We have all been there. We wake up in the morning, and spend five minutes or so quickly and efficiently reviewing our e-mails, of which is followed by deleting the numerous ones that are annoying at best. When we are done, we take our first cut at the ones that appear genuine and therefore deserve our attention. We click on the link that would normally look out of place, but we thought it might be a message about a refund from a cancelled order from the prior week …oh no! Our heart begins to race, hands shake, and our mind goes into problem solving mode. What now?!
Let’s take a deep breath and back up. Protecting our personal data is becoming an almost impossible task. While anti-virus software is an important component of proper cyber security “hygiene”, it is not enough given the level of threats we currently face. There are several forms of malware (from the word “malicious software”. They take on names such as adware, bots, bugs, spyware, Trojan horses, viruses, worms and more. Anti-virus software may prevent some or all of these forms of malware from infecting your computers, tablets and/or phones, but additional steps should be taken to increase your level of protection.
During the month of March, I enrolled and successfully completed the CERT Certificate in Cybersecurity Oversight. It is a cooperative effort of the National Association of Corporate Directors, Ridge Global, and the CERT division of the Software Engineering Institute at Carnegie Mellon University. While this program does not make participants an expert in cybersecurity, it provides a roadmap for organizations to best provide oversight of a cybersecurity program. While we take our oversight role seriously at Petersen Hastings, cyber criminals that target an organization may be sophisticated beyond tools available for protection. Therefore, it is important for all stakeholders to follow proper cyber security hygiene to potentially limit the impact of a threat or combination of threats. Clients should also follow our 11 basic steps to improve the probability of avoiding malware and other common threats.
- Back up your data regularly using a cloud service or external hard drive. If the malware targeting your device is ransomware, you may be able to avoid paying the ransom by wiping your device clean and reinstalling all programs and data.
- Change your passwords often (the frequency is controversial, but at least a few times per year, many experts will recommend at least quarterly). Use combinations of upper and lower case letters, numbers and symbols. Passwords should not include words that can be searched for in a dictionary (hackers can purchase inexpensive programs to break into passwords that contain words found in dictionaries). Avoid sharing passwords and/or leaving passwords in areas that others might be able to misuse the password.
- Close your browsers when your internet activity is complete and then clear all activity from the browser menu especially if you are using a public computer in a hotel lobby or public library. Avoid entering passwords on public computers, if possible. If it is necessary, change your password at the first opportunity on a secure computer.
- Do not click on any e-mail links without taking the time to identify the actual sender (click on the name sending the message to identify the actual e-mail address being used) and being comfortable that it is a legitimate message. Remember, cyber criminals are getting very patient at gathering personal data from various sources and piecing them together for a more damaging malware attack.
- Do not provide personal information via e-mail unless encrypted or via a secure portal of the company receiving the information. If encryption or a secure portal is not available, consider a phone call, personal delivery, or better yet, use a fax machine.
- Criminals may look through your garbage to locate information that could be used as part of an attempt to steal your identity. Consider using a “micro-cut” shredder that turns paper into confetti. Use the shredder for junk mail, magazines (the cover that has your personal information), and any statements etc. that you deem as containing personal information. Better yet, come to the Petersen Hastings free “Shred Day”! This is an opportunity to protect yourself from identity theft by destroying old financial statements, tax returns, or other confidential documents. See more information below.
- Be extremely careful on Social Media. Avoid sharing pictures of your vacations and other trips until after you return home. Do not share your date of birth or other personal information that could be used by cyber criminals to steal your identity or burglars that may see your absence as an opportunity to break into your home.
- Avoid using debit cards. These cards normally do not have the protections of regular credit cards, and they will not raise your credit score. If you must have a debit card, only use it for cash machines in safe areas (read up on Frank Abagnale!).
- Be careful about writing checks. Some criminals take information from a check and use the bank routing information and your account number to order checks for their personal use.
- Sign up for a service that monitors all three credit bureaus. At a minimum you can request a free credit report every 12 months from the credit bureaus that you can review. FTC authorized annualcreditreport.com is the official sponsored website.
- Make sure you update your software when those “irritating” prompts pop up on your screen. These updates may include important security “fixes” based upon new threats the companies have identified. Many newer operating systems have the option allowing you to apply the updates and patches as they become available (they install at night), of which reduces the number of irritating prompts.
As mentioned in tip #6, Petersen Hastings is teaming up with CI Shred to host a free “Shred Day” event to promote safe destruction of personal information. Stop by our business (8203 W. Quinault Ave. Kennewick, WA 99336) Friday, April 28th from 11:00 AM to 1:00PM to safely clean out the filing cabinet.
Protecting your information is very important at Petersen Hastings. We hope these basic tips are helpful in avoiding malware and other common threats.
April is “Financial Awareness Month”. Being financially independent involves creating and retaining enough wealth to maintain a desired quality of life, both before and during retirement. It also involves protecting your wealth from possible criminal activity.