Cybersecurity
Technology is making it easier to stay connected and do what needs to get done — from managing your insurance policy to wishing Aunt Inez a happy birthday.
But living a digital life can leave us vulnerable to identity thieves who use technology against us. We’ve gathered answers to questions you may have about practicing better security online, at home, and on your mobile device. Read on or click on a button to skip ahead.
Mobile security Security at home Social media Phishing and email security Ransomware
Passphrases and multi-factor authentication (MFA)
Passwords are a familiar part of our daily routines. You use them everywhere — at your bank, on your computer and smartphone, and to access various websites. But, there are more threats to passwords than ever and it’s no longer safe to rely solely on a password to secure your digital life.
Why aren’t passwords “secure” anymore?
Some people reuse the same email address or username and the same password when creating online accounts. This is a problem for two big reasons.
First, phishing attacks (also known as “password harvesting”) are increasingly successful at tricking users into sharing login credentials with attackers on fake websites designed to appear legitimate.
Second, after years of near-constant data breaches, there’s a treasure trove of compromised usernames and passwords floating around online. It's relatively easy for anyone to find and search through these compromised login credentials.
When an attacker gets a username and password for one website — through phishing, searching a past data breach, or any other method — the login credentials will work on many other websites because most people reuse the same username and password across multiple online accounts.
How can I practice better security online?
One solution to ensure better security is to use multi-factor authentication (MFA).
MFA still uses a username and a password, but it also requires an additional piece of data to complete the login process — either something you have (like a cellphone/phone number) or something that you are (like a fingerprint or your face). Examples of MFA are when you receive a six-digit code via text message on your cellphone (something you have), or when you use a fingerprint to log into your cellphone (something you are).
For personal accounts, consider enabling MFA whenever it is offered. Some websites will send you a code via text message, and others will use free smartphone apps like Google Authenticator or Microsoft Authenticator.
For accounts that don’t offer MFA, consider changing your password at least once annually. For especially sensitive accounts (bank and other financial accounts) that don’t offer MFA, consider changing your password quarterly. For social media accounts, twice a year is a good idea.
What is a secure alternative to a password?
A passphrase differs from a password in that it’s literally a phrase. Most people find that phrases are easier to remember than random passwords, and passphrases tend to be longer and are more secure because they’re more difficult to guess or crack. Here are some examples:
- P@s$w0rD!#
- Thi$-is-@-pr3tty-go0d-pAsspr@$e_f0r-a-FRIYAY!
In this example, both the password and the passphrase use a mix of upper-case and lowercase characters, numbers, and symbols. However, the passphrase is considerably stronger because it would take an attacker a very long time to crack it.
Always use strong passphrases, and don’t use the same passphrases across multiple accounts. You can use a password manager to help create new passphrases for new accounts, and to securely store each account passphrase. There are also websites that can generate random passphrases for you.
Mobile security
How can I make my mobile device more secure?
Hackers often target mobile devices to gain access to personal information, and much of the security advice for PCs applies.
- Ensure you have a strong password or passphrase.
- Don’t leave your mobile device unattended.
- Don’t click on suspicious links.
- Don’t install software or apps you aren’t familiar with.
Are there any places I shouldn’t use a wireless network?
Don’t connect to public wireless (Wi-Fi) networks — or any other Wi-Fi network — that you don’t control. It’s easy for attackers to monitor you from the websites you visit.
Security for your home
What security precautions can I take at home?
There are three main security recommendations.
- Install security updates as soon as possible or practical. If possible, enable automatic updates for all your devices (smartphones, PCs, routers, and other smart devices or “smarthome” devices) and important software (such as browsers like Google Chrome or Firefox, antivirus software, productivity software such as Microsoft Word, and tax or financial software).
- Use a unique password for each device and software interface.
- Use multi-factor authentication (MFA) for all personal user accounts.
What features should I look for in antivirus protection?
Antivirus software catches and removes malware that can usually be prevented in the first place by installing security updates in a timely manner.
Traditional antivirus software is somewhat less effective than it once was. However, many people find that using antivirus software provides an extra layer of protection, and there’s no downside from a security standpoint.
Is a Mac more secure than a PC?
Both platforms have their security strengths and weaknesses, and both Apple and Microsoft have been generally successful at addressing security issues facing their specific platforms.
When I dispose of my device, how do I make sure it is “wiped” clean?
When disposing of a computer, consider removing the hard drive (if possible) and destroying it.
If you plan to sell the device to someone else, they can purchase a replacement hard drive from any electronics retailer.
Social media
Always assume that social media posts are recoverable. Even if the social media site itself doesn’t store the information indefinitely (most do, even if you delete a post), other users can take screenshots of posts before they are removed or “disappear” from a social media site.
To secure your social media account, use a unique password, enable MFA, and never click on links in messages or posts that you don’t recognize or trust.
Additionally, consider reviewing privacy settings at least once annually to ensure they are configured according to your comfort level.
Phishing and email security
It is never safe to send Social Security numbers, credit card numbers, bank account numbers, or other confidential or sensitive information through email. If you must provide this information to someone, the simplest method is to call them and provide the information verbally.
If you must send information electronically, consider sending documents through a trusted file-sharing service that uses HTTPS on their website. You can then share an HTTPS hyperlink to the information via email.
How does phishing work?
Phishing emails are commonly in the form of “password harvesting” attacks (that’s the “ph” part of “Phishing”). Phishing emails usually appear to be urgent (e.g. “Your account will be disabled unless [X]” or “You must pay this overdue invoice”), and they usually contain attachments or links to legitimate-looking websites (such as microsofft.com).
Although there are confirmed attacks where simply opening a phishing email resulted in a compromised system, most phishing messages are safe to view. Attachments or files contained within phishing emails are almost always unsafe to view or open.
Never click on links or open attachments unless you know the sender AND you were expecting the information or file. If you’re not certain a message is legitimate, check with the person by calling, texting, or (gasp!) talking face-to-face. An attacker may have compromised the account of an individual or institution that you trust. Communicating over email just means you’re communicating with the attacker.
When should I report a phishing attack at work?
Time is usually of the essence. If you think you have received a phishing email, or if you think you opened an unsafe attachment or hyperlink by mistake while you’re at work, promptly report the occurrence to the company service desk.
Ransomware
What is ransomware?
Ransomware is a type of malicious software that restricts access to a system. Attackers then demand payment in exchange for the restoring access to the data.
What happens in a ransomware attack?
You receive an email (for example in a phishing attack) with links to a malicious site or an attachment that can run ransomware on your system. This allows attackers to deny access or disable systems until their demands are met.
What can I do to prevent a ransomware attack?
The most important layer of protection is to have a reliable backup of your computer system and a restoration plan. Without a backup system (which many people and businesses lack), victims are left with no choice other than to pay the ransom to regain access to their information.
Also, install security updates as soon as they’re available. If possible, enable automatic updates for all your devices and important software.
For more information
CyberScout is leading the charge against hackers and thieves, providing identity management, credit monitoring, and cyber security for more than 17.5 million households. Learn how Grinnell Mutual’s partnership with CyberScout can keep you safer and help you recover after an identity theft faster.
For immediate identity protection assistance, call us at 844-965-3107.
Learn about CyberScout Call CyberScout for assistance Visit CyberScout resource center