Cyber criminals attack not only businesses. Individuals and their families can be equally valuable and more vulnerable targets. Unlike institutions, most individuals have invested little time or money into fortifying their defenses, and lack an awareness of the cyber predators stalking them and their families. Individuals also often retain meaningful liquid assets in accounts that lack proportionate security controls.
Cyber criminals do not need to devote extensive resources to hacking a sophisticated institution hoping for a large payday when they can score numerous smaller $10,000 to $50,000 hits with comparatively little effort. The following outlines the steps that individuals should take to protect themselves and their families against cyber threats.
1. Family Risk Assessment and Education. Like a business, an individual should start with a risk assessment performed by a cybersecurity professional, to identify the particular vulnerabilities that exist within the family and its residential network(s), personal devices, Internet connected equipment, homes, vehicles, financial accounts, etc. While most families have common security gaps (a few are discussed below), each family is unique, and safeguards to mitigate the risks should be tailored to each family’s circumstances. The risk assessment also initiates the educational process – of the client as well as the spouse, teenage and young adult children, personal employees and assistants, and other people integral to managing the family’s affairs – about the existence and importance of security safeguards. Often additional education is necessary later as well, particularly with respect to threats associated with social media, financial accounts, social engineering, shared use of electronic devices, public/school wireless networks, domestic and international travel, and other threats specific to the family.
2. Identity, Credit, and Financial Account Protection. The world is plagued by data security breaches that endanger the personal information of us all. It is therefore important that everyone have proper identity, credit, and financial protection. An individual is just as likely (if not more likely) to become a victim (or already unknowingly be a victim) of identity or credit theft as the individual is to be involved in an auto accident, and most of us would never consider driving without auto insurance. Protection starts with obtaining credit bureau reports for each family member, and examining them for and eliminating fraudulent and unused accounts. The credit bureau accounts should be frozen or locked, preventing third parties from accessing the accounts or initiating credit without permission. The most important step for many individuals is purchasing a membership for all family members in a program that monitors their identities and credit, provides fraud specialists who will take the steps necessary to repair a stolen identity and extinguish fraudulent credit, and reimburses for cyber financial theft and extortion.
3. Residential Networks and Personal Devices. Residential wireless networks, personal computers and mobile devices, and Internet connected equipment in homes rarely have the same safeguards deployed by businesses, even though such protections are available and relatively affordable. A residential firewall can be implemented that monitors all data entering, exiting, and flowing within the networks of the family home(s), which detects and prevents malicious activity. A virtual private network, or VPN, can be added to extend that protection to laptops and mobile devices whenever outside the family’s protected networks.
4. Financial Account Security Controls. Individuals with significant liquid assets are particularly valuable and vulnerable targets for financial crime. Every account with a bank or financial institution or advisor should be configured to require a complex password as well as a second factor of authentication to access the account. Additionally, controls should be added to require separate and verified authorization for significant transactions, particularly transactions involving a child’s bank or financial account.
5. Credentials and Online Accounts. Individuals and their families use a plethora of online accounts, like social media, email, cloud storage, education, physical and mental fitness, online retail, etc. Because these multitudes of accounts require passwords, individuals often use weak ones and the same password for multiple accounts, meaning that a compromise of one password yields access to many accounts. A password management application can be deployed on all family computers and mobile devices, facilitating unique and strong passwords for all online accounts, as well as ensuring that passwords are centrally managed. Additionally, accounts that contain personal information, or that could cause reputational harm if misused, should be configured with multi-factor authentication.
Individuals are just as valuable and vulnerable targets of cyber crime as businesses. You need to protect yourself and you family with respect to information and financial cybersecurity.
Cam Shilling chairs McLane Middleton’s Information Privacy and Security Practice Group. Other members of the team include attorneys John Weaver, Annie Cho, and Katelyn Burgess and technology paralegal Dawn Poulson. Founded in 2009, the group assists businesses and private clients to improve upon their information privacy and security compliance, and address any security breach or incident that may arise