Personal Cybersecurity Advice from a Threat Intelligence Expert

In 2004, the federal government declared October Cybersecurity Awareness Month, intended to help people and organizations learn to recognize online threats and better protect their confidential data. However, protecting yourself, your family, and your business from cyberthreats takes daily attention, not just a few weeks out of the year. With the holiday season now just around the corner, it’s even more important to be aware of scams and enticement intended to swipe our valuable personal information.

To help our members and others interested in online safety, we spoke to Geoffrey Floding, SECU Vice President of Threat Intelligence, for tips and advice on personal cybersecurity. Geoffrey discusses the impact of the pandemic, popular cybercrime techniques and how to identify them, and what to do if you think you’ve become a victim.

Question: Has preventing cybercrime changed because of the pandemic?

Geoffrey: Yes, cybercriminals have changed their targeting because of the pandemic. Two Examples:

1. Threat actors are utilizing widely discussed themes, such as vaccination and corporate work-from-home policies which are designed to trick victims into clicking on their malicious emails.
2. Threat actors are also targeting people at home where they have fewer corporate enterprise security controls protecting them. There have been many reports of threat actors trying to utilize an employee’s access through their corporate VPN.

Question: Are there common techniques cybercriminals use?

Geoffrey: Phishing emails are a cybercriminal’s most popular attack vector. This technique seeks to acquire sensitive data or access to a computer by either engaging the victim directly, or by tricking the victim into clicking a link or opening a document. These emails can appear as if sent from a legitimate business.2 In the last year we’ve seen criminals also use text messages and even phone calls to trick users into installing software on their computers or giving them their personal information.

Question: Are there immediate ways to spot cybercrime?

Geoffrey: If an email, text, or phone call asks for personal information or access to your computer systems, it is a reason to be cautious. Individuals should always validate who they are dealing with and be careful about what they share.

Question: How do I know if I’m a victim of cybercrime, and what should I do if I think I’ve been attacked?

Geoffrey: If you suspect you are a victim of a cybercrime, either by having unknown charges show up on a bank statement, or having your identity used without your knowledge, it is best to contact the credit union immediately. Contact information and resources are available to members on the State Employees’ Credit Union website .

In addition to these suggestions, the Cybersecurity & Infrastructure Security Agency offers four steps everyone can take.1

• Think Before You Click! Recognize and Report Phishing:?If a link looks a little off, think before you click. It could be an attempt to get sensitive information or install malware.?
• Update Your Software:?Don’t delay—if you see a software update notification, act promptly. Better yet, turn on automatic updates.
• Use Strong Passwords:?Use passwords that are long, unique, and randomly generated. Use password managers to generate and remember different, complex passwords for each of your accounts. A password manager will encrypt passwords securing them for you!
• Enable Multi-Factor Authentication (MFA):?You need more than a password to protect your online accounts, and?enabling MFA makes you significantly less likely to get hacked.

Learn more about cybersecurity and Cybersecurity Awareness Month from Cybersecurity and Infrastructure Security Agency .

1Cybersecurity Awareness Month. Cybersecurity and Infrastructure Security Agency CISA. (n.d.). Retrieved cisa.gov

2Editor, C. S. R. C. C. (n.d.). Phishing - glossary: CSRC. CSRC Content Editor. Retrieved from csrc.nist.gov?

#Cybersecurity #CybersecurityAwarenessMonth #Cybercrime #StrongPasswords #MultiFactorAuthentication #OnlineSafety #OnlineSecurity