This week as part of NCSAM, let’s focus on critical infrastructure — how the nation secures it and how everyone plays a part.
First, what exactly is critical infrastructure? In 2013, a Presidential Policy Directive was issued to protect the U.S. from a cyberattack. Included in this directive were 16 sectors whose assets, systems and networks are critical to keeping the country running.
We all have bank accounts or investment accounts. As the world has gone digital, so too has our money. While the financial services sector has taken steps to improve its security posture to keep the nation’s treasury system safe and secure, there are important steps we can all take, as well.
Following are five ways you can protect YOUR financial assets from cyber threats:
- Lock your credit
Per the Federal Trade Commission, all three credit bureaus are now required to allow you to lock your credit at no cost. Each of the agencies have made the process simple to visit their website and request the freeze or lock.
Do the same for your children – assume their SSNs are included in any of those large data breaches that have already occurred. The same goes for elderly or mentally challenged people under your care – they are most likely living on a limited budget and aren’t making any large purchases.
Each of the three credit bureaus have also made it simple to unfreeze your credit when you want to make purchases. Doing this does add an extra few steps when buying something, but blocking a fraudulent purchase from happening in the first place can save you in the long run if your identity gets stolen.
Learn more about credit freezes at https://www.consumer.ftc.gov/articles/0497-credit-freeze-faqs
- Enable two-factor authentication whenever it’s provided
As financial institutions continue to make doing business online easier, they are also adding security features to allow you to protect your accounts. If your institution offers two-factor authentication, take advantage of it. It’s the best way to protect against an account takeover by a fraudster. For information about how to enable two-factor authentication for various online accounts, visit https://twofactorauth.org/
- Be vigilant with your email
Don’t forget to enable two-factor on your email account as well if offered by your provider. Sometimes cyber criminals try to take over an email account and watch for financial transactions.
Stolen credentials for any type of account can be purchased online. A fraudster can purchase credentials for a batch of accounts and then attempt to log in into them. Sometimes they will turn around and resell these accounts. Or they might keep the credentials for themselves to gain further access and make fraudulent transactions. This is why it’s critical to create unique usernames and passwords and turn on two-factor authentication.
To report suspicious emails to your financial institution, search its website for the term “phishing” or “spam” and look for their preferred method of reporting. You can also report them to the Anti-Phishing Work Group, who will then share out the malicious indicators to members that can take action to mitigate the phishing attempt. To learn more, visit https://apwg.org/report-phishing/overview/.
- Monitor your account statements
Just as your spidey senses tell you when something is wrong with an email, you can learn to be alert for unusual purchases. Most financial institutions have fraud alerts – but just as with any behavior monitoring system, things can still slip through the filter. If the financial institution allows you to enable fraud alerts, by all means do so. This gives you the option to block or allow a purchase at the time of the transaction.
- Where you do your banking matters
We talk about using caution when connecting to a public Wi-Fi. This is even more important if you’re attempting to access your online financial accounts. When using a public network, try to avoid logging into your accounts if at all possible. If you’re in a pinch and need to make a quick transaction online, choose a public Wi-Fi that requires a password only the establishment can provide. Connect to a VPN if you have one and keep your transactions limited.
YOU can do this – small steps can make a BIG difference!
We all contribute to securing the nation’s critical infrastructure. As financial institutions continue to increase their security posture and give you more controls to protect your account, you still need to stay vigilant. Remember that fraudsters are constantly raising their game!
Tonia Dudley joined Cofense (formerly PhishMe) in 2018 as Director, Security Solution Advisor. In this role she focuses on phishing defense advocacy while demonstrating how Cofense solutions help organizations across the globe minimize the impact of attacks while reducing the cost of operations. Tonia evangelizes Cofense’s approach to phishing defense and incident response to new and existing customers, prospects and the information technology market through speaking engagements, publishing platforms and media opportunities. Tonia also advises Cofense product teams on specific customer and market-driven needs to help streamline product roadmaps and create Cofense’s inaugural international customer advisory board. Tonia also holds a seat on the National Cybersecurity Society board, with a focus on providing the small business community with resources to improve online safety and security.