With every new technological advancement comes new vulnerabilities for consumers, businesses, and their valuable data and financial information. And 2022 was a robust year for cyber criminals, from hacks that took down entire governments for weeks to the student loan data breach that left 2.5 million borrowers’ records exposed.
So what should you watch out for in 2023, and what steps can you take to keep your data and identity safe? In this post we’ll cover the top security threats individuals and businesses may face, and smart tips for how to keep yourself, your company, and your customers protected.
Cloud Storage Security Threats
Cloud storage services—like Google Drive, iCloud, and Dropbox—have the unmatched convenience of allowing you to store data from multiple devices in one place, using a streamlined system that you can access from anywhere with an internet connection. The flipside to the increased consolidation and accessibility of data over physical storage devices like external hard drives and individual servers is that anyone (including cyber criminals!) with access to the internet has the potential to access your data, too. As cloud-based storage becomes the go-to method of data storage and backup, individuals and businesses alike need to be proactive in protecting their valuable personal information.
Fortunately, most cloud-based storage utilizes strong security mechanisms including multi-factor authentication and encryption to shield your data. Here are some things you can do to facilitate their security measures and add an additional layer of defense:
- Create strong, complex, and unique passwords. Using a trusted password manager allows you to generate virtually unbreakable passwords and store them so that you don’t need to remember a unique password for each account. Password managers use multi-factor authentication and encryption to help ensure that unauthorized users don’t have access to your stored passwords.
- Use MFA or 2FA (multi-factor or two-factor authentication). This requires you to verify log-in attempts using a linked device. For many services, this layer of protection may be optional. If given the choice, always opt-in.
- Make sure you and your employees are up to date on how to spot and avoid phishing attempts—particularly those that seek to steal or reset your passwords. More on this below.
Cookies that Leave Your Data Vulnerable
A cookie is essentially a small bit of data that websites that you visit collect in order to recognize your device on future visits. You can usually choose what level of data is collected and shared—‘strictly functional’ or more in-depth tracking for targeted advertisement—but many users simply “Accept All” when asked for cookie preferences. As Reader’s Digest explains in their article What Are Cookies, and Why Do Websites Have Them?, “Some cookies are safe—there to offer you a more personalized user experience—while others are more nefarious, allowing you to be tracked and spied on, possibly without your consent.”
Recently, the General Data Protection Regulation (GDPR) was established to safeguard the online personal data of European citizens and restrict it from being used in ways that infringe upon their rights to privacy. Other countries are adopting similar regulations, and even California has done something similar with their Consumer Privacy Act. By the end of 2023, it’s thought that these modern privacy laws will cover about 75% of the world’s population. Google’s attempt to get rid of third party cookies has been delayed, but is set to be complete by the end of 2024.
Until we see universal protections, be aware of how cookies can be used to track and store private information that could get in the wrong hands. This includes:
- Personal data that you enter on unencrypted websites, including your user ID, password, address, and payment information. Secure websites will have a small lock icon or an https at the beginning of their html address. If a website isn’t secure, don’t enter any personal information and leave it immediately.
- Advanced cookies for websites on websites where you enter extra sensitive information, like bank account or credit card information and social security numbers. Decline all but strictly necessary cookies in these cases.
- Third-party cookies that sell your browsing and shopping habits to outsiders. Always decline third-party cookies.
Mobile Devices as a Target for Malware
As consumers use their smartphones and tablets for more and more applications, a significant portion of their personal data is accessible through these devices. As a result, scammers are making it a priority to target them with malware — “malevolent software” — that allows them to hijack devices to access personal data and passwords.
So how do scammers access your devices to begin with? Phishing—through email, but also text and social media messaging—is the primary delivery source for malware. Email attachments, linked file attachments, and automatic downloads from linked websites, can all put malware on your device, which can in turn watch your activity, catch your user information, passwords, and financial account information when you enter it, or even lock you out of your device, your accounts, and steal your files and pictures—in exchange for a ransom. You can also accidentally download malware when you download unregulated third-party apps onto your device.
To avoid infecting your device with malware:
- Familiarize yourself with common phishing scams to avoid making nefarious downloads.
- Only download applications and software from official websites of trusted publishers (i.e., Apple, Microsoft, Adobe). Be cautious when downloading unfamiliar apps in your app store—do a little research first.
- Never download something directly from a website pop-up—even if it looks official.
Reusing passwords across multiple platforms is one of the easiest ways to leave yourself vulnerable to hacking. If just one of those websites is attacked, you could open up all your accounts that use that same password to fraud. Additionally, using simple and easy-to-guess passwords based on your name, birthdate, or other potentially predictable characteristics (#1Eaglesfan, maybe?), can also leave your accounts at risk.
Online shopping accounts that require you to create new accounts each time can leave consumers particularly vulnerable, especially as many of these accounts don’t require two-factor authentication. Here are a few ways to keep your accounts safe, even if you’ve reused passwords in the past:
- Change the passwords of the accounts you have that require the highest-levels of security: Bank and credit card online accounts, email, cloud storage, work-related logins.
- Use a trusted password manager, like these recommended by CNET, to create and store complex and unique passwords for your sensitive accounts and all new accounts. Password managers will also alert you if your password was compromised in a data breach.
- Watch out for phishing scams that attempt to steal or reset your passwords. Avoid emailed links that ask you to click to reset your password, and if anyone calls you asking you for a code that was sent to your phone, hang up.
- Use 2FA or MFA for an added layer of security.
Ransomware Attacks on Businesses
In a ransomware attack, scammers will use malware (though sometimes they simply steal passwords) to hijack important data or lock companies out of their operating systems or files, requiring a ransom to be paid in order to regain access. While consumers may be easy targets for cyber criminals, businesses often have greater assets as well as large stores of data (possibly even information about customers, too), making them an increasingly frequent pursuit for this form of fraud. In fact, in 2022 ransomware attacks on companies were 33% higher than they were in 2021.
However, there is no guarantee that the scammers will actually honor this request, and the stolen data may never be returned. In over 90% of cases, no data is returned after the ransom is paid.
The key to avoiding this costly misfortune is prevention. Beyond training your employees to spot and avoid phishing attempts, businesses should:
- Backup data in more than one location. Consider physical backups in addition to using cloud storage.
- Keep software and operating systems up to date.
- Replace devices that are out-of-date and no longer support security patches.
- Require employees to use a VPN on public Wi-Fi networks.
Keep Your Finances Secure with The First
At The First National Bank & Trust Company of Newtown, we offer robust security measures to all our personal banking and business customers to help guard your accounts against fraud and cybercriminal activity. From our Card Guard mobile app to protect your credit card purchases and allow you to quickly turn off your card if your account is compromised to our library of security resources, we strive to keep you protected and informed. To learn more about how we work to keep your financial accounts safe, check out our Security Statement, or reach out to us with your questions.