The Ultimate Guide To Cyber Security & Data Protection For Consumers
More than 3 million Americans reported being victims of fraud and identity theft in 2019. Consumer data and information is not only being stolen and used for illegal activities but it is also being shared with unauthorized parties and companies for advertising purposes. Whether it’s Facebook giving personal user data access to Cambridge Analytica or Equifax exposing personal information of 147 million users, consumers can no longer rely on companies and websites to keep their personal data and information safe.
Identity theft in the United States experienced a huge jump in 2019, increasing by ~50% from 2018 numbers. As COVID-19 affects millions of people financially and desperation sets in, 2020 might be even worse.
While identity theft could happen to almost anyone, those in the 20-29 age group reported it most and accounted for ~33% of all identity theft cases. However, people over 70 reported much greater median losses than those in other demographic segments.
The 2019 data also shows that among all identity theft reports, credit card fraud remains the most common type of identity theft, representing a whopping 88% increase year over year and accounting for 271,823 of reported cases.
Other common types of identity theft include loans, utilities, tax and bank fraud.
As eCommerce and online shopping continue to overtake retail, cyber crime will not stay far behind. By the year 2021, more than 2.14 billion people are expected to purchase goods and services online (Source)
Despite having improved security standards, most online platforms are still vulnerable to cyber attacks that seek to extract personal user information. Add COVID-19 to the mix and you have the perfect environment for cyber attacks and data breaches to take advantage of unaware consumers. (Source)
Before you do anything online, it’s vital to ensure that you are protecting yourself and your personal information at all cost. Whether it’s your device, your internet network or even your browser, you must take the necessary precautions to ensure your private information and data is secure.
This guide covers multiple security aspects and you can skip to any section by clicking one of the buttons below:
PERSONAL INFORMATION SHARING
The most crucial type of information you need to keep private is your personally identifiable information (PII).
The term “PII,” as described in OMB Memorandum M-07-1616 is information that can be used to trace or distinguish someone’s identity, either alone or when combined with other PII. These include:
Remember to reveal only what is necessary to complete a purchase or registration process. Some websites will ask for your Facebook or Instagram accounts for sharing purposes, which is often not mandatory. Your personal information can be accessed through third party logins.
A lot of retailers try to obtain additional details like favorite sports, types of entertainment you prefer, annual household income, etc. These are mostly used for personalizing advertising and increasing conversions for companies. We recommend not adding any information that is not required and registering/logging in through an email address.
The most important information that you should NEVER share are your government issued ID’s and bank related information outside of credit cards/debit cards used for purchases. These include:
It’s important to reiterate the point of only sharing the information you absolutely have to in order to register on a website or complete a purchase. We strongly recommend disclosing as little Personally Identifiable Information as possible.
In a lot of cases, you don’t need to disclose your actual birth date to complete a purchase or sign up for a service. Your birth date is an extremely important piece of information that if comprised, can easily be used for fraud and identity theft purposes. (Source)
Your address is also very important but if you are making any sort of purchase that requires delivery, you have no alternative other than a PO box. But, refrain from disclosing your actual address in all cases where it’s not required.
Here some data sharing policies to look for when signing up and disclosing your personal information on a website/app:
Since July 2019, more than 79 percent of smartphone users have made a purchase online using their mobile. Chances are you’ll most likely be using your smartphone to shop online as well. Here are some tips to consider:
Similar to mobile, you must take precautions against common computer viruses and cyber threats. Here are some basic tips:
Most consumers use Windows and Mac OS to perform their daily tasks. Since Linux is more on the tech-savvy side, we’re not going to include any Linux server protection tips in the following section. Here are some Operating System specific tips to keep your device protected at all times.
- Go to Settings > Windows Security and turn on Virus & threat protection.
- Use Tamper Protection to prevent malicious programs from changing important Defender settings. Go to Settings and search for the keyword “Tamper Protection.” Make sure you have the Windows 10 1903 or later release.
- Go to the Start menu and search for “Turn Windows features on or off.” Open Windows Features and enable “Windows Sandbox.” It’s a safe, isolated area where you can test suspicious URLs and files.
- Turn on BitLocker to encrypt your entire drive. Go to System and Security > BitLocker Drive Encryption and click Turn on BitLocker.
- Go to Settings and disable advertising and location tracking, choose which applications can access your contacts, calendar, and email, and restrict access to your camera and microphone.
- Disable Bonjour
Bonjour lets you connect to your local area network. However, if the network isn’t trusted, consider disabling it by using this command in the terminal:
sudo defaults write /System/Library/LaunchDaemons/com.apple.mDNSResponder ProgramArguments -array-add “-NoMulticastAdvertisements”
Similarly, the following command will enable Bonjour:
sudo defaults write /System/Library/LaunchDaemons/com.apple.mDNSResponder ProgramArguments -array “/usr/sbin/mDNSResponder” “-launchd”
Disable Spotlight Localization:
Spotlight helps you find information stored in your hard drive, as well as on the web. However, it also requires your location to perform the task and sends the information to a remote service. It exposes you to additional security risks and we recommend keeping this function disabled.
Navigate to System Preferences > Security & Privacy > Privacy > Location Services. Now, open “Security & Privacy,” find “Details,”and uncheck “Safari & Spotlight Suggestions.”
To disable Spotlight Suggestions, navigate to System Preferences > Spotlight and uncheck “Allow Spotlight Suggestions in Spotlight and Look Up.”
- Disable Guest Users:
Navigate to System Preferences > Users & Groups > Guest User and uncheck “Allow guests to log in to this computer” to prevent others from messing up your sensitive data.
- Limit Ad Tracking:
Navigate to System Preferences > Security & Privacy > Advertising and check “Limit Ad Tracking” to opt out of receiving targeted ads.
Email is another vulnerability point that hackers and scammers can easily attack. While many email clients have significantly enhanced their security features over the last decade to prevent fraud and scam related emails ever reaching your inbox, threats still exist within any email client.
Here are some security tips that you should consider whenever using your email client:
Setting up a robust home network is challenging. However, optimizing the web connectivity of your devices, as well as protecting your sensitive data is well worth the extra work. The following tips will help you build a stronger home network.
Avoid making online purchases whenever you’re in a public area (restaurant, coffee shop, shopping mall) and using their free Wi-Fi. There’s no way to ensure that the network is secure.
Using public Wi-Fi is riskier than a private home or work network. Here are some quick tips if you do use public Wi-Fi:
Shopping online typically means revealing your personal information that makes you vulnerable to identity theft and fraud. Things like your name, emails, social security number, and credit card information are all important nodes of your personal identity that must be encrypted and secured.
A VPN (virtual private network) creates a secure connection that protects your actual IP and encrypts your data. Using a VPN is easy, requires no extra hardware, and can be used from any device; desktop, laptop, mobile, tablet. For example, if you’re in New York and connect to a VPN location in Australia, websites will see you as a visitor from Australia.
The best part about a VPN is actually its encryption features. This means if you are browsing on a public Wi-Fi or Hotspot (coffee shop, airport, etc.), a VPN secures your core connection — allowing you to send your private information without worrying about the network being logged or recorded.
One of the first steps you should consider when setting up you browser security is cookies. Cookies are code snippets that allow websites to track your previous activity and display related and targeted information to you. This includes products, ads, logins and other user identifiable information. If you are ok with a less personalized experience, consider disabling cookies in your browser.
Here is how you do it in Chrome:
- First, select the menu icon on top and click Settings
- Next, scroll down and select Show Advanced Settings and search for Site Settings
- Here, you’ll find Cookies and site data where you can block websites from setting any data.
- Check Clear cookies and site data when you quit Chrome if you want the browser to forget about your last sessions each time you open it up. (Our preferred feature)
- You can also click Block third-party cookies, but note that some websites will not function well with this function disabled.
- Once done, restart your browser and see if the changes you’ve made are working in order.
Check your browser settings on a regular basis. Configuring the privacy settings of your browser is the best way to ensure higher browser security. Browser settings, by default, leave your private data exposed. Here are some suggested settings:
Here’s where you can find Privacy Settings on Chrome, Edge, Firefox, and Safari:
- Chrome: Go to Settings and look for the keyword “privacy” in the search box on top. Here, you should find all the aforementioned settings and more.
- Firefox: Go to Menu > Preferences > Privacy/Security. Make sure to restart Firefox.
- Edge: Click the ellipses in the top right corner and go to Settings > Privacy & Security.
- Safari: Head over to Safari > Preferences and click the Privacy tab to update your settings.
Take your time to understand the settings of your preferred browser and research more security tips online. You’ll be surprised to see there are countless loopholes that you never knew existed.
Browsing in a private window isn’t the ultimate privacy solution — your IP and activities are still visible— but it does prevent your browser from storing history, cookies and cache once you close the window.
Note: Simply minimizing or hiding the window won’t erase any data; Close the private window completely.
While it’s called Incognito Mode on Google Chrome, Edge calls it InPrivate Window and you can access it by pressing Ctrl+Shift+P. Firefox and Safari also have private browsing options available.
Most popular web browsers allow you to install security extensions to improve your browser’s privacy and security. When using an extension, you need to ensure it has been approved by Chrome or the browser developer that you are using. Also, don’t forget to enable automatic updates to keep your extensions up-to-date.
Here are a few recommendations to consider:
If your browser is not up-to-date, it won’t be able to fully protect you from new emerging security threats. When it is a question of software updates, each browser acts differently. Let’s see how updates are managed in Chrome, Firefox, and Safari.
- Google Chrome: All new updates are triggered automatically as you exit the browser. If you want to start fresh, we’d recommend uninstalling Chrome and Clearing All Data (make sure to bookmark important websites), then reinstalling it. Automatic updates are turned on by default, and you cannot change it. To make sure your browser is up-to-date, head over to Menu > Chrome > About Google Chrome.
- Firefox: Firefox allows you to turn on/off automatic updates from Preferences (Not Recommended). To check your current browser version, visit Firefox > About Firefox.
- Safari: Similar to Chrome, Safari gets automatic updates and you cannot change these settings. To check the current version, go to Safari > About Safari. You can click here to learn more about updates related to Safari extensions and how to install and configure them appropriately.
An essential tip every consumer should consider is to look for encryption on all visited sites.
Secure websites depend on technology offered by a Secure Sockets Layer (SSL) certificate. It protects the information transmitted from the device to the website’s server. This secure encryption is generally indicated by a closed padlock symbol and “HTTPS” address bar.
Outside of SSL, you also need to pay attention to trust badges which add an additional layer of protection and authenticity for financial transactions.
Here are some of the trust badges you should look for:
Most users purchase from a variety of different websites and usually reuse the same password for all their accounts which exposes them to extra risk. All it takes is one website breach for all your logins to be accessed by a third party.
We recommend using multiple passwords for all your login information. You should use 2FA on websites that store your PPI and financial information.
Using a password manager will help you manage multiple passwords and encrypt them. Some internet security software and antivirus programs include password security and management features.
Dashlane and LastPass are two password managers have had high ratings. They will simplify and secure your login process by helping you create more secure passwords and automatically log you in.
Here are some password setting tips for you to follow:
Policies such as the General Data Protection Regulation and California Consumer Privacy Act have enforced additional protection for consumers and their data. These policies are designed to ensure that consumer information that is being collected is disclosed and used in accordance with the law. However, there are still things you should consider and pay attention to when signing up on any website.
With more than $581 billion dollars projected to be spent inside mobile apps in 2020, it’s no surprise that mobile applications have now become a major target of data breaches and cyber attacks. Many applications rely on private user information making them vulnerable to hackers, malware and other nefarious activity.
The base line for all mobile applications is data encryption. Once a user inputs personal information, that information must be encrypted and never stored or displayed in plain text anywhere within the application infrastructure.
When an application is compromised by malware, rogue apps or other cyber attacks, individuals face significant risks of digital fraud that includes:
Before you download and use any app, do your research on the company that developed it. The more information the developer has provided about itself, the less likely you are at a risk of downloading a rogue app. Some information that legitimate companies provide includes contact information, website, physical address, etc.
Here are some more important tips to ensure you’re not exposing yourself to additional risk:
Permissions are critical component of any mobile app and the extent to which they have access to your device can actually be set by you. Keep in mind that disabling certain app permissions will render the app useless since certain permissions are at the core of App functionality. For example, TikTok not having access to your camera. Here are some essential app permission settings that you should consider.
- iOS Location Services: Go to Settings > Privacy > Location Services. Tap the switch for on/off.
- iOS App Permissions: Go to Settings > Privacy > Any Service (ie: Contacts). Select any of the services listed to see which Apps are accessing them and tap the switch to enable/disable an App’s access.
- Android App Permissions: Go to Settings > Apps > Select App (ie: Facebook) > Permissions. From the permissions you can set which services the app will use.
Now what you should allow or deny? It really depends, but the general rule of thumb is to deny all but necessary access for you to be able to use the App. For example, if you have a document scanning app, you might want to enable permission for Camera when using the app. Below we’ve outlined the risks and dangers associated with giving apps permissions to specific features.
Using your credit card to purchase online is safer than using a debit card. If there’s a security breach, credit cards have consumer protection features that debit cards do not.
When it comes to credit cards, you need to be aware of the Address Verification Service (AVS), which is a robust first-line defense tool provided by bank issuers and card processors to merchants in order for them to detect fraudulent transactions.
When a consumer enters their address during checkout, AVS does the following:
- The payment gateway of the merchant transmits this address data to the consumer’s credit card brand (e.g., MasterCard, Visa, American Express, or Discover).
- The card brand then sends that information to the issuer who compares the address with the address saved on file.
- Finally, the issuer sends a quick authorization status and associated AVS response code to the merchant’s payment gateway.
AVS is used when a merchant verifies credit card data like billing address, ZIP code, etc. against the MasterCard/Visa billing information of the cardholder. It ensures that the credit card billing address matches the address given by the consumer.
Let’s check out the pros and cons of credit cards to determine what makes them a better option for online shopping.
Third-party payment services like PayPal are also a great option for online shoppers. With PayPal, you don’t have to provide your bank account or credit card information to every eCommerce site you shop on. Instead, you keep that sensitive information with PayPal.
PayPal is fast, responsive, and easy to use. It works with almost every popular eCommerce site. As you make a purchase, PayPal processes the payment right away.
Google Pay is accepted at more places than people think. It works on most popular eCommerce stores and select supermarkets, restaurants, pharmacies, clothing stores, other retailers that accept mobile payments.
Once you set up your Google Pay account, you’ll be able to use it to make payments online. When you’re shopping in an app, look for a button at checkout that says “Buy with GPay.”
Square Wallet is a free app that lets you pay at hundreds of thousands of online and offline stores using your smartphone. Once you download the Square Wallet app from the Google Play or iTunes App Store, you’ll be asked to enter your credit card information and upload a real photo of yourself.
Most online and physical stores accept debit cards. If you’re paying for a product online, you can use your debit card just like a credit card. Note that you’re not as protected against fraud when using a debit card versus a credit card.
In order to pay with crypto (ie: Bitcoin, Litecoin, etc.), you must have a digital wallet — an app/software. These wallets are somewhat equivalent to having bank accounts.
Monitoring & Recovery
Even if you have taken all the steps outlined above to protect yourself from cyber attacks, there is still a possibility that your data might be comprised due to no fault of your own. Companies get hacked and comprised even with enhanced levels of security. Look no further than Equifax and its debacle in 2017 when the data of 147 million consumers was breached and exposed. (Source) If a company which offers services that help protect consumers from fraud and identity theft can get breached, so can most other companies and services.
This is why Identity Theft Insurance should warrant your consideration. It is designed to cover expenses related to re-claiming your financial identity, repairing credit reports and nullifying unauthorized loans.
When it comes to identity theft insurance, there are three available options:
- Determine whether it’s already included in your home insurance policy
- Add it to your renters or homeowners insurance policy
- Purchase it as a standalone policy
Depending on which policy you decide to go with, identity or fraud transactions insurance usually covers the following expenses:
Before you decide to get a stand alone policy, please speak with your current insurance provider as they typically offer discounted identity theft insurance for existing customers. Understand your policy limits, look for deductibles, and find out what limitations apply.
Monitoring & Recovery
Identity monitoring and recovery services can help serve as an insurance measure that help you recognize identity theft early on and recover. These services will not protect you from fraud or identity theft, but they will mitigate the impact. Monitoring typically includes credit monitoring and identity monitoring which keeps track of the following:
There is a lot of identity and credit monitoring service on the market today and most of them offer similar perks and pricing. Just remember that they will not protect you against fraud or identity theft. There also free alternatives that you can use and we’ve listed them below:
Keep in mind that any credit freeze will restrict you from signing for services that require a credit check. You will have to manually lift the freeze by contacting a credit bureau so that the lender/provider is able to check your credit.
If you are a victim of identity theft or fraud, you will need to visit IdentityTheft.gov and report it first. This is a free federal government service that helps people report and recover from identity theft. They will:
- Guide you through recovery steps
- Produce identity theft report and letters to send to credit bureaus
- Send you reminders and track your recovery progress
- Give you guidance for specific data breaches
This federal service has recovery plans for 30 different types of identity theft which even includes tax and child identity theft.
With Coronavirus forcing many Americans to stay and work from home, the current situation has undoubtedly increased the potential for cyber security fraud and theft. This is especially true for online purchases as many Americans have turned towards eCommerce to fill their needs. Credit card fraud is likely to eclipse 2019’s numbers by a significant amount as more people purchase products online and don’t implement the necessary data protection practices.
There is no 100% proof way to ensure that you are completely protected from data breaches, identity theft and fraud online. However, throughout this guide we outlined best ways to ensure that you minimize your risk whenever you do anything on the web. Taking these steps will significantly reduce your exposure to cyber threats and ensure your data and information is protected.
New fraudulent accounts pose the biggest financial risk to the American public and will most likely to continue in 2020 and beyond. (Source) If you are compromised and your information is obtained by nefarious third parties, monitoring and recovery steps outlined above will help you mitigate the impact.
But most importantly, protect your data at all cost and never reveal anything other than the minimum required information to purchase a product or subscribe to a service. Below you will find a list of other useful resources from government and non profit organizations.
One thought on “The Ultimate Guide To Cyber Security & Data Protection For Consumers”
Thanks for the guide! I did notice a few more covid-19 scams pop up in the last month (https://www.consumer.ftc.gov/blog/2020/04/scammers-are-using-covid-19-messages-scam-people). Bitcoin and webcam extortion scams are also have been a frequent and I’ve received quite a few in my inbox.