Tag Archives: Cyber Security

Google Knows Your Location | CNET

Posted on by

If you use any Google app, your location and data history might be stored.

You think that you’ve turned off your location history and tracking on your Google account, so now your. But, hold on.

While disabling that setting sounds like a one-and-done, some Google apps are still storing your location data, as explored in a 2018 investigation by the Associated Press.

Fortunately, Google has made it easier to control what location and other data is saved, and what is deleted with features like Your Data in Maps and Search, which give you quick access to your location controls, according to CNET.

How to turn off Google’s location tracking 

To completely shut down Google’s ability to log your location, here’s what to do:

  1. Open up Google.com on your desktop or mobile browser. 
  2. At the top right, log into your Google account if you aren’t already.
  3. Select Manage your Google Account.
  4. In the Privacy & Personalization box, select Manage your data & personalization.
  5. Scroll down to the Activity Controls, and select Manage your activity controls.
  6. There you’ll see a box called Web & App Activity. From there, you can slide the toggle switch to off. 
  7. There will be a disclosure to ensure you understand what disabling this setting will do before you select Pause.

References:

  1. https://www.cnet.com/tech/services-and-software/google-always-knows-where-you-are-heres-how-to-turn-that-off
  2. https://apnews.com/article/north-america-science-technology-business-ap-top-news-828aefab64d4411bac257a07c1af0ecb

Investing in Edge Computing: Cloudflare

Posted on by

Cloudflare’s platform helps clients secure and accelerate the performance of websites and applications. Motley Fool

Cloudflare (NYSE:NET), which completed its IPO in 2019, is a software-based content delivery network (CDN) internet security company that uses edge computing to protect against cybersecurity breaches. The whole premise of edge computing is to bring the access points closer to the end users. Cloudflare has access points at over 200 cities throughout the world, and they claim that 99% of Internet users are close enough that they can access the network within 0.1 seconds or less.

This internet infrastructure company manages the flow of information online and therefore plays an important role in migrating data from the cloud to the edge. Its platform helps clients secure and accelerate the performance of websites and applications. And, it offers myriad security products and development tools for software engineers and web developers.

The public internet is becoming the new corporate network.

Cloudflare is a leading provider of the network-as-a-service for a work-from-anywhere world. Effectively, the public internet is becoming the new corporate network, and that shift calls for a radical reimagining of network security and connectivity. Cloudflare is focused on making it easier and intuitive to connect users, build branch office on-ramps, and delegate application access — often in a matter of minutes.

No matter where applications are hosted, or employees reside, enterprise connectivity needs to be secure and fast. Cloudflare’s massive global network uses real-time Internet intelligence to protect against the latest threats and route traffic around bad Internet weather and outages.

Edge computing

While cloud computing houses data and software services in a centralized data center and delivers to end users via the internet, edge computing moves data and software out of the cloud to be located closer to the end user.

Edge computing reduces the time it takes to receive information (the latency) and decreases the amount of traffic traveling across the internet’s not-unlimited infrastructure. Businesses that want to increase the performances of their networks for employees, customers, and smart devices can take advantage of edge computing to bring their apps out of the cloud and host them on-site either by owning and using networking hardware or paying for hosting at localized data centers.

The company recently launched Cloudflare One, a network-as-a-service solution designed to replace outdated corporate networks. Cloudflare One acts as a secure access service edge (SASE). Rather than sending traffic through a central hub, SASE is a distributed network architecture. This means employees connect to Cloudflare’s network, where traffic is filtered and security policies are enforced, then traffic is routed to the internet or the corporate network.

This creates a fast, secure experience for employees, allowing them to access corporate resources and applications from any location, on any device.

Enterprise accelerating growth

Cloudflare has gained hundreds of thousands of users with a unique go-to-market strategy, according to Motley Fool. It launches a new product for free (with paid premium features) to acquire lots of individual and small business customers and then markets its new product to paying enterprise customers.

Cloudflare has created a massive ecosystem that it can leverage to land new deals and later expand on those relationships. It’s what makes this company a top edge computing pick since businesses and developers continue to flock to the next-gen edge network platform.

There is increased risk associated with a small-cap, pure-play edge computing company like Cloudflare.

References:

  1. https://www.fool.com/investing/stock-market/market-sectors/information-technology/edge-computing-stocks/
  2. https://www.cloudflare.com
  3. https://www.fool.com/investing/2021/06/17/forget-amc-this-growth-stock-could-make-you-rich/

The Secret Password’ is key 

Posted on by

As aspects of our lives continue to move to digital spaces, it’s more important than ever to make sure you are taking the right steps to protect yourself. No matter the type of online account, your first line of defense is often your login password.

1. LONGER IS STRONGER
The longer and more complex you make your passwords, the stronger they’ll be in the long term. Short, simple passwords are often much easier for hackers to crack. Aim for at least 8-12 characters, and consider these other basic guidelines for how to create strong passwords:

  • Use a combination of upper and lower case letters, numbers and symbols.
  • Avoid easy, simple phrases like “Password123” and never use personal information (birth dates, pet names, etc.)
  • Random is better: pick a strange phrase and replace letters with numbers or symbols where you can. Have some fun with it!

2. CYCLE PASSWORDS OFTEN
Larger companies like Google and some financial institutions often prompt users to change their passwords after a certain period of time. A good rule of thumb is to rotate passwords at least every six months. It might feel like a chore to go through every single online account. But when you’re considering sensitive personal and financial information, what’s an extra 15 minutes twice a year to protect yourself?

3. NEVER USE THE SAME PASSWORD FOR MULTIPLE ACCOUNTS
We’ve all been guilty of it. You craft one really strong password and decide to use it for every account. Sure, it’s convenient and may help you save time during your day. But, in the event of a breach, it’s not just one account you have to worry about. By not taking the time to create multiple passwords, you’re leaving your entire digital identity at risk by the right hacker.

4. USE A PASSWORD MANAGER
With so many different passwords for each online account, it can be difficult trying to keep track of them all. However, you should never write your passwords down. Even if you think your home or office is safe, all it would take is for you to lose the slip of paper or notebook and suddenly all of your accounts are at risk. With an encrypted password manager you can house all of your passwords on a single, private and secure server. Just make sure to never forget the master password! And be sure to follow the same tips to make sure it is as strong as possible.

5. ENABLE TWO-FACTOR AUTHENTICATION
Some of your accounts may prompt you to enable two-factor authentication. It’s always tempting to click “remind me later” and put it off, but taking a few minutes can really go far in the long run. Two factor authentication adds an extra layer of protection, simply by verifying that you are who you say you are. Usually that comes in the form of a direct text message or email to confirm a login attempt. Again, it’s the simple, extra steps that can save you so much trouble.

Zoom Calls Aren’t as Private as You May Think | Consumer Reports

Posted on by

This year has been a challenging year for everyone, throwing just about everything into disarray and forcing people to change the way they live, work and play. Which is where where Zoom come in. Zoom has become one of the primary video conferencing software tools for conducting remote/virtual meetings.

Privacy concerns

Zoom seems to be the video conferencing tool that can do it all. Yet, Zoom does collect and share copious amounts of personal information and data about its users and doesn’t provide a lot of detail about how it’s used for advertising, marketing, or other business purposes, according to Consumer Reports. Users of video conferencing services such as Zoom and Ring Central should think about data-privacy concerns similar to other online platforms such as Facebook or Google.

Most people on Zoom calls don’t realize how much information the company and a host can gather. Depending on what tier of service—from a free option to advanced levels for big companies—a host can make a recording of the conference, have it transcribed automatically, and share the information later with people who aren’t in the meeting.

the free and low-cost versions are also being used by individuals for everything from therapy sessions to video lessons with guitar legends to informal gatherings.

Look at the privacy issues from two perspectives. The first thing to understand is what information Zoom itself can collect, and what it can do with the information. Then there’s the information that the meeting host gets and how it can be shared.

Individuals can take some measures to safeguard their privacy by changing the way they use the service. But Consumer Reports’ advocates say that Zoom should also improve the platform’s privacy practices.

Zoom’s privacy policy is similar to many digital platforms’, claiming the right to collect and store personal data, and share it with third parties such as advertisers.

In Zoom’s case, that extends to what the company calls customer content, or “the content contained in cloud recordings, and instant messages, files, whiteboards … shared while using the service.”

Videos aren’t off-limits, according to the document, and neither are transcripts that can be generated automatically, the documents you share on your screen, or the names of everyone on a call.

Your instant messages and videos could be used to target advertising campaigns or develop a facial recognition algorithm, like videos collected by other tech companies “Zoom isn’t necessarily doing anything users would object to” with the data, says Bill Fitzgerald, a Consumer Reports privacy researcher who analyzed the company’s policies. “But their terms of use give them a whole lot of leeway to collect information and share it, both now and in the future.”

Zoom Hosts

Zoom video conferences are started by what the company calls a “host.” Unlike other services you may have used, Zoom provides the host with rights that might not be immediately apparent to other participants.

A Zoom host can be someone you know, like a friend, an employer, a client, a school official, or a relative stranger from a social gathering. “Zoom puts a lot of power in the hands of the meeting hosts,” says Justin Brookman, director of privacy and technology policy at Consumer Reports. The host has more power to record and monitor the call than you might realize if you’re just a participant, especially if he or she has a corporate account. There are a few things you should know when you’re on a call.

When the video is being recorded, a small red button pops up along with the word “recording” in small type. If a host records a conference, the video could be passed around the same way any video makes the rounds on social media. For that reason, Consumer Reports is recommending that Zoom require participants to click on a consent button before recording can begin. Zoom already has this feature available, but it’s off by default.

Zoom provides hosts with a feature that appears quite intrusive. The host can turn on “attention tracking” to monitor whether any participant clicks away from the Zoom window for more than 30 seconds while a screen is being shared.

CR’s and other online privacy experts have some advice for enhancing your privacy while using Zoom.

  • Keep your camera and mic turned off unless you’re actually speaking. If you feel that you need to have the camera turned on, choose a photo as the background for your video.
  • Do not use Facebook to sign in since it is a poor security practice and dramatically increases the amount of personal data Zoom has access to.
  • Keep your Zoom app updated.
  • Prevent intruders and Zoombombing on your calls: Before you set up a public Zoom call, go to Settings and turn Screen Sharing to “Host only,” disable “Join Before Host,” disable “Allow Removed Participants to Rejoin,” and disable “File Transfers.” If practical, you should also protect your conference call with a password.

References:

  1. https://www.consumerreports.org/video-conferencing-services/zoom-teleconferencing-privacy-concerns/
  2. https://protonmail.com/blog/zoom-privacy-issues/

Online Security

Posted on by

With more people than ever shopping online this holiday season, scams are an even bigger risk.

Always look for the little lock symbol or “https” is the web address. That lets you know your traffic to and from the webpage is encrypted. Encryption is standard these days for any kind of e-commerce site. If you don’t see it, it could mean you’re on the wrong site, according to Consumer Reports.

It’s more important than ever to use strong passwords

A strong password isn’t always enough to keep your personal and financial information safe. Many security experts recommend safeguarding your accounts with another layer of defense, namely multifactor authentication (MFA…aka two-factor authentication).

When you turn on MFA, which is available for financial sites, social media sites, and many others, you need a second factor in addition to your password to log in. That way, if a hacker gets your password, they still won’t be able to access your account. Probably the most common way to use MFA is to have the site send you a text message with a code that you enter into a pop-up box.

To beef up your password security, many experts recommend using an authentication app.

Cut down on data collection and prevent hackers from invading your laptop, tablet and even your phone. To do a thorough digital cleanup, there’s a free wonderful tool called #SecurityPlanner developed by internet watchdog group @citizenlab, now run by @ConsumerReports:

  • Safely backup files
  • Browse online without tracking
  • Avoid phishing scams
  • Prevent identity theft

https://twitter.com/manjaselva/status/1331366229840424967?s=21

References:

  1. https://www.consumerreports.org/digital-security/use-authentication-apps-for-multifactor-security/?EXTKEY=YSOCIAL_TW

Cyber Security for Small Business – Social Engineering

Posted on by

Social engineering is a cyber criminals favorite way to manipulate and attack small businesses

Small businesses remain extremely exposed to cyberattacks. And, cybersecurity remains one of the primary operational risks for most small businesses . Similarly, many small businesses demonstrate problematic cybersecurity practices in their daily operations.

Almost 60 percent of business executives report an increase receipt of suspicious email over the past year, proving an increasing cyber concern for small businesses. Adapting new technology system without proper knowledge or preparation is another problem of small businesses that may lead to preventable problems like small business owners that may refrain from two-step factor authorization during password setups on a site.

To avoid becoming a victim,  it is important for small businesses to implement proper security measures. From consequences that unpreparedness can bear to reasons behind small businesses as targets, prioritizing cyber-security is extremely critical as hackers get much smarter and more determined.

Cyber security weakest link

People are the weakest link when it comes to cyber security, which is why psychological manipulation of cyber attack victims is so common. Phishing scams, for instance, is an effective form of social engineering in email format that can be sneakily disguised as arriving from legitimate sources. This can fool employees into clicking a virus-filled link.

Social engineering is the psychological manipulation of people into performing actions or divulging confidential information. This is used to gather information, initiate cyber fraud, or gain unauthorized IT system access.

Preventing an attack

For small businesses, there are plenty of ways on preventing cyber-attacks – from enforcing simple measures or hiring specialized teams to stay alert on the issue. Along with employing IT teams/specialists, training workers on the current dangers of cyber-security is a necessity as it can avert various issues (such as phishing scams as mentioned earlier). Installing security software and investing in proper cyber-security insurance is also vital in securing businesses from these attacks.

With the extent of small business being large targets for attackers, acquiring proper cyber-security is becoming increasingly important and a necessity, particularly in 2020. As small businesses adopt remote work methods, risks and dangers arise, proving that implementing proper precautions like an IT team or training results to be beneficial.

There are many effective practices that small businesses can implement to address selected cybersecurity risks while recognizing that there is no one-size-fits-all approach to cybersecurity. It is recommended that small businesses consider implementing the following effective practices:

  • Developing identity and access management protocols for staff, including managing the granting, maintenance and termination of access to business and customer data;
  • Limiting access only to their own customers’ data and related reports;
  • Setting minimum password requirements and multi-factor authentication for access to systems and applications employees, vendors, contractors and other insiders;
  • Prohibiting the sharing of passwords among firm staff;
  • Prohibiting the storage of sensitive customer or data in unapproved or prohibited locations (e.g., a file server, cloud provider or thumb drive and without encryption or transmitted without encryption);
  • Establishing minimum encryption standards for all hardware used to access firm systems, including laptops, desktops, servers, mobile devices and removable media devices;
  • Requiring adherence to minimum encryption standards for data-in-transit, such as emails and file transfers that include customer sensitive information;
  • Ensuring only secure, encrypted wireless settings for office and home networks;
  • Maintaining regular patching, anti-virus protection, anti-malware and operating system updates for all computers and servers that access data in a manner that is consistent with industry standards;
  • Developing physical security protocols for all portable devices used to access data and systems, including laptops and mobile devices;
  • Mandating all vendors meet business’ security requirements, especially if the data or other sensitive information will be accessed or maintained by the vendor; and
  • Creating processes and selecting approved vendors for the secure disposal of hard copy records and firm computer hardware (e.g., hardware listed in the firm’s inventory) that may contain sensitive information.

References:

  1. https://cyber-security.mytechmag.com/cyber-security-for-small-businesses-is-important-now-1379.html
  2. https://www.pcworld.idg.com.au/article/636083/10-alarming-cybersecurity-facts/#:~:text=%2010%20alarming%20cybersecurity%20facts%20%201%20There,are%20more%20than%203%20billion%20active…%20More%20

Cyber Security Checklist

Posted on by

Working Together to Prevent Fraud and Protect Your Financial Data

Threats to your cyber security are constantly growing.  Most organizations have systems in place to protect you, but you can take steps on your own to fight hackers.

Even with tremendous investments in cyber security, the most prevalent way for hackers and fraudsters to gain access is to exploit human behavior through social engineering or simply uncovering information that hasn’t been well protected by a consumer.

It’s hard to keep up with all your accounts and your distributed digital footprint. Following a simple cyber security checklist can help you avoid becoming an easy target for hackers and fraudsters.

1. Use strong passwords and protect them

  • Create long passwords that contain symbols, numbers, and uppercase and lowercase letters
  • Don’t store your passwords anywhere
  • Don’t reuse or recycle your passwords
  • Don’t share your passwords with anyone
  • Change your passwords using a randomly generated schedule
  • Ensure that your passwords bear no resemblance to former passwords 

2. Opt in to multifactor authentication where available. Multifactor authentication requires additional verifying information to grant access to an account. This gives your accounts an added layer of security. Multifactor authentication can include:

  • SMS or email notifications 
  • Biometric identification 
  • Tokens

3. Avoid links from unknown sources in text, email, instant message, social media and websites

  • Be suspicious of any message that asks you to provide personal information. Banks never uses emails or text messages to solicit your personal information.
  • Hover your mouse over hyperlinks to inspect their true destination
  • Make sure you’re on the right site before entering personal information—such as your name, address, birth date, Social Security number, phone number or credit card number
  • Report suspicious email that claims to be from financial institutions to the financial institution
  • Learn as much as you can about phishing

4. Limit what you share on social media and who can view your profile

You should protect the following information in particular:

  • Your birthdate 
  • Your street address
  • Geotagged photos 
  • The time you’re away on vacation

5. Secure your devices

  • Always keep your device’s software updated (use the latest operating system and browser versions available)
  • Download apps from trusted app stores 
  • Turn off Wi-Fi/file sharing/AirDrop options when not in use 
  • Avoid working with personal or sensitive data when you’re using unsecured, public Wi-Fi

6. Secure your important documents

  • Protect your Social Security cards, passports and birth certificates by storing them in a secure place such as a safe deposit box, and only carry them when you need them for a specific purpose. 
  • This information can be used by an identity thief to commit fraud like taking over your financial accounts, opening new loans and credit cards, and establishing utility services in your name.

7. Shred documents containing personal/financial information

  • When you’re done reviewing your paper documents like your receipts, financial statements, or credit card bills, put them in the shredder instead of the trash.

8. Order your credit report annually from each credit bureau

  • Best practice: Order a free copy once a year from AnnualCreditReport.com and from a different bureau (Equifax, Experian, TransUnion) every four months so that you’re always covered.

9. Keep your contact information up to date.

  • Update your email, mobile phone and mailing address.

10. Opt in to security alerts, and promptly respond to the notifications you receive

  • If you haven’t done so already, set up alerts to keep tabs on your account.

 

References:

  1. https://www.bbt.com/education-center/articles/cyber-security-checklist.html
  2. https://www.finra.org/compliance-tools/cybersecurity-checklist

Cyber Security: Recognize Social Engineering

Posted on by

Social engineering is highly successful because the cyber criminals make their work look and sound legitimate, sometimes even helpful, which makes it easier to deceive users. 

Large companies, like Equifax and Home Depot, are often the target of the most sophisticated and large-scale cyberattacks, but attacks aimed at small businesses can be equally as devastating. Some of the most common social engineering threats include phishing emails, texts or phone calls and malware.

Stay vigilant to social engineering

Small businesses need to do more to protect their IT systems against growing cyber threats. Larger companies have taken significant steps and dedicated significant resources to secure their systems.  As a result, less cyber secure small businesses have become easier targets for cyber criminals.

95% of cyber security breaches are due to human error!

Most small businesses and organizations lack the resources to hire dedicated IT staff and incorporate basic cyber security processes to protect their business, information and customers from cyber threats. Even a small business with one computer or one credit card terminal can benefit from strengthening their cyber security protocols.

Image

Social engineering is used by many criminals, both online and off, to trick unsuspecting people into giving away their personal information and/or installing malicious software onto their computers, devices or networks.  Social engineering is a psychological attack where an attacker tricks you into doing something you should not do through various manipulation techniques. Think of scammers or con artists; it is the same idea. However, today’s technology makes it much easier for any attacker from anywhere in the world, to pretend to be anything or anyone they want, and target anyone around the world, including you.

Social engineering is successful because the cyber criminals are doing their best to make their work look and sound legitimate, sometimes even helpful, which makes it easier to deceive users.  A 2014 IBM study revealed that human error was the primary reason for 95% of cybersecurity breaches.

Most offline social engineering occurs over the telephone, but it frequently occurs online. Information gathered from social networks or posted on websites can be enough to create a convincing ruse to trick your employees. For example, LinkedIn profiles, Facebook posts and Twitter messages can allow a criminal to assemble detailed dossiers on employees. Teaching people the risks involved in sharing personal or business details on the social media can help you partner with your staff to prevent both personal and organizational losses.

Many criminals use social engineering tactics to get individuals to voluntarily install malicious computer software such as fake antivirus, thinking they are doing something that will help make them more secure. Fake antivirus is designed to steal information by mimicking legitimate security software. Users who are tricked into loading malicious programs on their computers may be providing remote control capabilities to an attacker, unwittingly installing software that can steal financial information or simply try to sell them fake security software. The malware can also make system modifications which make it difficult to terminate the program.

The presence of pop-ups displaying unusual security warnings and asking for credit card or personal information is the most obvious method of identifying a fake antivirus infection.

Guard against cyberthreats

Here are 10 tips to help small businesses and organizations to guard against new and emerging cyberthreats:

  1. Develop or review your cybersecurity plan. An effective cybersecurity plan should include strong network security, encryption and authentication technologies. The FCC offers a free cybersecurity planner for small business owners.
  2. Use a firewall and antivirus software. Protect your internet connection by setting up a firewall and encryption. All computers should be equipped with antivirus software and antispyware. Set up automatic software updates on all company devices to ensure security fixes are in place.
  3. Secure your Wi-Fi network. Make sure your Wi-Fi network is secure with password-protected access to your router. Set up a separate guest account with a different password for customers or clients who need to access Wi-Fi, so they don’t have access to your main network.
  4. Protect your devices. Hackers can use a stolen laptop, smartphone or tablet to access your network. Maintain an inventory of equipment, and make sure your employees know to secure any company devices when not in use.
  5. Back up your data. Store data in several places, using off-site and cloud-based services. If you become a victim of a cyberattack, you’ll be able to restore operations quickly without having to pay for a ransomware decryption key.
  6. Strengthen passwords. Enforce strict company-wide policies for creating strong passwords, using different passwords for different applications and changing passwords on a regular basis.
  7. Educate employees. Develop an employee training program to ensure everyone understands security policies and procedures. Schedule refresher courses periodically to keep employees informed.
  8. Increase email security. Train your employees on how to spot a phishing attempt by paying close attention to URLs and reading emails carefully, even those appearing to come from a known sender. Ask them to avoid opening unknown or unexpected email attachments (especially compressed or ZIP files) or clicking on links.
  9. Separate your important data. Reduce the damage of a potential security breach by making sure your data isn’t all stored on one device or in one place. For instance, don’t keep your payroll information on the same device you use to process credit card payments. That way, if one of your devices is compromised, some of your data will still be safe.
  10. Implement an incident response plan. Documenting what to do in the event of a security breach—such as who to notify and where backups are stored—can save your organization valuable time in a crisis.

Cyber training and protocols can make a crucial difference in reducing or eliminating the number of cybersecurity breaches.

References:

  1. https://transition.fcc.gov/cyber/cyberplanner.pdf
  2. https://www.navyfederal.org/resources/articles/small-business/protect-your-business.php
  3. https://www.sans.org/security-awareness-training/resources/social-engineering-attacks/?utm_campaign=2020%20Social%20Media&utm_content=145945029&utm_medium=social&utm_source=twitter&hss_channel=tw-41655252
  4. https://www.ibm.com/developerworks/library/se-cyberindex2014/index.html#:~:text=IBM%20Security%20Services%202014%20Cyber%20Security%20Intelligence%20Index.,names%2C%20emails%2C%20credit%20card%20numbers%2C%20and%20passwords%E2%80%94were%20stolen.

Digital Pirates Are Hacking Brokerage Accounts | Bloomberg

Posted on by

“Cyber hacking has now become the biggest threat to investors’ financial well-being.”

Cybersecurity experts say the exponential rise in online stock trading on apps such as Robinhood has created a parallel opportunity for hackers. And even the most diligent traders can fall prey to the increasingly sophisticated tactics of today’s digital pirates.

According to the Financial Industry Regulatory Authority (FINRA), a government-authorized not-for-profit organization that oversees U.S. broker-dealers, cyber threats to brokerage firms are increasing and with these threats comes the increase risk of potential harm to investors. Dangers to accounts include email hack attacks, improper transfer or theft of customer assets, and misuse or even theft of customer data.

“Cyber hacking has now become the biggest threat to investors’ financial well-being,” said Andrew Stoltmann, a Chicago-based lawyer and former president of the Public Investors Advocate Bar Association. “Unfortunately, brokerage firms haven’t invested the money needed in order to keep cyber hacking of brokerage accounts from happening.”

The cyber threat

More believable “phishing” emails, said Jonathan Care, a research director who specializes in cybersecurity and fraud at Gartner, has aided in the hacking of accounts. Such missives might use personal information gathered from publicly visible social-media accounts. They may use the logos of financial institutions to look official to even the most discerning eye enticing unwitting investors may be baited into forking over their log-in information.

Other tactics take place in the background and make legitimate-seeming web activity risky. Some hackers set up WiFi networks in public places with monikers that sound credible — such as the name of a nearby business — which can in fact be used to take control of a system.

Malicious software installed on some machines can detect when users log into financial accounts and even make additional transactions they did not intended to authorize, Care said.

How to protect your brokerage accounts

Digital traders should change their passwords frequently, experts say, and avoid unfamiliar WiFi networks. They should be sure to have two-factor authentication enabled, which requires a secondary code to sign in.

But more than anything else, even savvy users could benefit from simply paying more attention to the flurry of emails, texts and other messages that flood their devices.

Recourse if hacked

Investors who think their accounts are compromised should immediately notify their brokers, who may be able to track down where funds were wired and reverse the transfer. After alerting their brokers, investors may also find it helpful to file a complaint with law enforcement. The most direct way to do that in the U.S. is with the FBI’s Internet Crime Complaint Center.

A common industry practice is to promise to cover 100% of losses as a result of unauthorized activity in a brokerage account. The sticking point, of course, is whether the company will rule the breach was indeed unauthorized or lay the blame on you. Since brokerage firms have a strong incentive to compensate consumers for losses.

“With most of these firms, the judgments are really reputational,” said Adam Fee, a former federal prosecutor in the Southern District of New York who is now a partner at Milbank, a law firm. “When something bad happens, they are asking, ‘Do we want a bunch of articles about how people are out money because we messed up and didn’t react?’”

Practice Cyber Safety

Your online security can be enhanced by doing your part to safeguard your brokerage accounts and personal financial information.

Sound cyber safety tips include using up to date firewall and anti-virus programs on your personal computer, as well as formally logging out of all online sessions related to your account once you are finished. If you use apps on mobile devices to access your financial accounts, be sure to password-protect your device—and make sure you select the highest security setting that the app offers (such as disabling quick access or keeping your account open even if you close the app).

Email awareness is essential. Cybercriminals use a variety of phishing techniques—scams that use spam email or a fake website to lure you into revealing your bank or brokerage account information, passwords or PINs, Social Security number or other types of confidential information.

Beware of emails that request personal information. And, don’t reply to, or click on a link in, an unsolicited email that asks for your personal information. When in doubt, log onto the main website of your bank, credit card company or brokerage firm using the website address that appears on your account statements or credit card—or call your firm using a telephone number you know is legitimate.

Stay Protected While Connected

The bottom line is that whenever you’re online, you’re vulnerable. If devices on your network are compromised for any reason, or if hackers break through an encrypted firewall, someone could be eavesdropping on you even in your own home on encrypted Wi-Fi.

You can protect yourself from online fraud:

  • Practice safe web surfing wherever you are by checking for the “green lock” or padlock icon in your browser bar— this signifies a secure connection.
  • When you find yourself out in the great “wild Wi-Fi West,” avoid free Internet access with no encryption.
  • If you do use an unsecured public access point, practice good Internet hygiene by avoiding sensitive activities (e.g., banking) that require passwords or credit cards. Your personal hotspot is often a safer alternative to free Wi-Fi.
  • Don’t reveal personally identifiable information such as your bank account number, SSN, or date of birth to unknown sources.
  • Type website URLs directly into the address bar instead of clicking on links or cutting and pasting from the email.

Read more: https://www.bloomberg.com/news/articles/2020-10-13/brokerage-account-hack-what-to-do-if-money-in-robinhood-other-apps-is-stolen?utm_campaign=news&utm_medium=bd&utm_source=applenews

STOP. THINK. CONNECT. ™

The STOP.THINK.CONNECT.™ Campaign is a national public awareness campaign aimed at increasing the understanding of cyber threats and empowering the American public to be safer and more secure online. Cybersecurity is a shared responsibility. We each have to do our part to keep the Internet safe. When we all take simple steps to be safer online, it makes using the Internet a more secure experience for everyone.

References:

  1. https://www.finra.org/investors/alerts/cybersecurity-and-your-brokerage-firm
  2. https://www.bloomberg.com/news/articles/2020-10-13/brokerage-account-hack-what-to-do-if-money-in-robinhood-other-apps-is-stolen?utm_campaign=news&utm_medium=bd&utm_source=applenews
  3. https://www.cisa.gov/stopthinkconnect
  4. https://www.cisa.gov/sites/default/files/publications/NCSAM_TheftScams_2020.pdf