In today’s digital world, staying safe online is more important than ever before. With hackers, scams, and other sharks lurking in the eerie ocean that is the Internet, it is always beneficial to be one step ahead of the game. Kevin Holleran, assistant vice president of information security at Teachers Credit Union (TCU), offers some advice on how to keep online information protected to help users feel confident that their information will be secured no matter the situation.
Protect your passwords
Most everything is done online today, from paying bills, to shopping, to checking bank accounts and more. Unfortunately, these tasks all require the use of multiple websites, each requiring a separate username and password. To help combat this problem, Holleran recommends storing passwords in a secure place where they can be accessed only by the individual using the account when needed.
“I think it is a great idea for people to start using what's called a password manager,” Holleran said. “There are a lot of different products out there that can be used. But this is a secure vault to store all your passwords in so they can be really long and random and you don't have to remember them.”
With remembering every password now a thing of the past, Holleran also recommends getting creative when it comes to the passwords a user chooses for each site.
“One of the biggest concerns is people that reuse passwords for more than one account,” he said. “If something bad happens to one account, then the bad guys go out and they try to use that same password across all the other accounts. When you're looking at your password manager, you have one big password that protects all the rest of your passwords, so you'll want to make sure that's a really good one.”
Holleran has a neat tip when it comes to creating new passwords, and when he first discovered it, it was like music to his ears.
“I actually advise people to use song lyrics because if you're like me, a song lyric will flow in your brain, so you'll remember it,” he said. “And on top of that, I'm pretty sure I don't have most of the words right anyways, so it's really hard for anyone to guess.”
Watch out for scammers
Even today, scammers are everywhere, and will try just about anything to get personal information from anyone they have their sights set on. Holleran said their tactics come in many forms, so be sure to keep an eye out whenever something seems off by any means.
“There are a lot of the support scams people who will call in and try to capitalize on the scary cyber environment, calling people and telling them ‘Hey, you've been hacked, you just need to let me into your machine to be able to help you with that,'” said Holleran.
Scammers are also more apt to pull on those emotional heartstrings just to get what they want, and often go out of their way to target those more prone to falling for such things, such as the elderly or those more naïve when it comes to technology.
“We've also seen a lot of people keying in on empathy,” Holleran said. “People are helpful by nature - they want to come together as a community for world events that happened or weather disasters. So, we see a lot of phishing campaigns that say, ‘donate to this’ or ‘save the children from that,’ and those tend to be pretty successful for people collecting items. Another one is elderly abuse. We see a lot of that going on, targeting elderly people and going after their retirement savings.”
They’re especially active during tax season as well.
“Tax season is a big one where they fraudulently file tax returns early to get a refund and then run off with it,” he said.
How to fight back
Holleran said being aware and having that suspicion is key to making sure someone isn’t being taken advantage of online. Have conversations with others, and it never hurts to ask for a second opinion if someone isn’t sure if what they’ve encountered is a scam or legit. Most importantly, remain logical.
TCU uses an acronym called STOP for people to keep in mind when they receive a communication they’re not sure about. STOP stands for: Slow down, Think it through, Observe the situation, Pick up the phone. The acronym advises people to take a step back and think about things from a logical standpoint. It also asks for them to observe the situation and determine if this is a common occurrence, or if the contact is looking for an urgent, emotional reaction. If it’s coming from someone the receiver supposedly knows, make sure the words and tone sounds like how they would speak or write. Most importantly, verify the source by checking out of band, which means using another medium than how the original contact was made. If an email is received, then call or text the person at a known, valid number to verify. If the call came from a financial institution, hang up and call back to the number on the card. In the case of other organizations, find a verified number on a known, valid website. Remember, it’s important to INITIATE the connection (instead of receiving it) through a different medium than the original message was received, so the validity of the communication can be verified.
In addition to a password manager, Holleran also highly recommends two factor authentication.
“That's a service you can get right through your mobile banking system, where you either get that code as a text message, or you can use apps or even get phone calls. We recommend doing that across all your accounts,” he said.
More information about two factor authentication and other ways to stay safe online can be found on TCU’s information security website page. Holleran also advises everyone to check out other online resources such as staysafeonline.org, or sans.org, which has a newsletter called Ouch that Holleran sends to most everyone he knows, professionally and personally.
He also assures that when working with TCU, every customer is in safe hands.
“TCU has a commitment to security,” he said. “We have a fully staffed security team. We made a major commitment in saying that security is important and we're going to back that up with our actions.”