October marks National Cybersecurity Awareness Month. However, any time is a good one to increase your cybersecurity know-how and better protect your information online. According to Washington, D.C.-based cybersecurity firm Purple Sec, in 2018, there were 80,000 cyberattacks per day, which equated to more than 30 million attacks a year. Since the COVID-19 pandemic began, there has been an unprecedented rise in email phishing attacks, in which scammers tempt users into clicking on links or providing information that allow the scammers to control users’ cyber activity. According to Cyber Defense Magazine, in the first quarter of 2020 alone, there were more than 854,000 confirmed phishing and counterfeit pages reported. To get the best information on how to protect your information online, we asked Tom Ryan, State ECU information systems manager, for his advice on everything from how to create a strong password, to spotting email scams. Here are his top five tips.
1. Don’t write down passwords.
It’s paramount to keep your sensitive information, including your passwords, confidential. Ryan recommends not writing down your passwords in your physical environment — like on Post-It notes stuck to your desk or computer screen. With the quality of smartphone cameras improving all the time, it’s easier than ever for people to quickly and easily photograph posted lists of passwords from a distance. Instead, he suggests keeping your passwords in electronic space. Password management apps, like LastPass and KeePass, can store passwords for multiple websites. You only have to remember one password to unlock your password vault.
2. Make your passwords complex, yet memorable.
Ryan advises making your passwords difficult to decipher. A specific type of attack called a dictionary hack will run known words and numbers (that you’d find in a dictionary, thus the name) against user passwords. Using regular words in your passwords leaves you more vulnerable to this common hacking strategy.
Instead, Ryan advises creating a password based on an acronym. He suggests this trick for creating and remembering an acronym password: “Think of something that makes sense to you but doesn’t to other people. Like a phrase or something you’re going to do. Like ‘Going to Las Vegas Next Month.’ Then create a password by taking the first letter of each letter and alternating case. Because you’re excited, you’re probably going to add an exclamation point at the end. Then add a number on the end that makes sense to you, like a graduation year,” he says. The formula creates a password you can remember, but it won’t easily be deciphered.
3. Be skeptical of all emails.
Email phishing scams are one of the most common forms of cybersecurity attacks. “These attempts don’t work if you don’t respond,” Ryan says. “They need input from you to continue on that path.” He advises approaching emails with an air of suspicion. Emails you receive out of the blue or that contain alarming content could be scams. “They’re trying to get an emotional response from you, like by telling you you’ve lost all your money from your bank account,” Ryan says. These emotional plays might entice you into clicking on links that allow scammers to install malware or providing information on counterfeit sites that allow them to hack your accounts. Adopting a practical outlook can help you decipher which emails are worth opening and avoid these types of attacks.
As a State ECU member, you must opt-in to all communications, whether they are updates from our headquarters or the delivery of your paperless account statement. If you get an unanticipated email or one you haven’t agreed to in advance, that’s suspicious, Ryan says.
4. Don’t click suspicious links online.
Ryan advises applying the same skepticism you use with your email to your online activity. That’s particularly true when it comes to clicking on ads or article teasers you may see. Some of these may be legitimate; others may be phishing attacks. “You have to be vigilant about it,” Ryan says. “They can’t do bad things if you don’t participate.”
5. Track your financial transactions.
Diligence is key to keeping your financial transactions secure. While State ECU’s fraud department monitors your transactions for suspicious activity, Ryan also suggests doing your own observations. He recommends tracking transactions across all your debit and credit cards in real time with third-party apps such as Card Valet. With this type of app in hand, you’ll be able to quickly see suspicious transactions almost as quickly as they occur. He also recommends reviewing all your transactions once a month to identify any fraudulent items that may have slipped through previous analyses.
With these five tips in mind, you’ll be able to keep your information safer and more secure online this month and in the future.