Cybersecurity breaches are a major issue faced by organizations all over the world. But does the average consumer need to worry about getting hacked? And what risk does a consumer getting hacked present to their financial institution? As cybersecurity risks evolve, your institution should embrace the opportunity to educate and provide cybersecurity best practices, including for personal cybersecurity.
In CSI’s annual Banking Priorities survey, respondents identified P2P fraud as a top cybersecurity concern (29%), followed closely by data breach/disclosure (23%). While P2P payments offer convenience for many consumers, incidents of related fraud continue to grow. In fact, one study found that P2P fraud victims have grown by 733% since 2016, making awareness and education of personal cybersecurity best practices more important than ever.
10 Cybersecurity Tips for Consumers
In today’s interconnected digital world, how can consumers stay safe using digital tools for everyday tasks like shopping or banking? According to Norton, 58% of adults are more worried than ever about being a cybercrime victim, and more than half of adults (53%) admit they don’t know how to protect themselves from cybercrime. As trusted pillars in the community, financial institutions are uniquely positioned to partner with their customers or members for cybersecurity awareness.
Below are several personal cybersecurity best practices to enhance protections for your customers, members, employees or colleagues:
Update Devices
Most are familiar with the annoying pop-up reminder that a computer or phone requires a software update. While it may be easy to delay the reminder for another day, it is best that consumers install those immediately. Those updates often contain critical security patches to remediate vulnerabilities. Cybercriminals often exploit these vulnerabilities to access accounts or data, but updating devices, web browsers or systems can mitigate some of the risk. Consumers can also set automatic updates for their devices to streamline this process.
Install Anti-Virus (AV) Software for Home Devices
Home devices are subject to the same viruses and malware that can infect corporate machines. Home users should invest in AV software and make sure it periodically scans machines and updates accordingly. While paid AV software is recommended, there are free versions for consumers from companies like Bitdefender, Microsoft, Sophos and others that offer options for Mac and Windows.
Sign Up for Alerts
Effective alerts help enhance consumer vigilance against cyber threats, providing nearly real-time insight into account activity. Your customers or members should take advantage of these alerts to monitor for potential fraud. Many financial institutions and credit card companies also offer alerts on purchases of a certain size or purchases made without the card present. Encourage customers and members to utilize this feature to quickly know if a card number has fallen into the wrong hands and minimize the damage.
Monitor Account Activity
In addition to utilizing account alerts, consumers should monitor accounts or statements closely to detect any fraudulent activity as soon as possible. Consumers should contact their financial institutions immediately if a suspicious charge is detected.
Develop Strong Passwords or Passphrases
To maximize online security, consumers should prioritize strong, unique passwords or passphrases for important accounts, such as email and digital banking. Complex passwords further strengthen security, so consider using a fully punctuated sentence with at least 15 characters. Consumers should not include identifying information in passwords, including names of spouses or children, important dates or answers to common security questions.
Use Secure Wi-Fi Networks
Consumers should always use a strong password to secure their personal network and avoid using public Wi-Fi networks. It may be tempting to use public Wi-Fi at a coffee shop or airport but using unsecured Wi-Fi to access personal information—including online banking accounts—is risky. Cybercriminals can exploit weaknesses in public Wi-Fi to intercept valuable information, such as login credentials or payment information.
Enable Multi-Factor Authentication
It’s estimated nearly 64% of consumers use a password exposed in one breach for other accounts. This reinforces the need for unique, strong passwords on important accounts. Further, institutions should require multi-factor authentication (MFA) to make it more difficult for hackers to gain account access. Unfortunately, a username and password do not always adequately protect against hacking. It is not uncommon for these credentials to make their way to the dark web and into the hands of cybercriminals. To increase protection, many websites that hold valuable information offer the option for MFA. Instead of logging in with only a username and password, users must provide a third piece of information to access their account. While the third piece of information may come as a code sent via text or phone call to a specified number, authenticator applications are a much stronger option. While MFA is not always offered, it is currently the best way to stop account takeover and should be utilized when available, especially for accounts that may hold sensitive information, such as email accounts, online banking and healthcare accounts.
Think before Clicking
Hackers often use SPAM email and text messages to get people to click on malicious links that lead them to download viruses or spyware, or prompt users to enter their credentials. Before clicking on a link, your customers and members should question whether the communication was expected and if the sender is familiar or legitimate. For example, an email from Apple.com would be correct, but an email from AppleInc.com would be forged. Before clicking on any link, hover over the link with a mouse to see the website the link directs to. If the underlying address does not match the address in the email, do not click it. Consumers should avoid making decisions under duress, including clicking unknown links. Fraudsters often pressure their victims into making decisions, but customers or members should evaluate the situation before letting stress set in. They should also trust their instincts if something feels off.
Avoid Sharing Personal Information
Consumers should be mindful of the personal information shared on the phone or online, especially on social media platforms. For example, fraudsters could find answers to common security questions on social media, which often include the mother’s maiden name, high school, hometown, etc. To prevent this, social media privacy settings should be monitored to ensure personal information, posts or photos are not publicly accessible.
Maintain Regular Backups of Important Data
Consumers should keep backups of important data to avoid negative consequences from hacking or malware. Your customers or members can be victims of a variety of attacks, so maintaining backups will expedite recovery from ransomware or other types of malware. If a consumer resets their device due to a malicious threat, they could lose all data if it is not adequately backed up. External hard drives or flash drives are accessible and could serve as a backup option for most users.
Why Your Institution Should Provide Cybersecurity Tips to Customers and Members
Unfortunately, anyone can be the target of hackers looking to steal money, information or identities. But there is good news: Even the least computer-savvy people can take steps to protect themselves.
Your financial institution should empower consumers with information through cybersecurity awareness campaigns, an essential step in the fight against cybercrime. Providing education and promoting good cyber hygiene—including the best practices discussed above—will mitigate cybersecurity risk for consumers and your institution while increasing the potential for new business through knowledge sharing.
Empowering Consumers with Personal Cybersecurity Tips
If your customers or members are following cybersecurity best practices, then they are less likely to be the victim of a breach, and in turn, your institution is less likely to spend time and resources responding to the effects of the breach. In other words, a security-conscious consumer means less risk for your institution.
Download CSI’s 2023 Banking Priorities Executive Report for additional insight into top cybersecurity challenges and more.
READ THE REPORT
Steve Sanders serves as CSI’s chief information security officer. In his role, Steve leads CSI’s information security vision, strategy and program, and chairs the company’s Information Security Committee. He also oversees vulnerability monitoring and awareness programs as well as information security training. With almost 20 years of experience focused on cybersecurity, information security and privacy, he employs his strong background in audit, information security and IT security to help board members and senior management gain a command of cyber-risk oversight.