Taking Cyber Security Seriously: Steps to Stay Safe On the Web & On the Go

Regardless of whether or not you’re regularly using digital and online products and services, cyber criminals (aka the “bad guys”) are. That’s why it’s critical to stay on your A-game in order to protect yourself and your loved ones from threats to your identity and financial security.

Not sure where to begin? Not to worry. We’ve got you covered with a commonsense approach to cyber security in a digital world.

The most common forms of cyber threats include:

• Social Engineering

• Phishing

• Ransomware Attacks

Social engineering is when someone tricks you into giving them access to your computer or personal information. It's a way of using psychology to manipulate you into making mistakes with your security, or sharing private details.

Phishing is a trick where the bad guys try to get you to share important information or download harmful software. They often do this by sending you an email with a link, or through text. When you click on that link, it might take you to a fake website designed to steal your login details for sites like Google or Facebook, or it could install dangerous programs on your computer.

***DON’T BE FOOLED BY CAPITAL LETTERS, EXCLAMATION MARKS, BOLD WORDS, AND DEADLINES. Bad guys will often use these and other scare tactics to prompt an impulsive response.

For example, imagine you receive an email that looks like it's from your financial institution. It says there's a problem with your account and asks you to click a link to fix it. When you click the link, it takes you to a fake website that looks just like your financial institution’s site. If you enter your login information there, the scammer can steal it and access your real bank account.

Ransomware is a type of harmful software that locks you out of your computer by scrambling your files so you can't open them. The person behind the attack will then ask you for money to get the “keys” that will unlock your files. These attackers often create a sense of urgency, pressuring you to pay quickly before a deadline.

For example, imagine you’re working on an important project on your computer and suddenly all your files become unreadable. A message appears on your screen saying that your files are locked and if you want to get them back, you need to pay a specific amount of money within 48 hours. If you don’t pay, they threaten to delete your files forever.

***If you become the victim of a ransomware attack, it’s important to remember who you’re dealing with. The person on the other end can’t be trusted to play fair. Paying a ransom does NOT guarantee you’ll regain access to your files. Plus, it may set you up as a target for follow-up attacks. If you become the target of a ransomware attack, do not engage. Report the attack to CISA (Cybersecurity & Infrastructure Agency), your local FBI field office, the FBI Internet Crime Complaint Center (IC3), or your local U.S. Secret Service field office.

Tips for Your Passwords:

• Start Strong: a good password should contain 12 characters with at least 1 uppercase, 1 lowercase, 1 symbol, & 1 number. It should NOT contain any personal information. You should change your password every 90 days to something entirely new (not Password1, Password2, etc.) Don’t write your passwords down or save them in a digital file, and don’t use the same password for more than one system or website.

• Step by Step: Use Multifactor Authentication (MFA) to increase your password security by requiring an attacker to know your password AND have access to an additional device you control, like your cell phone. Apps like Google and Microsoft Authenticator, as well as Authy, are available for download. Text-based MFA is also an option, though somewhat less secure than using an MFA app.

• Helping Hand: Use a password manager app or desktop solution to save passwords in a secure environment. We suggest “1 Password,” “Bitwarden,” and “KeePass.”

Avoid Becoming Target Practice:

• Don’t advertise your location on the internet (save your vacation pictures post for later!)

• Don’t publish personal information (like your home address, email, etc.)

• Don’t publish decision-making skills or processes (it gives hackers a hint inside your brain!)

• Don’t visit questionable sites

Remember, staying informed is your first line of defense against cyber criminals. If you have any questions about communications from SPC, ASK before you ACT! Call us at 843-332-4506, email inquiries@spccu.org, or visit one of our branches in Hartsville, Darlington, Florence, Bennettsville, or Cheraw.