By Ryan L. Kaiser, CFE, Assistant Fraud Risk Manager, Canandaigua National Bank & Trust

According to the FBI’s annual Internet Crime Report, consumers lost over $6.9 billion to internet crimes in 2021. Internet crime complaint volume has skyrocketed since the beginning of the COVID-19 pandemic, rising 81% since 2019. Unfortunately, fraudsters and scams will always pose a risk to consumers and businesses. Consider the following tips and techniques to minimize your risk and susceptibility to financial loss or data compromise -

1. Use anti-virus software.
   Ensure your software is consistent up to date with latest upgrades and patches. Consider allowing for automatic update installation, which most anti-virus software providers offer.
2. Be smart about passwords.
   Long (14+ character), complex passwords using letters (both upper and lower case), non-sequential numbers, and special characters are ideal. Be sure to change passwords regularly and do not write them down or share with others. While it may be tempting to re-use the same password for multiple accounts, such as sharing passwords for an online bank account and a 401(K) online account, the results of doing so can be devastating. Hackers steal information by buying up large batches of known usernames and passwords, and then attempting to login to other platforms or service providers with the same unique combinations of password/username.
3. Practice regular account oversight and maintenance.
   Routinely log in to accounts such as online banking, retirement, and so on, to be sure that everything is in order and that all contact information is kept updated. Many financial service providers do offer protections in the event of cyber-fraud events, however active account maintenance and regular account monitoring are critical for effective remediation. Be sure to close out any idle or unused accounts as well, to minimize potential vulnerabilities.
4. Use Multi-Factor Authentication.
   In today’s environment, many applications or providers will require the use of Multi-Factor Authentication (MFA). Simply put, MFA means you need to pass a secondary layer of security to gain access to an application, beyond a simple username and password entry. For applications or websites that offer MFA as an option but not a requirement, resist the urge to proceed with just the username and password option. While MFA can be a bit cumbersome, the alternative of an account compromise can be much more painful!
5. Only use trusted networks.
   Avoid using free, unsecured Wi-Fi networks available in public places such as airports, coffee shops, and hotels, particularly for any tasks that involve sensitive personal data or banking information. Hackers can use these unsecured networks to intercept consumer data and to distribute destructive malware.
6. Beware of phishing attacks.
   According to the FBI, phishing was the most common type of cybercrime experienced in 2021, with over 323,000 unique incidents reported. Phishing attacks are messages aimed to trick consumers into sharing sensitive information such as usernames, passwords, and account numbers. The message will typically look like it comes from a trusted organization or company and guide the user to click on a malicious link or reply with confidential information. Some top phishing red flags include the following –
   • An unexpected text message or email from someone you don’t know.
   • Poor, unprofessional spelling or grammar.
   • Shortened or odd-looking links or email addresses.
   • Questions from a business about usernames, passwords, or security questions; legitimate providers do not ever send these emails or texts!
   • Offers that seem too good to be true, or messages containing a heightened sense of urgency.
7. Report known cybersecurity incidents.
   Click here for the Department of Homeland Security's guidance on reportable cybersecurity incidents, best practices, and steps to take.
   Click here to view the FBI’s annual IC3 Report from 2021.