Top Cybersecurity Tips For Consumers: Secure Your Digital World

As part of Sayers’ commitment to give back to our communities, two of our expert engineers recently shared cybersecurity tips with family members of transplant recipients. Thank you to Transplant Recipients International Organization – Philadelphia Chapter and Transplant Families for the opportunity.

Read on for highlights from that consumer cybersecurity hygiene session presented by Jason Marocchi, Cybersecurity Engineer, and Chris Willis, VP of Cybersecurity Engineering at Sayers. 

Please share with someone you care about to help them stay safe online. 

What Shapes Your Digital Life?

When you consider your digital footprint, the number and size of pieces contributing to that footprint become staggering. Each massive in its own right, these elements come together daily to shape your digital life:

• Online activities: Each day you’re likely browsing websites, making online purchases, interacting on social media, and more. 
• Personal data: Every application and service you use collects data about you.
• Devices: How many devices do you use that are internet-connected? According to Verizon’s Consumer Connections Report 2024, the average internet household has 18 connected devices.
• Online accounts: Even when you stop using a service, most people don’t completely deactivate their accounts. Those online accounts continue to contribute to your digital footprint.
• Behavioral data: Marketing teams use this data to target you for specific products and services. Whether they want you to purchase something, visit a website, or click on an article, behavioral data helps them reach you when there’s the best chance of enticing you into an online interaction.
• Security practices: Are you using multi-factor authentication (MFA) to log into your accounts? How strong are your passwords? More to come on these practices.

Watch For These Red Flags For Internet Security

No matter how long you’ve been online, you’ve likely encountered one or more of these red flags. Trust your gut and don’t fall for these scams in the form of online requests:

• Emphasizes urgency or criticality. When you receive one of these requests, take a step back. Evaluate if the requested action is really something you should do. Across the consumer and enterprise space, social engineering attacks like these play on people’s emotions. Marocchi says:

“Feeling urgency or criticality is the easiest way for people to bypass what feels wrong from a gut perspective, whether the scam is time-sensitive, time-critical, related to finances, or health-related.”

• Sounds too good to be true. Then it probably is. Beware of get-rich-quick schemes.

• Specifies unusual payment methods. Beware of requests asking for unconventional payment methods such as gift cards or cryptocurrency.

According to a report from the FBI’s Internet Crime Complaint Center, complaints from the public about cryptocurrency fraud continue to increase. Total complaints numbered 69,000 in 2023 with more than $5.6 billion in reported losses. 

• Asks for your personal information. Reputable businesses you’ve done business with already have your account information. Your bank, for example, shouldn’t email you to ask for your bank account number so they can update it within their system. Be skeptical of such requests.

Protect Your Information From Cybercriminals

Cybercriminals especially want two main types of information. One is Personally Identifiable Information (PII), which they can use to identify individuals. The other is Protected Health Information (PHI), which is health-related information that includes any of the 18 elements identified by the Health Insurance Portability and Accountability Act (HIPAA). 

CNBC reported a single medical record can fetch $60 on the dark web, compared to $15 for a Social Security number and only $3 for a credit card. Marocchi says:

“We know what is getting value from a marketplace perspective on the dark web. We need to protect what is most valuable not only to us, but also to criminals who want to make the most money by selling that information.”

Use credit freezes to help protect yourself from identity theft. Contact each of the three major credit reporting agencies – Equifax, Experian, and TransUnion – to place, temporarily lift, or remove a credit freeze at no charge.

Invoke the right to be forgotten. When you leave a service, ask the organization to delete your personal data. Company policies vary in the United States, but the General Data Protection Regulation (GDPR) makes this a regulatory right in the European Union. Exceptions include an organization’s need to keep specific personal information for purposes such as legal compliance. 

Securely manage your passwords and logins. Use strong passwords, enable MFA wherever possible, and don’t put passwords on your computer desktop. Password managers such as Bitwarden and 1Password allow you to securely store, manage, and share passwords, passphrases, and other sensitive information. These can be especially useful for families. Marocchi recommends:

“Have your most secure password at your password manager level, then you can use auto-generated, randomized passwords for the rest. It may take time to put everything in the password manager, but once you have, onboarding a new device such as a laptop or phone is extremely easy.”

Have a family password or passphrase. In the ubiquitous grandparent phone scam, the caller pretends to be a grandchild or other family member in distress with an urgent need for a monetary wire transfer (note the use of both urgency and criticality). Asking the caller for the family password or passphrase can instantly reveal the call as a scam.

Stay on top of breaches. The Have I Been Pwned website lets you check to see if your password or email address has been exposed in a data breach. 

Stay Secure On Social Media

Have you considered what someone with little or no connection with you can learn about you from your social media profiles and posts?

Before you post your next social update, keep in mind:

Timing: When you post photos of you and your family having a great time on a two-week cruise, you’re announcing you’re out of your house during that time. Bad actors can use publicly available sources to learn where you live and then target your home. Better to post after your vacation to show the great time you had.

Information and photos: Be careful and cognizant of the details you’re posting. Careless social media users have been known to post a photo of their home office, not realizing one of their passwords appeared in the background. 

Friend groups, recommendations, and requests. Distinguish between your public and private friend groups and what you’re sharing with each. Be wary of friend recommendations and requests that appear to come from someone you know. If you’re seeing multiple accounts from the same person, reach out through a different channel such as a phone call to confirm if it’s a valid friend request. It could be a fake account by someone trying to poach information about you.

Review your profile. Social media providers such as Facebook change and update classifications and policies frequently. Best to:

• Regularly review your profile and posts
• Remove any private information that might be publicly exposed 
• Browse your security settings and enable the latest updates that may not have automatically updated.

Be cautious of crowdfunding. Scammers have trawled for legitimate stories about health issues on social media sites, then set up a hoax GoFundMe site to receive donations based on someone else’s story. Hospitals encourage the use of alternative sites in the healthcare space such as CaringBridge, Help Hope Live, and the Children’s Organ Transplant Association to ensure funds go to the appropriate person.

Follow Safer Email Practices

Email’s base technology wasn’t designed to be secure. Adding email security in the form of policies and authentication protocols such as DMARC helps stop at least a portion of malicious emails, but spoofing and phishing attachments continue to get through. Marocchi says: 

“Think twice about every email. Does it make sense from a timing perspective? Is this something I would expect? What is the message tone? Does the sender want me to do something urgently or with criticality, which might cause me to disregard my gut feeling that something isn’t right?”

According to Proofpoint, 99% of phishing attacks require human interaction to succeed, such as clicking a link or opening an attachment. If the email solution on your device allows you to disable auto-downloading of images and/or attachments, do it. Then once you’ve verified the email as legitimate, you can download the attachment or image. 

Be cautious of all links in an email. Don’t click on an embedded link if you’re not sure the sender is legitimate. Instead, go to the website through your search browser. 

More Guidelines To Stay Secure Online

Be cognizant. Scammers use urgency and criticality to override your gut feeling and manipulate your decisions. Take a step back and don’t rush into any of the actions you’re being asked to take. 

Use HTTPS anywhere and everywhere. The HTTP protocol for transmitting data between a web browser and a website’s server has a secure, encrypted version called Hypertext Transfer Protocol Secure (HTTPS). Look for the HTTPS padlock symbol in the URL bar, especially before you enter any login credentials. Modern browsers flag non-HTTPS websites as not secure by displaying a warning.

Enable strong authentication. Use multi-factor authentication to provide additional security to your accounts. If your password gets compromised, MFA provides a last line of defense. 

Don’t trust QR codes. QR codes can provide useful information, but clicking on one is like clicking on a link – it may or may not take you to a legitimate website. Be sure you trust the source of the QR code before clicking on it. 

Find a risk tolerance that’s right for you. The way you protect your online banking account is likely different from how you protect your YouTube account. Find the appropriate risk tolerance for each of your online accounts and consider the impact if any were compromised.

Avoid defaults. Default configurations and passwords can make an initial setup easier. However, many breaches occur because the user or administrator left a device or program at a default setting, which automated attacks often target. Change the default password for anything connected to the internet.

Apply updates and patches. Everything that’s internet-connected, from your home TV to your Google Nest system, can receive security updates and patches to correct coding vulnerabilities. Apply updates and patches for your devices and programs on a frequent cycle. 

Be cautious with AI.  AI chatbots such as ChatGPT store memories to make responses more applicable to you. Be aware of the memories they store about you and delete where necessary. Don’t submit your PHI or PII into these tools. 

Questions? Contact us at Sayers today to discover extensive technology solutions, services, and expertise to cover all areas of your business.