We can do nearly everything online these days: order groceries, pay bills and even invest in the stock market. All of that convenience and buying power at our fingertips makes it easy to get things done, but using personal data online (like credit card numbers) also means it’s a good idea to educate ourselves on how to protect our information. And that’s where cybersecurity comes in.
For the average person, cybersecurity is about making sure your personal data doesn’t get in the wrong hands. But it also includes other practices like keeping companies’ intellectual property protected, helping track down hackers and detect leaks, and a lot more. To be honest, we could write an entire book on this topic. For the purposes of this article, though, we’ll stick to the information most relevant to you.
Ahead, we’ll cover what cybersecurity is in more detail and the different ways that you can (and should) protect your information. Considering how much we use our various devices and the internet these days (are we ever not plugged in at this point?) it can be helpful to know there are ways to keep using your devices while also protecting your sensitive information. We’ll share a few easy steps you can take to help keep your information secure when you log in online or download an app.
You might already know what cybersecurity is, but as a jumping-off point let’s address the textbook definition. Cybersecurity is essentially the practice of protecting your information from unauthorized access and/or criminal use on the internet, as well as ensuring confidentiality, integrity, and availability of that information. And in perhaps more relevant terms - have you ever gotten a computer virus (who hasn’t?) or clicked on a pop-up that then crashed your computer? Following cybersecurity best practices can help protect you when it comes to those things.
Beyond computer viruses, cybersecurity also deals with other serious issues like having sensitive information stolen, or even crimes being committed using your personal network. No one wants to find themselves in any of these situations – while there’s no guaranteed way to avoid these risks altogether there are things you can do to help mitigate some of the risks.
You’re probably already familiar with some of the common cybersecurity tactics – like logging into an account with a unique username and password – but we’ll cover additional important (and often easy) things you can do to continue using your devices later on.
Before you start panicking about having to come up with a hardcore defense strategy, take a deep breath. You’re likely already taking steps to stay protected. Maybe you’re even doing all of the things we’re about to discuss (in that case – good for you!) or maybe you’d just like to feel more comfortable surfing the internet or using your bank’s mobile app. Whatever the case may be, here are some steps you can take to protect your identity and sensitive information online.
Yes, this is painfully obvious, but we’re going to say it anyway – never share your personal information when responding to any unsolicited phone calls, emails, or text messages. If we’re being honest with ourselves, is there ever a situation where you should share your Social Security number, credit card information, and any personal identifying information (e.g., your date of birth) with a stranger? Probably not.
Some helpful tips for figuring out if the source is reputable or not includes looking closely for any obvious typos or grammatical errors (if it’s an email or message), and even searching the company or individual’s name to see if it comes up as reputable or not. In the case of a phone call, if you’re uncertain you can always end the call and then call the actual company directly to verify the information. You can also ask the caller for specific details, such as a call back number or supervisor name. In any situation, do not give any personal information out if you’re not positive it’s a legitimate source.
One of the easiest ways to protect yourself is to have a strong password (strong being the key word). Simple passwords, like Password1234 or one that includes personal info like your name or name of your children, can make gaining access to your computer and data easy. Use complex passwords with a mix of uppercase and lowercase letters, as well as numbers and symbols. You could also consider using a passphrase, which can be a series of random words or a sentence. Passphrases can be easier to remember and are generally longer than a normal password for added security.
It’s also a good idea to vary passwords across different websites and profiles and change them frequently. Again, you’re probably already aware of that, but there are still a lot of people out there who aren’t doing these things. After all, it’s easier to remember our passwords if we always keep the same, right? Which also means it’s easier for others to guess them and/or hack into your accounts.
MFA goes along with protecting yourself from the password stage, and can be a helpful additional step to verify your identity if you have access to it. Not all apps and software have the option for MFA, but if yours do, it’s worth taking advantage of. If you haven’t used it before, MFA works by using at least two different components to verify someone’s identity and grant access during login. This can help you feel better about the danger of compromised passwords by adding an additional layer of security.
Have you ever been surfing the web and received a pop-up with a sale offer that seemed too good to be true? Well, there’s a fair chance you’re right in being suspicious – it could very well be a phisher. Phishers masquerade as trustworthy sources in order to convince someone to hand over sensitive information. Phishing scams often use text messages, emails, and even phone calls to pose as a reputable source and ask for your Social Security number, account numbers, and passwords. They can then access your bank accounts, email, and other sensitive information.
Common messages you might receive from a phisher include emails or texts saying there’s been suspicious activity on one of your accounts and asking you to verify your account info. They also may include links to make payments, say you’re eligible for a government refund, or even offer promotions for free things. (As tempting as it may sound, it’s best to resist!)
Alright we’re halfway through – still with us? We know this can be a bit daunting, but being informed can go a long way in keeping yourself protected online.
We’re used to seeing the pop up window prompting us to install the latest software updates. And there’s also a chance we typically ignore them, or hit the “remind me later” option (not just us, right?). Well as it turns out, as annoying as they sometimes seem, those updates are pretty crucial to keeping our information secure . Keeping your software up to date is one of the easiest ways to protect yourself against hacking. Software patches (aka software updates) often address security vulnerabilities, and sometimes have an option to update automatically. It’s a good idea to enable these automatic updates if available (one less thing to have to remember, right?).
Today’s hackers can automatically scan thousands of computers at a time looking for vulnerabilities and security holes. That makes individuals easy targets for hackers – not just big companies with fancy IP (intellectual property) to steal like you see in the movies.
It’s also worth mentioning that if you don’t already utilize anti-virus software, that can be a helpful layer of protection as well. Anti-virus software works to prevent and remove malware on your computer. However, anti-virus software isn’t a Band-Aid for all cybersecurity risks and should be viewed as an additional step to protect your information rather than a cure-all.
This might be another thing you’re already utilizing, but it’s worth mentioning because one of the biggest threats to cybersecurity and your personal info is malware (think computer viruses). And that’s where having a firewall installed can help. There are two types of firewalls: hardware and software.
Pros: you may be able to control the internet websites that your computer is allowed to send and receive information from (so basically, you can get specific about where information can and can’t be accessed).
Cons: typically located on the same system that is being protected, so if the system does get hacked it’s possible for the software to be disabled as well.
Pros: provide additional line of defense against attacks on desktop-computing systems.
Cons: a separate device that requires a trained professional to support it (in terms of the initial installation and any maintenance).
You can use both hardware-based firewalls and firewall software. And if you only use one, that’s great too! It’s more important that you use a firewall at all than what type you use.
As convenient as it is to use free Wi-Fi at coffee shops, hotels, airports and so on, they’re not always the most secure connections. There’s a chance that when you connect to a public Wi-Fi network and send information through a website or app, that info could be accessed by someone else who’s also connected to the network.
You might be thinking “how am I supposed to know if a site is encrypted or not?”
Pro tip: look for “https” at the start of the URL of any site you’re visiting. The “s” at the end stands for “secure.” However, sometimes sites can be sneaky: the homepage might be secure but not necessarily the entire site (so if you’re jumping around page-to-page, be sure that “https” is there the whole time).
Unfortunately, mobile apps don’t have the “https” like you’d see when you’re on desktop or laptop. If you’re using a public network, it might be a good idea to avoid using any apps that require your personal or financial information. Stick to visiting those when you’re at home or using a private network you know is secure.
There’s more to protecting your home Wi-Fi network than just keeping your neighbors or strangers on the street from getting free internet. Just like using a public network can put your information at risk of being accessible, people who have access to your home network also potentially have access to your information, too. Not only could they dig up your passwords and other sensitive information, if someone gains access and uses your network to commit a crime , it can be traced back to your network and address.
To protect your home network, change your router name from the default to something only you know. Also be sure to change your router’s pre-set password and use long, complex passwords with a mix of upper and lower case letters as well as numbers and symbols.
It can certainly feel overwhelming to have to think about all of these different ways to protect yourself against cyber-attacks. Not to mention, the thought of having your personal information stolen is frightening! But for some parting thoughts, here are some key points to keep in mind:
This article is for informational purposes only and is not a substitute for individualized professional advice. Individuals should consult their own tax advisor for matters specific to their own taxes and nothing communicated to you herein should be considered tax advice. This article was prepared by and approved by Marcus by Goldman Sachs, but does not reflect the institutional opinions of Goldman Sachs Bank USA, Goldman Sachs Group, Inc. or any of their affiliates, subsidiaries or division. Goldman Sachs Bank USA does not provide any financial, economic, legal, accounting, tax or other recommendation in this article. Information and opinions expressed in this article are as of the date of this material only and subject to change without notice. Information contained in this article does not constitute the provision of investment advice by Goldman Sachs Bank USA or any its affiliates. Neither Goldman Sachs Bank USA nor any of its affiliates makes any representations or warranties, express or implied, as to the accuracy or completeness of the statements or any information contained in this document and any liability therefore is expressly disclaimed.