Cyber Security Risks: Yes They're Real
As the world becomes increasingly connected and cyber threats grow in size and complexity, personal insurance professionals have a tremendous opportunity to help our clients protect their identities, financial assets, reputations, and more.
According to CNN Money, 47% of adults in the U.S. (110 million people) had personal information exposed by hackers in 2014 alone. In fact, 432 million accounts essentially were hacked and the number of fraudulent transactions and resulting loss of personal wealth is on the rise despite the important financial protection afforded by top credit-card providers and other financial institutions. As this story reminds us, knowing the security protocols of all third-parties with whom you share your personal information is a critical first step. Here are a few other things you can do to help prevent significant loss and the hassle of restoring an identity following an event.
1. Use strong, unique passwords for every site, account and device.
The more complex the password is, the harder it is for hackers to crack, regardless of their technology.
- Create passwords that are longer than 12 characters and have a combination of letters (uppercase and lowercase), numbers, symbols and spaces.
- Avoid using actual words in passwords.
- Use a password manager service to help create strong and unique passwords and to securely keep track of them for you. Be sure the password manager you select uses multi-factor authentication such as requiring a password and a USB key.
- Avoid password reset questions that anyone could answer by researching you or your family through paid or public services.
- Always protect your mobile devices with a password; adjust the settings on your devices so that they lock within a minute of being idle.
2. Use multi-factor authentication.
This refers to the use of multiple points of authentication from independent categories to verify a user’s identity. It typically combines:
- “something you know” (most commonly your username and password)
- “something you have” (your smartphone)
- “something you are” (your fingerprint)
When used together, these can greatly increase security because a hacker would need additional authentication requirements to access your account. Most top banks and investment houses now require or allow multi-factor authentication. Other important services, like e-mail, more now provide the same options. For example, Gmail will send users a text message with a one-time code as a log-in requirement to supplement the user name and password.
3. Further protect your laptop and other mobile devices.
- Use “Whole Disk Encryption” on your laptop. This technology locks down the information stored on your hard drive by converting it to unreadable code.
- Install a “Remote Wipe” tool. By installing or activating a commercially available option like “Find My iPhone” and “Lookout Mobile” today, if your mobile device is lost or stolen, you’ll have the ability to remotely wipe (erase) the device of all information.
4. Network smarter.
Avoid public Wi-Fi networks. Hackers often target unsecure, public networks, like those in hotels, airports and cafés.
- Use a mobile hotspot that’s been properly configured with a firewall and WPA2 wireless encryption instead of a public or untrusted Wi-Fi. Most “Mi-Fis” (small devices offered by cellular carriers that create a personal Internet connection with a unique password) use WPA2. Many newer smartphones come equipped with “tethering” hotspots, too. If you must use a public Wi-Fi, deploy a virtual private network (VPN) encryption tool.
- Change the default settings on your home router. Routers often are installed with standard user names and passwords that can easily be found online—allowing hackers to access to your home network. Additionally, universal plug and play (UPnP) is another common way for attackers to exploit your network via your router. Change the default administrator password on your router to a unique, strong password of your own and consider disabling UPnP.
5. Play it safe online.
- Secure your social profile. The first step to securing your social profile is limiting the information that you share. For example, don’t post about the vacation you’re on, your home address or any other time-and-place identifying information. Update your settings to ensure that your profile information is accessible only to those in your network of friends or connections.
- Use caution when storing items in the cloud. Avoid storing medical information, financial data or personal identifiers in cloud-based services, like Dropbox, Google Drive and Box. Although these services might encrypt your files in transit, they’re not always encrypted at rest.
These are just a few important strategies to reduce cyber risk. There are numerous others, like insurance, obtaining an annual credit report, subscribing to an identity monitoring service, and so on.
As part of developing our new CyberSafe Solutions, PURE collaborated with Concentric Advisors, an elite personal security firm, to produce a white paper that provides a far more comprehensive look at cyber risks and ways to mitigate them.
This article was originally written by Martin Hartley for PropertyCasualty360.com. Martin Hartley serves as the Executive Vice President and Chief Operating Officer at PURE Group of Insurance Companies.