We’ve all seen the headlines in the news in recent years — “Data Breach at XYZ Company.” Big-name companies such as Yahoo, Google, CVS, U.S Olympic Committee, Capital One, and an uncomfortably long list of others have been named in those headlines.

Nearly 1,000 data breaches in 2016 put the personal information of more than 35 million people at risk. This means the names, and possibly Social Security numbers, driver’s license numbers, medical records, financial records, and credit/debit cards of unsuspecting people were compromised.

It’s not a matter of it, but when… 
The stats say it all:

  • Every 2.5 seconds someone’s identity is stolen
  • The average cost of an identity theft incident is nearly $5,000
  • It takes approximately 600 hours to recover from identity theft

How are you susceptible to cyber threats? 

Malware is malicious software that can allow a remote attacker full access to your computer. Unbeknownst to you, malware may be installed on your computer if you inadvertently click on an unsafe link, open an infected file, or visit a legitimate website containing adware. Malware allows attackers to covertly gather personal data, including financial information, usernames and passwords.

Social engineering
This tactic involves manipulating or impersonating others to divulge sensitive, private information, and then demanding that financial transactions be executed. This can start with a simple email that is made to look as if it came from someone you know. Spoofing is a way hackers mask the actual address with an address that you recognize. Cybercriminals create an email address almost identical to yours (i.e., off by one character), then impersonate you, tricking the recipient into opening and responding to the email.

Spoofing can be targeted to be more effective as cybercriminals pretend to be a trustworthy source in order to acquire sensitive personal information such as usernames, passwords, Social Security numbers and credit card details. The email itself is free of viruses and is sent from a legitimate email server so it does get by most anti-spam and anti-virus protection.

Weak or reused passwords
Cybercriminals find vulnerabilities within your service providers’ servers or your IP address to access your login credentials or email account, then read your personal emails and pose as you. If you re-use passwords and usernames, and they are obtained by a malicious user cybercriminals can test them in large numbers against financial institutions’ websites until they find matches. (Phishing and hacking account for 70% of cyberattacks.)

Corporate and personal phones
Cybercriminals can take over your company phone system or your cell phone number and impersonate you, or reroute your calls. You won’t know there has been a breach until you receive your next phone bill.

You can’t be too careful when it comes to safeguarding your personal information. 

1. Be strategic with usernames and Pa$wOrD$.
Use an abbreviation of a phrase for your password. Add an identifying letter for each website/service to keep them different. This will make the passwords easier to remember and much more difficult for hackers to crack and reuse.

2. Surf safely.
Only use wireless networks you trust and know are protected. Use caution when using public computers. Remember, websites that start with “https” (as opposed to “http”) are secure.

3. Protect your money.
Be diligent in reviewing your credit card, cell phone, and financial statements to ensure nothing out of the ordinary is happening. If you notice something fishy, contact your financial institution immediately.

4. Limit what you share online.
Be cognizant of the amount and type of information – such as your address, phone number and birthday – you share on social media. Be aware of the varying levels of security available on websites and choose the setting you are most comfortable with.

5. Safeguard email accounts.
Exercise caution when reviewing unsolicited email and delete all emails that include financial information. Recognizing the convenience of email, evaluate it against the risk of transferring confidential information via email.

6. Keep your equipment up to date.
Make sure you are keeping your anti-virus and anti-spyware up to date on all devices and running regular scans. When upgrading to the latest and greatest cell phone, make sure that your old phone has been backed up and you have performed a secure erase or factory reset of that device.

Together we can build a strong wall to defend against cybercriminals. 

At GGM, we have a number of protocols in place to safeguard client information. Maintaining and protecting our clients’ nonpublic, confidential information is a top priority. While we do our best on our end to protect clients, clients are the other half of the equation. We need your help to ensure your information is safe. Taking the steps above to help protect your identity and data will go a long way in helping to avoid a breach. For questions regarding the security measures to protect your personal data at GGM, or your portfolio, contact us at your convenience.

Special thanks to Bill Walter of Gross Mendelsohn’s Technology Solutions Group for the latest insight on cyber attacks and the great tips on how to combat cybercriminals. For more valuable tips from Bill and special guest Mark Sargent from WatchGuard, register for our Technology Solutions Group’s webinar “Defending Against Modern Malware.”