Security | Cybersecurity Month 2023

While there are many ways you can help protect your personal information, implementing these six security measures would be a great place to start:

Multi-factor authentication, or MFA, is a security protocol that adds a layer of complexity to account access. A password is just one method for authentication, and – for added protection – many online accounts now require more than a single method. The use of username and password credentials is considered the first authentication. Years ago, that was considered secure enough. However, over time, as hackers have improved their ability to decipher usernames and crack passwords, the invention and application of new methods have led to two-factor authentication (also known as two-step verification):

• Automated text messages and emails that contain a specific code for one-time use
• Fingerprint scans
• Face recognition
• Custom security question options that go beyond “What’s your mother’s maiden name?”
• A standalone security app on your phone or computer that notifies you whenever someone attempts to log into your account
• A standalone app, like VIP Access, that generates a time-based security code that only you can access
• A secure item like a physical key or a key fob that identifies you as the authorized individual.
  
  

For years, The National Institute of Standards and Technology (NIST) at the U.S. Department of Commerce, the part of the government concerned with promoting American innovation and industrial competitiveness, has studied the growing cybersecurity threat posed by hackers. According to their experts, long passwords - longer than is typical - are more important than people think in securing your login credentials. They recommend creating passwords with a minimum of 12 characters that include numbers, a random mix of upper- and lower- case letters (no words), and special characters (as allowed by each individual platform). Length and complexity work hand in hand to help make a password so difficult to hack that, sometimes, it just isn’t worth the effort.

While we all have many accounts and each one needs a password, using the same one repeatedly is asking for trouble. Once the password is cracked, hackers can access many or all of your accounts, leading to potential disaster. As it does the remembering for you, using a password manager to store passwords, and apply your username and password data, can be a great asset. These software applications also allow you to manage your passwords in a secure location. The password manager encrypts your data and secures it behind a single, master password. The information is scrambled using mathematical algorithms and ends up useless without the key to unscramble it: the master password.

The benefits of a password manager may include:

• Encrypted passwords
• Prompts that encourage you to follow best practices for password creation
• Freedom from the hassle of remembering passwords
• Notifications of potentially fraudulent access or phishing attempts
  
  

Why is it so important to keep your software updated? By not running regular updates, problems and vulnerabilities discovered and solved over time will remain unsolved on your device, leaving you unprotected. Even when solutions are found, they do you no good if they are not installed.

Updating is easy. You can update manually by checking to see if updates are available. However, it is much easier to simply set your device to look for updates automatically. Your computer can identify and implement updates the moment they are released, on particular dates, or even each time your machine is turned on.

It’s important to procure the updates directly from the original source, and not from some unknown third party. For example, to update antivirus protection, download it from the company from which it was purchased or through the App Store or Google Play on your mobile device. Also, never download unlicensed programs or apps. It’s a sneaky little method hackers use to distribute illegal items that can install vulnerabilities into your device.

Phishing is when cybercriminals create lookalike websites, fake emails, social media posts, and other methods to pose as trusted entities and trick you into clicking malicious links or opening dangerous attachments. Suspicious emails and text messages like these are all too common:

• Payment due notices from the IRS
• Order confirmation requests
• Appeals for information
• Acceptance or authorization required to receive fake prizes, gifts, or purchases
• Warnings about pretend security issues that need your attention 

The best defense against phishing attacks is to be skeptical and scrutinize all communications. Signs of a phishing email can be obvious or subtle, but once you’re able to recognize a phishing attempt, you can avoid falling for it. Before acting on a communication, it’s important to verify that the apparent sender is indeed who they say they are. Warning signs to look for include:

• Style details that stray from the norm, like an odd greeting or atypical writing style
• Misusing words
• Inconsistencies buried in the email address, links, or domain names – for example, receiving an email from Amazon but the link is www.Amason.com.in
• Unknown attachments
• Spelling or grammar errors
• Requests for login credentials, payment information, or sensitive data

If you’re the target of a phishing attack, don’t reply, click the links, or open the attachments. If the communication arrived on a work device, report it immediately to your superior or the IT department. If it’s a personal message from what appears to be a legitimate source, never hesitate to confirm its veracity with the company in question. Always refrain from clicking on email unsubscribe links as it just lets the criminal know that the email is active.

Phishing is, of course, illegal. If you suspect a phishing attack, you can report it to the Federal Trade Commission and also pass the information along to the Anti-Phishing Working Group. This international group of counter-cybercrime experts collects, analyzes, and distributes data about cybercrime from around the world. They also use their expertise and data to offer solutions to the continuing issue of global internet crime.

Here at First Northern Bank and Trust, we are committed to helping our customers protect themselves from fraud. If you have questions, please call 1-800-344-2274 and we’d be happy to discuss your concerns.