With the steady rise of smart devices, the Internet or Things (IoT), and the way everyday people use the Internet, the data that quantifies a person’s life are like digital breadcrumbs left by mobile devices, online browsers, and payment platforms. While this is happening, people will be more and more susceptible to identity theft and other online threats.
The 2018 FBI Internet Crime Complaint Center (IC3) report shows the scale of these threats. For example, personal data breaches were among the top reported cybercrimes in 2018, with 50,642 victims. These amounted to losses over $148.8M. The message is clear: Users and businesses need to protect their sensitive data from online attackers.
How can attackers steal personal data?
Attackers use plenty of techniques to steal information for their victims. The hackers may choose to:
- Use phishing scams, often spoofing emails to appear being sent by legitimate entities (the IRS, banks, insurance companies, etc.)
- Try accessing different accounts by using stolen login credentials from other sites or by using tools to test easy-to-guess passwords like “password” or “123456”
- Exploit vulnerabilities on websites and apps as means to “enter” a device or network
- Create legitimate-looking mobile apps that can sift through a device’s files and information
- Snoop and steal private data (like banking credentials) when users log in to accounts through public WiFi
Protecting personal and confidential data
Given the prevalence of identity theft and other online threats, there’s still plenty users and businesses can do to safeguard their data:
- Manage account passwords. Use unique and long passwords, avoid using the same password for all accounts, and regularly update them. Try using a password manager to efficiently handle all passwords. Enable two-factor or multi-factor authentication (2FA/MFA) whenever it is available.
- Avoid opening email attachments and clicking on malicious links. Social engineering can start with an innocent-looking email asking for information. This can lead to malware getting into a system, which can be used to steal personal data. Use a spam filter to block likely phishing emails.
- Bookmark trusted websites, especially those frequently used for online shopping. This will prevent users from accidentally landing on the wrong website, which may have been designed to take advantage of people that commit the same mistake. Attackers can easily slip malicious code or links that direct to malicious sites that phish for personal information.
- Limit sharing on social media. Be mindful of the amount of information that’s placed on social media networks, such as location, financial information, and other private details.
- Download apps from official mobile app stores. This reduces the chances of encountering fraudulent or malicious apps.
- Avoid connecting to public WiFi whenever accessing sensitive accounts.
- Keep devices updated and secure. Keep devices and apps on the latest versions to minimize the risk of vulnerability-led attacks. Use multilayered security solutions for all devices and networks.
Copyright © 2023 SCORE Association, SCORE.org
Funded, in part, through a Cooperative Agreement with the U.S. Small Business Administration. All opinions, and/or recommendations expressed herein are those of the author(s) and do not necessarily reflect the views of the SBA.