Cybersecurity should be a critical component of how reputable businesses protect their customers’ information. But individuals, too, should protect themselves against cybercrime. What are some practical recommendations you can begin taking immediately to avoid becoming a victim of cybercrime?

Retired FBI special agent and cybersecurity expert Scott Augenbaum (SA) discussed common security weaknesses cyber criminals target and reviewed simple prevention measures people can take during Glenmede’s virtual event in November 2021. Following is an excerpt of the discussion, led by Glenmede Chief Operating Officer Raj Tewari (RT).  

RT:  Please share an overview of the current cyber environment.

SA:  Every day we hear more and more about phishing, account compromise, the dark web, ransomware and so on. We spend more and more money on products and services, yet the cybercrime problem keeps getting worse.

During my career I’ve discovered so much, including what I call the four truths, or commonalities, about cybersecurity. The first is most people never expect to be victims. The second is none of the victims I’ve encountered can really identify their “stuff.” The third is that most cybercriminals are located overseas; crime is no longer a localized problem. My final truth about cybersecurity is that a majority of the victimizations easily could have been prevented if the end users had been armed with a couple of key pieces of information.

RT:  In a time when we’re transacting more on our devices, and even more so in the pandemic with increased online shopping and many of us working from home, what are some preventative actions to take?

SA:  Make yourself aware. The first thing to understand is account compromise. All the bad guy needs to do is steal your username and password. Once into your accounts, it’s easy to steal your information.

Phishing emails are the number-one attack vector. You’re going to get an email from somebody you know and trust, or it might be a text message or phone call. For example, if you received a text message that appears to be from the IRS that says, “You’re due a tax refund. To get your refund, just click on the link in the text, in the chat.” You click on that link, it takes you to a website that looks just like the IRS website and it asks you to do something as simple as enter your name, date of birth, Social Security number and bank account and routing information.

Think before you click. Become a human firewall – and familiarize yourself with two-factor authentication. Most companies allow for two-factor authentication, but most people do not practice this. Of the almost 1.8 billion Google users, research has shown that only 10% use two-factor authentication.

Also, 66% of the population uses the same password for multiple platforms. Have unique passwords, especially for critical accounts. Consider adding a special symbol and a number on the front, and the same one on the back, of the password. You can use that special symbol and a number for all your passwords, and do not share your passwords with anyone. Then come up with a phrase that only you can remember to help jog your memory for passwords.

RT:  What is the single most important step an individual should take to be more secure online?

SA:  Realize that email, text messages, telephone calls and social engineering are top tools in the cybercriminal’s tool belt. Emails are not going to be obvious — you’re not going to get an email from borisbadenuf@cybercriminal.org. It’s going to be from Amazon, saying that your package has been delayed in shipping, or from the post office or IRS. Question every email.

RT:  What’s the best way to manage our financial accounts from a security standpoint?

SA: Identify your most important accounts. Know what you need to protect. For each of those accounts, have a separate password and turn on two-factor authentication. This will help keep you safe; it’s part of the identification process.

RT: Are there advantages to using a debit card versus a credit card?

SA:  When using your debit card to shop online, and there is a suspicious charge, you will need to fill out affidavits at the bank and say that you didn’t incur this charge. Also, even though the bank will refund your money for the charge, what about bounced check fees or bounced checks? You have much more protection when using credit cards online. I try to use my debit card only to get cash.

RT:  We conduct more transactions now in a digital environment. Is there anything to consider when using Apple Wallet, Venmo and the like?

SA:  I would connect those to my bank account and wrap them with two-factor authentication. Also, check that your transactions are private.

RT:  When backing up data on our computers, what should we do to protect ourselves from viruses that might be contained in that data?

SA:  Make sure you have an antivirus product installed on your computer, and scan everything. For mission-critical data, I recommend using an external hard drive for backup, and maybe back up other data in your Google Drive. But if a hacker steals your username and password, they’re going to get all your information. So it’s important to back up using a personal antivirus product. And I would spend money on the product. There are free antivirus products available, but I believe if you’re backing up financial transactions, you should spend money on a reputable product.

RT:  Do we have more to fear with cryptocurrency?

SA:  Cryptocurrency is here to stay. If you’re going to invest in cryptocurrency, use one of the reputable online platforms. Remember, once you send the money to an irreputable crypto broker, the money is gone. Be safe when playing around in the world of crypto.