When you wake up in the morning and reach for your phone, you’re logging into the digital framework we’re all embedded in: a connection of computers, phones, watches and other smart devices. This framework continues to grow as more objects and devices connect and those connections become smarter, faster and easier. Throughout your day, you probably don’t go anyplace where you’re not part of the digital framework, which includes applications (apps), email, the Internet, social networks and mobile devices as well as pacemakers, doorbells, insulin pumps and refrigerators are online now.
The numbers are staggering: Estimates suggest 3.8 billion people are now using the Internet, which is 51% of the global population1. Equally astonishing, 3 billion are social media users, and 5 billion own cell phones2. There’s no question the framework provides convenience and plays a growing role in our lives, but it also allows for increasing financial risks. Because people accustomed to constant online access may not fully understand these risks, never before has it been more important for everyone to protect their assets and identity from cybercrime and those who commit it. Attacks can come from anywhere. For example, a family noticed, during a routine check of a credit report, someone had purchased over 100 gift cards—each worth $150—and had given them away to people whose names they didn’t recognize. The hack occurred through a shopping app on a teenager’s smartphone when an item was purchased through a store’s Wi-Fi connection.
Think You’ve Been Hacked?
Do these 5 things immediately.
Change all your passwords.
Disconnect your computer from the Internet.
Scan your computer for infected files or malicious programs.
Contact a security expert, and request that credit agencies put out a fraud alert.
File a police report, including relevant notes and other documentation of the incident.
The family contacted Tania Neild, a cybersecurity consultant, to analyze and diagnose what had happened. In the process they learned some key preventative measures. With a Ph.D. in database integration, and who spent five years at the National Security Administration (NSA), Neild says family members usually have little idea about how much their daily online activities may be putting their assets at risk. This family in particular was victimized because they weren’t following some of the basic guidelines of cybersecurity.
"We worked backward to find out what happened," says Neild. "Were they on a public Wi-Fi? Yes. Were they conducting a transaction? Yes. Were they successfully processing the consequences? No." Neild said it was helpful to have the whole family in the room so they could work on the issue together. "This was a four-generation family," she says, noting that different family members had very different skill sets when it came to technology. "I had everyone from an infant to a great-grandfather in front of me, and although I had my work cut out for me, in the end, it was helpful to work as a team."
The ABCs of Cybersecurity
Educating family members about online risks is vital. Here are some basic first steps to better security.
Texting: Avoid texting private information, such as birth dates, Social Security numbers and credit card information.
Wi-Fi: Matters regarding financial transactions should only be conducted on a trusted private Internet connection, never a public one. Hackers often use public Wi-Fi to steal information from network users that are not using VPN encryption.
Social media: Avoid connecting with strangers on social networks. Social media can give away a family’s whereabouts or allow a hacker inside their personal lives.
Email: Electronic mail is permanent, so be ready to own everything in your message before sending it. Avoid emailing sensitive information that could otherwise be shared by phone.
Always Use VPN (It’s Easier than Ever)
Make sure to activate a virtual private network (VPN) to ensure privacy when accessing public networks. VPN allows you to become essentially invisible on the Internet whether using a computer or mobile device. Everything you do on a device that has a VPN—browsing, banking, shopping, texting, email—is encrypted and is essentially white noise to anybody that’s looking from the outside.
What is it? A VPN extends a private network across a public network, and enables users to send and receive data across shared or public networks as if their computing devices were directly connected to the private network.
Can it be used anywhere? Users can be on any network anywhere in the world, and all communications are auto-encrypted and invisible to anyone on the outside.
How do you get it? Today, you can set up a VPN for your family’s connected devices with an app, which costs a few dollars a month.
What app should I use? Use only name brands, or talk with a security expert to decide which service to use. Scammers have set up fake VPNs that can compromise the very information you are trying to protect.
In the past, says cybersecurity consultant Tania Neild, VPN was used for only the most crucial information. Social media and web browsing would be fine without it, but online banking requires it. Today, it’s so easy that you should be using it for all your online activity. "There’s no added complexity, so you can just apply it across the board," says Neild.
A Protection Checklist for Your Devices
Make sure you consider these technologies when you’re connecting to the Internet.
"We are just in the early innings of the Digital Age," says Brad Deflin, founder and president of Total Digital Security. With the technology (and threats) constantly evolving, Deflin recommends four ways to protect your devices.
Antivirus software: The tool is about prevention, and only the best providers should be considered. Look for software with automatic updates and fast responses.
Intruder and rootkit protection: Assume intruders are always trying to connect to your devices and collect personal data. Sometimes they use rootkits, which are assemblies of software enabling access while masking their existence. Make sure your security professional shields your network.
Firewall: A firewall is security for your network, and you may want to have it set up by an expert. With today’s threats, make sure you have your firewall activated even when you’re offline.
Router: The internet gateway to your home, all of your online activity flows through your router. Be careful to change the stock network password to a personal one to guard against hackers gaining access to your private information.
Software updates: Keeping software updated is a very effective measure against hacking. Turn on the automatic updates to your software, and be sure to download the newest operating systems.
Unified Threat Management: This device protection software replaces the hardware approach benefiting the end-user and their everyday protection and security.
They open your accounts, so make sure they are unique, strong and complex.
Length: The primary driver to creating a password that is difficult to crack is length. So an eight-character password is far less effective than a 14-character one.
Randomness: Because hackers feed password-cracking software with personal information to increase their odds of success, we can deduce the most effective passwords are long and random.
Putting it all together: Start your thinking by using something longer, or a phrase, that’s easy to remember. Something like cowboysmilingmoonpalm is a good example, Deflin says. The image of a cowboy on the moon smiling while leaning on a palm tree is not only easy to remember, but it is also long and unique, making it very difficult to hack.
THINKING THROUGH VULNERABILITIES
While cybercrime has increased by 38% in 20163, this doesn’t mean families can’t use email and social networks. Roughly 95% of Americans own cell phones4, and one-in-five of those adults are "smartphone-only" internet users5, making that ask extremely difficult. Kids, especially, want to participate since so many of their friends are online. A recent independent study found 93% of teens are online "almost constantly" via smartphones and almost 75% of teens have smartphones.6
Neild says rules are important, but the real key is balance. "I try to move everyone to the middle," she says. "If it gets too strict then it’s not practical. But if it’s too loose, you open yourself up to great risk." She begins with the basics:
- Access financial information only via a private Internet connection—only with a mobile device if the site is secure (see "Always Use VPN (It’s Easier than Ever)," for more).
- Don’t email private information like birth dates, Social Security numbers or credit card information.
- Avoid social media posts with personal information that could take a hacker inside a family’s home or divulge their whereabouts on vacation as well as respecting those around you, and considering their privacy too before posting.
- Establish passwords—the most common security breach—no one can guess or decode (see "Smarter Passwords," for more).
- Use two-factor authentication whenever possible, especially when using banking and online marketplace sites that involve financial transactions and information (see "Two is Better Than One," for more).
- Minimize the use of "Forgot your password?" function when logging into sites that involve financial transactions or store sensitive personal information. These may include your bank’s website and online marketplaces used to make purchases. In the event you do need to use this function, remember to change the temporary password immediately and avoid using vulnerable email services such as Gmail or Yahoo whenever possible. These personal email services are the first places hackers go to access your information, Neild says.
Sometimes stating the obvious is necessary, Neild says, such as reminding kids they should never share their passwords. Likewise, children need to understand the dangers of posting photos and personal information. "They need to recognize what is and isn’t visible and act appropriately," she says. A large public donation, for example, could end up in local media for positive reasons, but also could lead cybercriminals to individual family member’s work or social network accounts. From there, seemingly innocent public information can be used against a family. "It could be something as benign as a post like ‘Having fun in Cabo,’" she says. "But if someone recognizes your name because your family just donated $10 million to build a library, there you are in Mexico, where kidnapping is big.
Two is Better Than One
Using two-factor authentication can strengthen your defenses and mitigate the chances of a breach. Below, cybersecurity consultant Tania Neild breaks down the basics of incorporating the process into your digital security plan.
What. At its core, two-factor authentication is a security tool that requires users to enter a numerical code—typically delivered to the user’s cellphone via text message—after entering their username and password in order to successfully login into a particular website or online account.
Where. Using two-factor authentication is a good number anywhere it’s an available option, but it is particularly important when using accounts that involve financial transactions and information, Neild says. In addition to using it on the websites themselves, she also highly recommends users use the two factor process when logging in to the actual email accounts connected with these types of websites.
Why. No matter how strong a password may be, it is still at risk of being hacked. With two-factor authentication, a second level of security is added, Neild explains. "Even if hackers figured out your password, they would have to steal your phone in order to access your accounts," she says.
How. With cybersecurity such a primary concern in today’s world, many companies and email providers either require two-factor authentication or at least offer it as an option to users, Neild says. There are also a variety of mobile apps available for your smartphone, she says, noting LastPass and MyKeeper as being particularly effective and easy to use.
Over 100,000 breaches in cybersecurity occur every day, says Neild. And there’s more than one kind of cybercriminal. Just like in the real world, different people want different things, and have different tactics to try to get them.
Some cybercriminals are outsiders, digging up information on a family through social networks or by accessing networks illegally. Others may have insider information about the family, or even be family acquaintances or on the family’s payroll. Recognizing different kinds of cybercriminals is paramount to a family’s security, as is taking precautions.
The criminals behind these acts can be divided roughly into three categories:
- Cybercriminals: They use the Internet with the intention of monetary gain. Their targets may include companies, individuals and their families. Criminals go after capital, but also target assets with monetary value, such as music accounts, gift certificates and frequent-flier miles.
- Cyber spies: A growing number of cybercriminals steal information—such as passwords to music accounts or store credit, instead of capital—and sell it on the black cybermarket, an increasingly popular underground economy similar in function to the traditional black market.
- Cyber activists: A group seeking access to networks in order to disrupt them for political reasons, activists will often use hijacked accounts to hide their own identity as they breach an organization’s security systems. Neild points to a recent email attack that affected 150 million users, including some of her clients whose accounts contained financial information. It was a wake-up call for all parties. "Nothing was stolen, because that wasn’t the goal," she says, "but the cyber activists brought the network to its knees."
Manage Your Digital Dossier
You may have your offline life, but everything you do online can be combined into one larger "Digital Dossier" by scammers. Sometimes people live multiple lives online: for example, you may have one persona for social media and another for online video games and a third for online dating. But a scammer can connect those personas and learn a lot about you by connecting the dots with all your data.
Use these tactics to put your online presence into perspective:
Think of it as engraving: Everything you do online should be considered permanent, says Brad Deflin. Thinking about each social post as engraved in stone will help you see the importance of it.
Make yourself proud: Would you be able to look back at comments you made on a video game message board in 10 years and feel happy about the content and positivity? Think about your future self when you do anything online.
Remember the value of personal information: Create a sense of value around personal information, and appreciate the fact that it’s increasing in value. Companies (and scammers) in the digital age are collecting personal information and engineering it in a way to exploit something or sell you something.
Stay out of dark alleys: If you are unsure about how an app or website is using your data, don’t blindly submit your information.
"Just be really conscious of the activities you participate in," says Deflin. "And tell your children, ‘We are really printing permanently here, so be sure it represents who you are and who you want to be. And aspire to make it great.’"
WHAT ARE SOME BEST PRACTICES?
As the threat of cybercrime grows, so does the need to protect family assets. How is this done? Some suggest working with a web master to establish a family domain— a secure site accessible by a small number of approved family members, each with their own domain email (e.g., email@example.com). While this is often fairly simple to set up, it can require engaging your children in discussions about cybersecurity, which is far easier said than done. "It’s the last thing they want to talk about," says Brad Deflin, founder and president of Total Digital Security. "The private domain is like a fort from which the family is protected – a safe haven from the hostilities on the variety of vulnerable "free" email services available.".
Though initially hearing from clients about the challenge in communicating the importance of security to their children, Deflin eventually observed that the idea of a family domain was an effective starting point to pique children’s interest and get them thinking differently about the subject. The private email approach demonstrates the importance of striving for more digital autonomy and protecting personal information.
Watch Out for These Scams
Even if you’ve protected your computer and network, some scammers or companies will try to trick you into giving them money. Watch out for these top five scams.7
Computer Support Scam: Even on a protected computer, the scammer remotely inserts a popup from the user’s browser with an alarming warning that their computer is infected and under an immediate threat. The scammer asks for a payment to fix it, and/or an authorization to "remote in" to the user’s device. The scammers are typically very aggressive, intimidating, and bullying, playing on the individual’s fear and emotions.
Invoicing scam: Scammers will monitor personal news: births, deaths, new homes and more, and then send fake invoices for payment. For example, after finding a widow on the Internet, scammers will pretend to be a collection agency calling about the recently deceased’s debts.
Charitable donations scam: Beware of requests for money immediately after a disaster. Scammers set up fake websites with names similar to real charities and solicit donations.
Investment scam: Scammers will set up seminars or websites where they suggest investing in specific funds or unusual assets has made them rich.
Personal scams: With so much information available online—whether social media, online dating apps—scammers may be using blackmail or personal scams in addition to just economic scams.
Fake news: Scammers will impersonate legitimate news outlets or other websites in order to influence your opinions or gain access to your information.
"There is a vanity element to it as well," he says. "When kids see their last name in the domain it somehow creates a different perspective and they’re like ‘well, that’s kind of cool.’"
In addition, Neild suggests having a trusted technology (tech) expert help set up a safe email address and build a protected and encrypted network (firewall). This network should be used when handling family assets, instead of public networks or unsecure Wi-Fi, and the design should include a machine accessible to authorized family members with unshared passwords. Ideally, the device should be hardwired via ethernet to the encrypted network. This network could include access to secure cloud based applications, but it is how you access those applications that needs to also be included in the design. While that sounds all super-secret and technical, it's less than $3000 and 1 day of work for a network engineer. The firewall should be checked and reinforced in regular monthly installments, or at least once every quarter.
Neild says it’s also essential to choose the right tech expert, and that the person designing the system should be evaluated the way one would a mechanic. "References, references, references," she says. "You want someone to be focused and very rigorous when setting this up."
While complexity often plays an important role, simply increasing the length of a password can also help ensure a family’s online safety, according to Deflin. "Length is everything," he says. "Certain hacking software can sometimes crack an eight character password in less than a day, while a 14-character password could take a year and a half to crack using the same software." Though ideal, committing multiple 14-character passwords to memory is unrealistic, "so using a password manager is essential," says Deflin.
Three Big Takeaways
Reduce your digital footprint: There is less risk when you have less information online. In the same way seatbelts weren’t used and then they were, VPN should be used. "It’s like a cloak of invisibility," says Brad Deflin.
Use a password manager: Two-factor password authorization is essential. Two deadbolts on a door are better than one, so layer digital protection as well.
Privatize communication: It’s time to get off of the public email. Any information you send via non-protected email is potentially vulnerable. Set up a family domain for each email user.
AFTER A BREACH
Despite all the precautions you can take, hackers still get around the cybersecurity that’s in place and breaches do occur, reiterates Neild.
This, too, is something for which every family should prepare. Victims of cyber theft, like burglary, often feel violated and don’t know what to do next. A good start is remembering these three steps:
- Don’t disturb any evidence. As with any other crime scene, cybercrimes leave a trail. Don’t disturb anything, and let the investigators take it from there
- Contact the place from which the property was stolen, be it from a bank, credit card company or retail store with a shopping app.
- Alert your family’s financial and legal advisors.
Family assets may be insured, but once trust is violated, it’s not easily rebuilt. Even after a security breach during which nothing was stolen, families may feel like they’ve been robbed. Taking these three actions can help you get back on the path towards peace of mind.
Cybercrime is a fact of modern life, and it’s only becoming worse. While the benefits of instant online access are many so are the perils. However, with thorough preparation and a good understanding of the online world, all members of families should be able to enjoy the benefits of the Internet today and look forward to a safe and secure tomorrow.
Connect with an advisor and start a conversation about your goals.
Give us a call at
9am - 9pm Eastern, Monday - Friday
1TNW, Global State of the Internet in April 2017, April 17, 2017.
2“Digital In 2018: World’s Internet Users Pass The 4 Billion Mark,” We Are Social, January 2018.
3The Global State of Information Security® Survey, 2016.
4 Pew Research Center, Mobile Fact Sheet, February 5, 2018.
5 Pew Research Center, Fact Tank, News in the Numbers, March 14, 2018.
6 Pew Research Center, Social Media and Young Adults, February 3, 2010.
7 The True Link Report on Elder Financial Abuse 2015, True Link Financial, January 2015.