Every year since 2003, October has been recognized as National Cyber Security Awareness Month (NCSAM). This effort was brought to life through a collaboration between the U.S. Department of Homeland Security and the National Cyber Security Alliance to raise cybersecurity awareness across the country and to empower citizens, businesses, government and schools to improve their cybersecurity preparedness.
You Are A Target
Don’t ever say “It won’t happen to me”. We are all at risk and the stakes are high – to your personal and financial well-being, and to TeamHealth’s standing and reputation. It is important to be aware that you are a target for hackers and cybercriminals, and how you can be targeted.
How Are You Targeted?
Online Identity Hijacking/Fraud
Identity theft occurs when a criminal gains access to your personal information (such as your name, address, date of birth, financial information, etc.) to steal money or gain other benefits. Once hacked, cybercriminals can steal your online identity to commit fraud, sell your identity to others, or scan your system looking for valuable information, such as:
- Social Media accounts (e.g. Facebook, Twitter, LinkedIn, etc.)
- Email accounts
- Credit card information
- Tax records and past filings
- Financial investments and retirement plan
Cyber extortion can come in many different forms, but at its simplest, it is when someone online threatens some sort of harm unless you meet their demands such as data compromise or a denial of service attack. The demand is usually for money (commonly in the form of bitcoins), but an extortionist could conceivably demand just about anything. Once hacked, cybercriminals can take over by:
- Taking pictures of you with your computer camera and demanding payment to destroy or not release the pictures
- Encrypting all the data on your computer and demanding payment to decrypt it
- Tracking all websites you visit and threatening to publish them
How can you protect yourself?
The following are some ways that you can avoid online identify fraud and extortion:
- Use Strong Passwords and PINs and Keep Them Secret. Use strong passwords and PINs that contain both numbers and letters and, if allowed, symbols. Do not use your Social Security number as a username, password or PIN. Do not share your passwords or PINs with others, and do not store them on your computer. If you need to write them down, store your list in a secure, private place. You should change your passwords and PINs regularly and use a different password and PIN for each of your accounts.
- Use Your Own Computer and Maintain Its Security. Personal firewalls and security software packages (with anti-virus, anti-spam, and spyware detection features) are a must if you access personal information (e.g. medical, financial, etc.) online. Make sure your computer has up-to-date security software, including security patches, that the software is configured for automatic updates, and that the software is always turned on. For laptops, be sure to use encryption software. It is generally safer to access your accounts that provide sensitive personal information from your own computer or device. Avoid using public computers when accessing these types of sites.
- Log Out Completely. Always click the “log out” button to terminate your access to websites. Access may not be terminated if you simply close or minimize your browser or type in a new Web address when you’re done. Avoid multi-tasking on multiple Web pages when accessing your personal information (e.g. medical, financial, etc.) online, you may potentially expose yourself to “session stealing.”
- Be Cautious When Using Wireless Connections. Unsecured Wi-Fi connections do not provide as much security as either wired Internet connections, encrypted wireless networks, or your mobile carrier’s cellular data connections. Many hotspots, wireless networks in public areas like airports, hotels, and restaurants, reduce their security settings so it is easier for individuals to access and use these wireless networks. This increases the possibility that someone may intercept your information. If you use your own wireless network, make certain you secure the network with wireless encryption.
- Review Your Monthly Statements and Do a Periodic “Identity Theft” Check. Read all your monthly account statements (bank, brokerage, credit card, etc.) thoroughly as soon as they arrive to make sure that all transactions shown are ones that you actually made or authorized. Review your credit report as it alerts you to inaccuracies and unauthorized activity. You can obtain a free credit report every 12 months from three different credit bureaus by contacting the Annual Credit Report Request Service at AnnualCreditReport.com.
Chief Information Security Officer, TeamHealth