Your Bank > Education and Advice > CNB University

How to Protect Yourself from Cyber Threats

By Todd Billcliff, CFE, Assistant Vice President, Fraud Risk Officer, Canandaigua National Bank & Trust

In today's world — where data breaches are common occurrences — it's especially important for you to understand the digital risks you face. Are you doing all you can to mitigate the risk of a cyberattack? According to Lexis Nexis, 4,500 data breaches have occurred in the last 15 years, with 45% of Americans suffering some form of personal information compromise in the last 5 years.

What are your vulnerabilities?

How are your systems protected? Do you collect and store personal information, such as credit-card information, Social Security numbers, and birth dates? If so, how is this information stored and who may access it? Do you store it in multiple locations and formats? Are these files password protected and, if so, are you using multiple complex passwords? Do you have Wi-Fi accessible to others?

Tips for security

When monitoring your security, ensure you have firewall and encryption technology that protects your Internet connections and Wi-Fi networks. Make sure your computers have antivirus and anti-spyware software installed and updated automatically. Use complex passwords that are changed regularly, and do not share your passwords with anyone. Keep only personal data that you actually need and dispose of it securely as soon as it no longer serves a purpose. Back up critical information and data on a regular basis and store the backups securely. Utilize two-factor authentication within apps wherever offered. If you’ve suffered a cyber fraud event, consult an IT professional to check your systems as soon as possible. 

Redundancy is key

In writing or speaking, redundancy is typically not recommended unless you're really trying to drive a point home. When it comes to your digital life, however, redundancy is not only recommended, it's critical. That's because redundancy means having multiple data backups stored in different locations. Here are some ideas for redundancy when backing up your data:

  • If you have digital assets that you don't want to risk losing forever— including photos, videos, original recordings, financial documents, and other materials — you'll want to back them up regularly, in at least two locations, preferably in multiple file formats. And it's not just materials on your personal computer, but your mobile devices as well. Depending on how much you use your devices, you may want to back them up as frequently as every few days.
  • Ensure that at least one backup copy is stored offsite. You could store your external hard drive in a safe-deposit box or at a trusted friend or family member's house. Cloud storage is also considered offsite.

More about cloud storage

Cloud storage — using Internet-based service providers to store digital assets such as books, music, videos, photos, and even important documents including financial statements and contracts — has become increasingly popular in recent years. But is it right for you? If a cloud service is one of your backup tactics, be sure to carefully review the company's policies and procedures for security and backup of its servers. Another good idea is to encrypt (that is, convert to code) to protect sensitive documents and your external drives. Other considerations include:

  • Evaluate the provider's reputation. Is the service well known, well tested, and well-reviewed by information security specialists?
  • Consider the provider's own security and redundancy procedures. Look for such features as two-factor authentication and complex password requirements. Does it have copies of your data on servers at multiple geographic locations, so that a disaster in one area won't result in an irretrievable loss of data?
  • Review the provider's service agreement and terms and conditions. Make sure you understand how your data will be protected and what recourse you have in the event of a breach or loss. Also understand what happens when you delete a file —will it be completely removed?
  • Consider encryption processes, which prevent access to your data without your personal password (including access by people who work for the service provider). Will you be using a browser or app that provides for data encryption during transfer? And once your data is stored on the cloud servers, will it continue to be encrypted?

Be aware

Ensure that you understand the risks associated with phishing emails, as well as "social engineering" — manipulative tactics criminals use to trick employees into divulging confidential information. Remember, most companies generally do not contact you asking for any user-specific information such as username, password, or other personal information.

The FBI regularly publishes articles on trending fraud schemes and allows victims to report schemes via their Internet Crime Complaint Center (IC3). For more information, visit

©2021 Broadridge Investor Communication Solutions, Inc. All rights reserved. ©Lexis Nexis. Material provided by Todd Billcliff.