Personal Cybersecurity in 2022: What You Need to Know
Cybercrime is growing at an alarming rate with almost 850,000 reports to the FBI in 2021 alone.¹
Those are just the ones reported! Imagine how many more go unreported.
October may be Cybersecurity Awareness Month, but personal cybersecurity should always be at the forefront of our minds.
The problem is that the number of incidents are so overwhelming that it feels as if personal cybersecurity is impossible.
Just consider these scary statistics from Private Internet Access²:
- Personal computers and devices experience a hacking attempt every 39 seconds (or more than 2,200 times in one day).
- The FBI received 241,000 phishing-related complaints in 2020.
- 45,000 personal data breaches were reported in 2020.
- 37 billion records were exposed in data breaches in 2020.
If your personal information can be stolen in a large company data breach, how can what you do at home matter?
The truth is that cybercrimes can happen anywhere – and to anyone. And it’s up to us to take every step possible to protect ourselves from identity theft, fraud, and other types of cybercrimes.
The Basics of Personal Cybersecurity
Cybersecurity is the protection of devices, networks, and computer systems from digital attacks.
Personal cybersecurity refers to the best practices for protecting one’s privacy, data, and devices from cybercrimes and unauthorized access (such as hackers).
If someone gains access to a network or a device (aka hacking), they can steal your personal information.
Why Personal Cybersecurity Is a Major Concern
Unlike many crimes in the physical world, cybercrimes are often difficult to wrap our heads around because we don’t see them.
Hackers stay hidden behind computer screens, and, many times, the cybercrimes go unnoticed until the damage is done.
The problem is that many of us keep a significant amount of personal information online or on our devices, such as passwords, account numbers, social security numbers, addresses, and so on.
If a hacker gains access to personal details such as your banking information or credit card login, they could take that information and sell it on the dark web.
According to Norton, “Almost 10 million people have their identity stolen each year,” making personal cybersecurity paramount.³
What Hackers Want
You may be wondering why a hacker would target you.
The answer is simple: personal information.
Your personal information, no matter who you are, is valuable.
On the dark web, someone can purchase a social security number in a matter of minutes. They may use this to create an entirely new identity, collect tax refunds, or open a new line of credit.
According to Private Internet Security, “As many as 15 billion user credentials (1 billion of them unique) from 100,000 breaches are still up for grabs. The offered data includes account usernames, passwords, online banking details, and social media accounts.”⁴
How Cybercriminals Come after Individuals
When we hear about cybercrimes in the news, it is usually large-scale ransomware attacks on major businesses, such as the Colonial Pipeline.
However, cybercrimes happen to individuals every day in the United States.
How many times have you been sent a friend request on Facebook by someone you are already friends with or received a message with a suspicious link to click? These are all types of personal cybercrimes.
Let’s look at some of the ways cybercriminals go after individuals.
- Phishing: Communication technique that attempts to convince users to provide sensitive personal information or click on dangerous links. Today, cybercriminals also use phishing through SMS messages (smishing) and through phone calls (voice phishing or vishing). This is the most common type of complaint the FBI receives regarding personal cybersecurity and the top breach method.
- Malware: Software that performs a cyberattack on an individual, such as clicking a link that downloads malicious malware to your device.
- Data Breaches: Data breaches affect large companies and the individuals who have shared personal information with those companies. According to Embroker, “One major example of a third-party breach occurred at the beginning of 2021 when hackers leaked personal data from over 214 million Facebook, Instagram, and LinkedIn accounts.”⁵
- Smart Devices: More and more Americans are enjoying the conveniences of smart devices; however, the more internet-connected devices you own, the more your personal cybersecurity is at risk. Embroker reports, “Attacks on smart or ‘Internet of Things (IoT)’ devices spiked as a result, with over 1.5 billion breaches occurring between January and June of 2021.”⁶
What to Do after a Data Breach
Have you received a generic email from a company, such as LinkedIn, which informs you that your information was part of a data breach? What are you supposed to do with that information?
First, read the email from the company and pay close attention to when the breach occurred.
Take note of what type of information was part of the stolen data. This may include login credentials, financial information, Social Security numbers, or addresses.
Even if login credentials weren’t stolen, change your passwords. If you reuse your password on multiple sites, this means hackers can find out what other sites you use the password for and gain access there, too.
If the data breach includes financial information, contact your financial institutions right away. Let them know there is possible fraud, and they will walk you through the next steps.
Request a free credit report from AnnualCreditReport.com to see if any new accounts have been opened in your name.
You may want to consider taking a preventative measure by placing a freeze on your credit to block anyone from opening an account.
Delete any unused old accounts – especially those that used the same password.
What to Do If You Suspect You’ve Been Hacked
There may be times when you suspect you may have been hacked or a victim of a cybercrime, but you aren’t 100% sure.
Start by heading over to Have I Been Pwned? and entering your email address. This website catalogs data breaches and the information about each breach.
You’ll find out right away if your information is “out there.”
You can also look for signs that you have been hacked, such as posts appearing on your social media that you did not post or messages in your Sent folder that you did not send.
If you suddenly cannot sign into your email account or social media account, this is another sign you’ve been hacked.
Personal Cybersecurity Basics
- Create strong passwords. The very first step toward personal cybersecurity is creating strong passwords. You cannot use a password like 12345. The more complicated your passwords, the harder it will be for hackers to gain access.
- Use multi-factor authentication. Multi-factor authentication provides an extra level of security on your accounts. It is wise to use multi-factor authentication for any account that has personal information, including social media.
- Sign up for security alerts. Sign up for security alerts with your bank and credit card company. In addition, monitor your credit reports and banking statements for any unauthorized transactions. Pay attention to Google’s password manager. If you receive an alert that your password has been compromised, it’s time to change it.
- Don’t autosave personal information. No matter how convenient it is to autosave your credit card information for online shopping, it is not worth the risk. Take the time to reenter the information each time you make a purchase on a safe and secure online website.
- Invest in cybersecurity tools. Antivirus solutions, malware, and firewalls help reduce cybersecurity risks on your devices.
- Run system updates. Whenever you receive a notification that it is time to run a system update, do it – even if it is at an inconvenient time. These security updates protect against the latest cybersecurity threats.
- Think before you click. Before you visit any site or click on any link, think carefully. Use what you’ve learned about phishing and apply it.
- Recognize and report phishing. Does the email or text message try to mimic a real bank or company? Does it ask you to send some sort of personal information, such as a password, to secure your account? Does it offer something too good to be true? Are there spelling or grammar errors? You can easily find out if it is real or a phishing attempt by contacting the actual company (e.g., your bank, credit card company, or Netflix) directly rather than clicking the link or replying.
We regularly post videos with financial information and updates. Check us out on YouTube.