Earlier this month, Vanessa and I dealt with a frustrating cyber-security threat. One of our accounts was hacked, and the individual was able to steal some financial resources. We are working with appropriate parties to recover the loss, but the entire process is extremely frustrating and time consuming.
If you haven’t yet experienced this type of cyber-crime, be thankful. But more than that, you should take precautions to minimize your risk exposure so that this doesn’t happen to you.
The Growing Threat
The volume, scope and cost of cyber-crime continue to increase rapidly in our increasingly complex, and highly connected financial world. Cyber-crime is up 20% since 2014 and is the fastest growing economic crime, according to PricewaterhouseCoopers’s (PWC) latest biennial survey. Juniper research recently predicted that the rapid digitization of consumers’ lives and enterprise records will increase the cost of data breaches to $2.1 trillion globally by 2019, increasing to almost four times the estimated cost of breaches in 2015.
I cite these studies to make a point – this is a growing threat across the globe. If you use the internet to manage any of your financial accounts, you are exposed to this threat.
How Does it Work?
There are numerous different hacking methods that can be used to steal your personal information. Some of the most common types include email phishing scams, where the criminal sends out a targeted email that mimics a legitimate organization or personal contact. If opened or downloaded, the email/attachments often infect your computer with malware to track or steal your personal login information.
Other hacks can easily track keystrokes and login information when entered using an unsecured internet connection. This is common at restaurants, coffee shops, airports, shopping malls, and the other numerous places that offer free, unrestricted WiFi access. Many consumers believe these connections to be secure, but they are wide open and easily exploitable.
There are an increasing number of other, more sophisticated hacking techniques that are highly targeted. With these, hackers often target specific, high net worth individuals. If they are able to gain access to even one account or credit card, they are able to exploit and steal assets or other economic information. Sometimes they steal account information through brute force attacks on encrypted accounts or logins, but don’t immediately use it. They use the first account as a gateway to crack more accounts, then execute a planned attack.
How to Protect Yourself
The bad news is that attacks continue to evolve and become more sophisticated. The good news is that with a few simple precautions, you can greatly improve your cyber-security defense and protect yourself against many of the most common types of cyber-theft.
1) Install a password manager
A password manager is a necessity in 2016. Most people have numerous online accounts, scattered across multiple devices, each requiring a password. Having multiple accounts isn’t a problem, but recycling the same password over and over is a major problem, because it makes your accounts much easier to hack. Instead of using one simple password, or a combination of simple passwords, you need to use unique combinations for each online account. Furthermore, each password should be long, difficult to hack combinations of letters, numbers, and special characters.
What I’m describing is a password manager. Password managers generate and store all your passwords in a secure environment. Most can even auto-fill login information for each of your stored accounts, and sync your passwords across all your devices (computer, mobile, tablet, etc.). Password managers allow you to have unique, lengthy, difficult to crack passwords for each of your online accounts. These passwords are automatically saved on trusted and verified devices, which means you no longer have to memorize each unique passcode.
Furthermore, the best password managers do much more than that. LastPass allows users to automatically log into any specified online account. With one click, LastPass will visit the appropriate url, input your saved username and password, and log into your account. This saves a lot of time. You can also securely save any form information, such as names, addresses, credit card information, etc. All of this is encrypted securely on your local machine, untouchable by outsiders (and even the LastPass employees).
When we were hacked, a trusted source immediately pointed me to LastPass. The free version is excellent, and the premium version allows you to sync your passwords across unlimited devices for a mere $12/year. Lastpass is continually rated is one of the top three password managers, and is the cheapest premium password manager on the market. I have been extremely happy with the service thus far, and I did extensive research on available options before decided on LastPass. As an added bonus, if you sign up using our referral code, we both get a free month of the premium version (which I already purchased upfront).
2) Enable two-factor authentication
Most password managers, including LastPass, allow you to add an additional layer of security when you access your accounts, called two-factor authentication. This requires you to enter a unique security code, randomly generated and sent to your phone or other specified device, in addition to your standard login. While not completely foolproof, two-factor authentication makes password cracking much more difficult for hackers.
3) Avoid unsecured WiFi networks
Your home Wi-Fi network comes with built-in security on the router, but it’s not foolproof. If your network provider supplies you with a router ID and password, you need to change the default settings. Cybercriminals know the defaults for major network providers, making these devices extremely vulnerable.
Never access anything important using open (unsecured) WiFi hotspots. This is one of the easiest ways to get hacked. If you are traveling and need to access anything important, try to use your phone’s secured internet connection. Most modern smartphones allow tethering, and basic browsing uses little data.
4) Be careful with emails
Phishing scams are increasingly common, and can be difficult to spot. Hackers are learning how to make these emails look official and enticing. Be careful when opening any of these emails.
You should also avoid sending important account or login information through standard email accounts. Email isn’t always fully encrypted.
No one wants to spend time thinking about all the bad things that can happen in our digital world, but you need to be aware of the increasing threat, and take precautionary steps to protect yourself. Making a few changes in your user habits will significantly improve your online security. If nothing else, take the following precautions:
- Avoid using personal information (such as important names, dates, or phrases) in your passwords. Hackers can easily find lots of public information on you, which makes password cracking very easy.
- Instead of using a common password for your accounts, consider using LastPass or another dedicated password manager. These programs allow you to use unique, extremely strong passwords for each personal login, making hacking much more difficult.
- Avoid using public WiFi as much as possible – and never log into secure accounts while connected to an open network.
Do you have any other important security tips for our community? Share with a comment below.