to be fairly straightforward, but these days the situation has changed. With the internet playing an increasingly dominant role in how we live and work, you should take a moment to examine whether your personal Wi-Fi network is truly secure. Here are a few easy tips and tricks for how you can best protect yourself and your home in the digital age.
Your wireless network
Consisting of a modem and a router, wireless network devices are responsible for bringing the internet into your home and directing it to all your internet-compatible devices.
You need to change the default administrative password within the router to establish control over the configuration of your home system. Be sure to use a password that is difficult to guess. Try using a random series of words that are easy for you to remember. Employ numbers if possible and capital letters for extra security. At the end of the day, you want to protect yourself by making sure that only devices you know and trust have access to your Wi-Fi network.
For extra security and peace of mind, you can even consider installing a guest network. That way, you can let visitors connect their devices but avoid opening yourself up to potential security problems.
To have confidence in your cyber security, you will want to take a hard look at the strength of all your passwords – from your wireless network to the passwords you use for each device and application.
You should try to use a different password for each device and account. This can be a daunting prospect, as it is now common to have dozens of accounts that require a password. Use a password manager tool if you are having difficulties. There are a variety of different services out there, and you can easily compare features and prices online.
Finally, don’t forget about enabling two-step verification wherever possible. Two-step verification is where two authentication steps are performed sequentially to verify whether an attempted login is legitimate. Often, this process involves a login through an online account and then the entry of a numerical code that is either emailed or texted to the account holder.
It’s wise to become familiar with all of the devices you foresee needing to connect to your wireless network. While in the past this largely consisted of a couple of personal computers, it now could include everything from smartphones and television sets to printers, refrigerators and cars. Educate yourself not only on each device’s make and model, but also its IP address. You’ll also want to save yourself some headaches by enabling each device to download and install automatic security updates.
Unfortunately, no matter how cautious you are, you may still have a security lapse someday. You should have a contingency plan in place and regularly archive your important files and programs.
There are many different strategies you can take to make this easier. You can store your data on the Cloud with end-to-end encryption. You could save it to an external hard drive. Or you could even go the untraditional route of burning your data to a CD. Whatever you decide, you will want to make sure that you can reliably restore your data following a security breach. The good news is that many mobile devices already support automatic data backups, and there are numerous software options out there that are cost effective and relatively easy to use.
Final Thoughts Creating a cyber-secure home network can feel like a challenge. But the benefits of doing so far outweigh the costs. By adhering to these steps, you will be able to create an online experience that is fun and efficient but that does not skimp on security.
Best practices to help keep your remote environment secure
While working remotely at home provides flexibility and social distancing in this time of COVID-19, it may also open the door to unexpected and unwanted security issues and breaches. By taking a few simple and important steps, you can securely work and have peace of mind that your business is continuing to operate without introducing added risks.
Risks that present themselves range from nuisances and disruption, such as with “Zoombombing” [a disruptive intrusion by hackers into a video conference call], to device and network compromise with viruses, spyware or ransomware.
Here are some best practices to keep your remote environment secured:
When using Zoom or other remote meeting sites that provide audio and video connectivity, be sure that the security settings are activated to only allow screen sharing by the host, or designated others who have a need. Also be sure to use access passwords or codes available only to the invited participants that are provided in the invite prior to the meeting.
Equipment, Software and Hardware
Often the organization does not provide all equipment or supplies necessary to ensure remote access. The proper protection of information to which the user has access involves connection to the Internet, local office security, and the protection of physical information assets. Below are some of the additional items that may be required:
- Broadband connection;
- Paper shredder;
- Secured office space or work area; and
- A lockable file cabinet to secure documents when unattended.
Remote users using personal equipment are often responsible for:
- access to the internet;
- the purchase, setup, maintenance or support of any equipment or devices not owned by the company; and
- ensuring current and active antivirus, firewall and malware protection is installed, functioning and updated regularly.
Security and Privacy
Organizations often have policies regarding user logical security responsibilities. Here are a few such responsibilities, which should translate to the work-from-home environment:
- Log off and disconnect from the company’s network when access is no longer required, at least daily;
- Enable automatic screen lock (if available) after a reasonable period of inactivity;
- Do not provide (share) their user name or password, configure their remote access device to “remember me,” or automatically enter their username and password;
- Enable a firewall at all times;
- Ensure virus protection is active and current; and
- Perform regular backups of critical information using a secure storage solution.
Additionally, companies often implement additional logical security procedures for remote users. These may include:
- Disconnect remote user sessions after 60 minutes of inactivity;
- Access to company owned technology applications to use commercially available encryption technologies, such as multi-factor authentication, or use of a Virtual Private Network (VPN);
- Update the virus pattern on a regular and frequent basis;
- Provide a reasonable backup solution; and
- Perform regular audits of the company supplied equipment to ensure license and configuration compliance.
Company policies regarding physical security should also carry over into the remote-office. Here are some steps to consider:
- Maintain reasonable physical security of your remote office environment. This includes access to both company and personal technology equipment and documents;
- Limit the use or printing of paper documents that contain sensitive, confidential or non-public private information (NPI), and restrict requests for and handling of NPI to only what is essential to perform your job; and
- Ensure documents containing sensitive, confidential or NPI are shredded and rendered unreadable and unable to be reconstructed.
It is entirely possible to work remotely. A home office can be made secure by adhering to the steps above. Bear in mind that working at a hotel or a cabin or anywhere internet service allows for access presents security issues that may compromise privacy.
For further information, reach out to Tom Weyant, Director, Risk Management & Continuous Improvement, CQA, CFE, directly at firstname.lastname@example.org or visit www.alliantnational.com/newsroom for additional information and articles related to cyber security and internet privacy.