Keeping your financial data safe

The threat of digital predation by a virus, or online scam seems so pervasive these days that you might have just accepted it as an inevitable part of life. When a computer virus ends up draining your bank account, however, this common scourge can hit too close to home. The good news is 97 percent of security breaches can be prevented, and if the worst happens, there are tools available to help you cut your losses and beat cyber-crooks at their own game. With the right software and a few simple techniques, digital fraud, identity theft, and sensitive data loss can be easy to thwart.

Cross-Device Threatscape

Hackers can steal your personal information anywhere that it is made digital—on your computer, smartphone, or tablet, at the checkout counter, the gas pump, and even the hospital. Wasn’t there some good news promised? Yes! First, antivirus software is now available to protect not only your computer, but also your smartphone, tablet, thumb drive, and other devices. So you can use one solution, such as McAfee All Access, to guard your data on all your devices.

Even if you already have antivirus protection on your own computer, you probably don’t think twice about accessing your bank account or typing in your social security number on your unprotected smartphone or tablet. According to the National Foundation for Credit Counseling, seven percent of smartphone owners were victims of identity fraud in 2011. We increasingly rely on our phones to make critical transactions, so that number is predicted to climb.

Where the Threats Are

In addition to protecting your own devices, you might also want to suggest that the small businesses you frequent beef up their digital security because point-of-sale systems—in other words, the checkout counter—at your local restaurant or small business are especially vulnerable. Point-of-sale systems are just computers, but businesses often fail to install basic antivirus and firewall protections. It’s no good protecting yourself on your own devices, only to have your financial information stolen from the computer at your hair salon.

Your doctor’s office or anywhere that your health information is online is another place for caution. If they are storing or if you are accessing health records online, hackers can use that information to steal your identity, sell your data to marketers, and even disrupt your credit.

Your mobile phone also provides new avenues for fraud—bad links can appear in text messages or as advertisements in an app. Most often, bad links lead to “phishing”—a website or online form that tricks you into giving out your personal data. Phishing can also appear in email or while surfing the web. There is even a variant called “vishing,” where the caller tricks you into releasing personal data in a phone call.

Emerging Threats

New vulnerabilities are constantly arising. Today, “hacktivism,” in which activists infiltrate individual computers or devices in order to worm into the data of large corporations or other institutions, is on the rise. To make news headlines, these attacks often post online any financial and personal information they can mine from a corporation’s network. Thousands, even millions, of financial and personal data has been made public this way.

And finally, computers and phones are frequently lost and stolen, which can lead to financial fraud if a device makes its way to the wrong hands.

Fortunately, blocking most threats is as easy as buying software that protects you on your computer as well as your phones, tablets, thumb drives, and other devices. Make sure to buy antivirus software that also includes firewall protection, so that any bad code that makes it onto your device is blocked.

The next step is to strengthen your password protection. Whenever your computer or device offers you the opportunity to password protect, use it. Make sure to create strong passwords—as always, “password,”  “123456,” and similar common or easy-to-guess passwords are a no-no. Finally, don’t keep a record of your passwords on your phone, computer, or even on a piece of paper.

Just as you protect your device with a password, you’ll want to make sure your wireless signal is similarly protected. Even password-protected wi-fi and 3G/4G signals can be hacked, so don’t give data thieves an open door by using unsecured wi-fi channels.

The Devil You Know: Best Practices and Social Threats

After you’ve protected yourself with robust security software and a layer of password authentication, the rest is just about your behavior. It seems almost too simple that precautions like not leaving your phone unattended would make much of a difference, but financial fraud is a crime of opportunity. Sadly, nine percent of financial identity theft is committed by someone you know, so physical proximity does play a role. Even “shoulder surfing” can provide enough personal information for a hacker to steal your identity.

Your software should provide assistance if you have lost the device or fear it’s been stolen. Look for security software that can remotely lock your device, save all your data to the cloud, and then wipe the device clean. These features should be included in your antivirus software. It should also be able locate the device on a map and track its movements. That way, you stand a fighting chance of finding your device before the crooks get their hands on it.

While you’re looking for your stolen or lost device, you don’t want to leave your credit rating up to chance. “Eliminate the risk of con artists' opening accounts in your name by placing a security freeze on your credit reports. That'll stop any new credit from being established in your name. The service is available nationwide from the three major credit bureaus—Equifax, Experian, and TransUnion,” advises the American Association of Retired Persons.

Finally, be reluctant to release your personal information, in any form. Phishing attacks can be clever, featuring websites that look like your bank or sounding like a legitimate bank loan officer over the phone. It’s okay to ask questions, especially if something seems off. Always ask about digital security when you are sharing personal and financial information. (As a safety precaution, we recommend refusing to divulge any personal information at all when someone calls on the phone claiming to represent your bank. Instead, tell them you'll hang up and call the bank's 800 number to follow up.)

Likewise, it is best to take a moment before typing your data into an online form, to verify that you are definitely using a trusted site. Your antivirus software also should let you know when a site is trusted. The bottom line is that it pays to be on your guard—digitally and in the real world.

What's the Worst that Could Happen?

It might seem like a lot of trouble remembering passwords and asking about security everywhere you use your credit card. Perhaps we should review what happens when you have been hacked. Within minutes of the attack, hackers will have uploaded your personal and financial information to the Internet, where others will acquire it and begin to use it within an hour. You might notice that your computer or device is running more slowly, or an implanted virus might create pop-up advertisements or otherwise interrupt how your device functions. Those tactics, however, have grown long in the tooth. In most cases these days, you might not know about the breach for several months, and even then a third party—your bank or credit card vendor—is more likely to notice the problem than you are.

In those intervening months, criminals can be using your credit card number, opening new accounts with your personal information, and even leveraging your data to create passports in your name. The trouble such a data breach can cause may take years to fix. According to a lawsuit filed on behalf of victims of a recent breach at an health insurance firm, victims, “had to cancel credit cards and close bank accounts; open new credit cards and bank accounts; stop direct deposits to those compromised accounts and re-enroll in direct deposits for new accounts; stop recurring electronic payments from compromised accounts and re-enroll in electronic payments through new accounts; and otherwise spend time and money in mitigation.”

Fortunately, prevention works. Use a trusted security suite that offers a full range of fraud mitigation: It should protect all your mobile devices, as well as your computer, and it should offer firewall protection, remote backup and hard drive wiping, as well as the ability to map and track your device. Be willing to speak up when you are asked to share personal and business information; ask questions to insure your data is protected. Progress is being made by law enforcement, software firms, and institutions large and small to prevent these attacks in the future. Identity theft is a battle that you can win with nothing more than a little software and some common sense.

[ This sponsored article was written by IDG Creative Lab, a partner of PCWorld. ]

Subscribe to the Security Watch Newsletter