Data Security

Data Security 101: How to Stay A Step Ahead of Cybersecurity’s ‘Bad Actors’

By Ashley Beltram, AVP, Information Security

The technology we use every day is nothing short of amazing. Our mobile devices have the power to directly connect us with just about anything we want or need. We can stay in touch with our families, order dinner and a movie, pay our bills, and access endless amounts of information with just a couple of swipes and taps on our phones.

Generally speaking, this is great news! Navigant Credit Union has certainly embraced the digital age. We’ve upgraded our suite of digital products in an effort to provide our members with the access and convenience to which they’ve grown accustomed. However, it’s important to remember that technology also comes with risks. The digital world is, unfortunately, home to a number of “bad actors” whose schemes, scams and threats are advancing just as fast as the technology itself.

According to the Center for Strategic and International Studies, cybercrime annually costs the global economy $445 billion – and other studies predict that number will balloon to $6 trillion by 2021. In 2018, a national nonprofit watchdog group called Identity Theft Resource Center tracked more than 1,100 data breaches across the country, impacting nearly 60 million records.

Clearly, the threat of cybercrime is very real – and, now that digital tools have become more commonplace than ever before – anyone can be impacted. That’s why it’s important to understand some of the strategies these “bad actors” are using so that you can stay one step ahead.

Schemes, Scams and Threats

Today’s bad actors are rarely “lone soldiers.” They’re often heavily funded by criminal organizations and have the resources to invest in the equipment and technology they need to make their scams more advanced and convincing. They typically prey on human empathy, human error and panic. They know that you use your phone or your computer every day, and they attempt to catch you off guard.

Here are some of the strategies bad actors are using today:

Phishing Emails: This is the most popular way of deceiving people. Have you ever received an email that looked like it was from your friend, coworker or official govt. agency– but the language in it just didn’t seem right? Perhaps an email address very similar that the IRS (tax scams) sent, asking you to click on a link, send them money or tell them your social security number? That is an example of a phishing email. This scam consists of a bad actor attempting to gain your trust or compassion with the end goal of gaining unauthorized access to your sensitive information.

Ransomware: This is one of the fastest-growing cybercrime threats. Ransomware is a type of malware installed on a user’s computer that encrypts your data and files and demands a payment in order to restore your files. The installation of ransomware can often be the result of clicking on a bad link or visiting an untrustworthy website. As an added frustration: Even if you do pay the ransom, it’s never guaranteed that your data will be properly decrypted.

DDoS Attacks: Relevant to businesses but can impact members who try to access certain websites, products, and services. The acronym stands for “distributed denial of service.” In simple terms, DDoS attacks are when a bad actor distributes an overwhelming amount of “noise” to a specific website in an effort to clog the servers and makes the website, and products and services associated with it, unavailable.

Spotting the Red Flags and Staying a Step Ahead

The most important action you can take to protect yourself from bad actors is to interact with trustworthy websites and do business with reputable organizations. There are also plenty of simple steps you can take to give yourself an added layer of security.

Stay alert when receiving incoming emails: If you receive a bizarre email from someone claiming to be from a reputable source, double-check the email address. Never click on links or open attachments sent by email addresses you don’t know or trust. And if something seems too good to be true (say, you’ve won a prize with a lottery you didn’t enter),it probably is.

Create strong passwords – and change them frequently: Use a minimum of 8 characters and a mix of uppercase and lowercase letters, numbers and special characters. Make the passwords easy to remember, but hard to guess.

Minimize the use of public WiFi or public computers for sensitive work like paying bills or banking: Public networks are typically far more susceptible to cyber threats. If you must use a public computer, make sure that you log out after each session.

Check the URL: Before you enter your credit card number or other sensitive information online, take a look at the website’s URL. The “s” at the end of the http code at the beginning of the URL stands for secure.

Finally, share responsibly on social media: Bad actors can use the information you’re putting on social media to impersonate you, guess your password or security questions or send you targeted phishing emails by collecting information about your personal interests.