By Todd Billcliff, CFE, Assistant Vice President, Fraud Risk Officer, Canandaigua National Bank & Trust
In today's world — where data breaches are common occurrences
— it's especially important for you to understand the digital
risks you face. Are you doing all you can to mitigate the risk of a
cyberattack? According to Lexis Nexis, 4,500 data breaches have
occurred in the last 15 years, with 45% of Americans suffering
some form of personal information compromise in the last 5 years.
How are your systems protected? Do you collect and store
personal information, such as credit-card information, Social
Security numbers, and birth dates? If so, how is this information
stored and who may access it? Do you store it in multiple locations
and formats? Are these files password protected and, if so, are you
using multiple complex passwords? Do you have Wi-Fi accessible
to others?
When monitoring your security, ensure you have firewall and
encryption technology that protects your Internet connections
and Wi-Fi networks. Make sure your computers have antivirus
and anti-spyware software installed and updated automatically.
Use complex passwords that are changed regularly, and do not
share your passwords with anyone. Keep only personal data
that you actually need and dispose of it securely as soon as it no
longer serves a purpose. Back up critical information and data on
a regular basis and store the backups securely. Utilize two-factor
authentication within apps wherever offered. If you’ve suffered
a cyber fraud event, consult an IT professional to check your
systems as soon as possible.
In writing or speaking, redundancy is typically not recommended
unless you're really trying to drive a point home. When it comes to
your digital life, however, redundancy is not only recommended,
it's critical. That's because redundancy means having multiple
data backups stored in different locations. Here are some ideas
for redundancy when backing up your data:
- If you have digital assets that you don't want to risk losing
forever— including photos, videos, original recordings, financial
documents, and other materials — you'll want to back them up
regularly, in at least two locations, preferably in multiple file
formats. And it's not just materials on your personal computer,
but your mobile devices as well. Depending on how much you
use your devices, you may want to back them up as frequently
as every few days.
- Ensure that at least one backup copy is stored offsite. You could
store your external hard drive in a safe-deposit box or at a
trusted friend or family member's house. Cloud storage is also
considered offsite.
Cloud storage — using Internet-based service providers to
store digital assets such as books, music, videos, photos, and
even important documents including financial statements and
contracts — has become increasingly popular in recent years. But
is it right for you? If a cloud service is one of your backup tactics,
be sure to carefully review the company's policies and procedures
for security and backup of its servers. Another good idea is to
encrypt (that is, convert to code) to protect sensitive documents
and your external drives. Other considerations include:
- Evaluate the provider's reputation. Is the service well known,
well tested, and well-reviewed by information security
specialists?
- Consider the provider's own security and redundancy
procedures. Look for such features as two-factor authentication
and complex password requirements. Does it have copies of
your data on servers at multiple geographic locations, so that a
disaster in one area won't result in an irretrievable loss of data?
- Review the provider's service agreement and terms and
conditions. Make sure you understand how your data will be
protected and what recourse you have in the event of a breach
or loss. Also understand what happens when you delete a file
—will it be completely removed?
- Consider encryption processes, which prevent access to your
data without your personal password (including access by
people who work for the service provider). Will you be using
a browser or app that provides for data encryption during
transfer? And once your data is stored on the cloud servers, will
it continue to be encrypted?
Ensure that you understand the risks associated with phishing
emails, as well as "social engineering" — manipulative tactics
criminals use to trick employees into divulging confidential
information. Remember, most companies generally do not contact
you asking for any user-specific information such as username,
password, or other personal information.
The FBI regularly publishes articles on trending fraud schemes
and allows victims to report schemes via their Internet Crime
Complaint Center (IC3). For more information,
visit www.fbi.gov/scams-and-safety.
©2021 Broadridge Investor Communication Solutions, Inc. All rights reserved. ©Lexis Nexis. Material provided by Todd Billcliff.