Blog

6 steps to protect your business’s financial data

As a business, you must protect your consumers’ financial data. If your company’s sensitive, financial information is hacked, you could suffer from financial loss and brand mistrust or damage—and possibly lose customers. Ensuring the safety of your customers’ financial information can be daunting, especially if you’re unsure where to start. Below are six steps you need to take to protect your business’s financial data:

1. Identify critical assets and systems

The first step in protecting your business from cyber threats and securing financial data is to identify the “crown jewels” of your business—the assets and systems critical to your business. This data is considered a high-value target for cybercriminals or without which your business would have difficulty operating.

To start, create a detailed inventory of data and physical assets, and update it routinely. Record the manufacturer, make, model, serial number, and support information for hardware and software. For software, know the specific version that is installed and running. You should also know where data and technology are stored and who can access both.

2. Protect your data and devices

Once you’ve identified your data and devices, how do you protect them? Ultimately, your goal is to build a culture of cybersecurity that includes employees knowing how to protect themselves and the business. You should also understand the cyber risks as your business grows or adds new technologies or functions.

3. Keep your software up to date

Installing the latest security software, web browser, and operating system is the best defense against viruses, malware, and other online threats. Regularly updating your software will ensure your company is not at risk of being exposed to security flaws.

Many software programs will automatically connect and update to defend against known risks—turn on automatic updates if that’s an available option. Automatic software updates allow you to get the latest security fixes as quickly as possible without doing anything.

4. Use strong authentication procedures

Use a robust authentication process, like two-factor or multi-factor authentication, to protect access to accounts and ensure only those with permission can access them. Multi-factor authentication (MFA) adds layers of security, typically by sending a one-time password generated in real-time, making it harder for hackers to crack. MFA can reduce security breaches by up to 99%—allowing you to protect your business’s sensitive information.

This also includes enforcing secure passphrases. A strong password is at least 12 characters long and combines letters, numbers, and symbols. Do not use sequential letters or numbers, like “qwerty” or “1234.” It’s also recommended to use separate passwords for different accounts. Using the same password for every account could be detrimental in a security breach. If you use the same password for your social media account and (for example) your POS system, your customers’ financial information could potentially be stolen if your social media accounts were hacked.

5. Back up data

Back up your data by implementing a system—either in the cloud or via separate hard drive storage—that regularly makes electronic copies of essential information. If you have a copy of your data and your device falls victim to cyber threats, you can restore data from a backup.

Use the 3-2-1 rule as a guide to backing up your data. The rule is to keep at least three (3) copies of your data and store two (2) backup copies on different storage media, with one (1) of them located offsite. Limit access to data or systems only to the employees who require it to perform the core duties of their jobs.

6. Keep a clean and secure device

Your company should have clear rules for what employees can install and keep on their work computers. Employees installing unapproved software poses a major threat and could compromise sensitive data.

Employees should also know not to open suspicious links in emails, tweets, posts, online ads, messages, or attachments—even if they know the source. Employees should also be instructed about your company’s spam filters and how to use them to prevent unwanted, harmful emails. Encourage employees to keep an eye out and say something if they notice anything strange on their computers.

Protecting your customers’ sensitive financial data is one of the most critical aspects of owning a business. Over the next few months, we’ll share greater insight and tips on other ways to safeguard your business and protect your customers’ financial information. In the meantime, we offer additional resources to brush up on your financial education with ACHIEVE for consumers and small businesses. Click here to start learning today.

Why should you update your software?

As your trusted financial institution, we believe it’s crucial to ensure our members know how they can protect their financial information. One of the easiest ways to keep your information secure is to keep your phone or computer software and apps updated. It’s necessary to update your software regularly to ensure hackers can’t access private information, like your Social Security number or bank account numbers. Below are four best practices for updating your software:

Update often

Always keep your software updated when updates become available and don’t delay. These updates fix general software problems and provide new security patches where criminals might get in. Hackers are always looking for new ways to get to your data through software, so updating your software is an easy way to stay a step ahead.

It’s better to install software updates as soon as they’re available. If you can’t, a good rule of thumb is to check for significant software updates weekly. You should also regularly back up your data to protect it from accidental loss.

Get it from the source

When downloading a software update, only get it from the company that created it. Never use a hacked, pirated, or unlicensed version—even if your friend gave it to you. These often contain malware and cause more problems than they solve.

Using unlicensed or pirated software can have severe consequences. Not only does your personal information become vulnerable to cybercriminals, but it’s also illegal. Using or distributing pirated software violates copyright law, and you could face up to $150,000 in penalties. You can even face up to five years in prison.

Make it automatic

Legitimate software usually provides an option to update your software automatically. Automatic updates allow you to get the latest security fixes as quickly as possible without doing anything. You can let your device do all the work when newer software or app versions are available.

There are some reasons to disable automatic updates. If you like knowing what changes or improvements are coming to apps or software, you can turn off automatic updates to keep yourself informed. Turning off automatic updates also allows you to control when they happen. But, some app or software updates involve critical security fixes that hackers actively seek. If you disable automatic updates, stay tuned to any announcements the developer may have about security updates to keep data secure.

Watch for fake software updates

Maybe you’ve seen pop-up windows when visiting a website or opening software that urgently asks you to download something or fill out a form. These are always fake and should not be followed. A browser will only warn you not to move forward or stay on a specific web address because it might not be secure or could contain malware.

Some phony software updates are more distinguishable than others. Pop-ups informing you that your device is infected with a virus or malware play on fear—and if you click on that pop-up, you’ll unknowingly install a virus or malware. Legitimate anti-virus software developers don’t use pop-up ads.

One of the most devious methods is receiving a notification via email that you need to update your software. You’ve provided your email address to the software company, and it’s reasonable to expect email communication about updates. Pay attention to the sender’s email address if you suspect something is off.

Following the above steps is essential to securing your personal and financial information. This is the second in a series of cybersecurity education posts to help you stay safe online. Over the next few months, we’ll share greater insight and tips on other ways to safeguard your online presence. In the meantime, we offer additional resources to brush up on your financial education with ACHIEVE for consumers and small businesses. Click here to start learning today.

10 ways to stay safe online

Protecting information and securing systems and devices is an essential task that seems like an afterthought to some. However, it’s crucial to stay safe online to protect your personal and financial information. There are many steps individuals can take to enhance their cybersecurity without requiring a significant investment or the help of an information security professional. Below are ten tips you can put into action now:

1. Keep your software up to date

Keep all software on internet-connected devices—including personal computers, smartphones, and tablets—current to reduce risk of infection from ransomware and malware. Outdated software is vulnerable to hackers looking to steal personal information, like usernames and passwords, bank account numbers, or even your Social Security number. Configure your devices to automatically update or to notify you when an update is available. If you don’t enable automatic updates, it’s recommended to install software updates as soon as they roll out or check monthly.

2. Enable multi-factor authentication

Two-factor authentication or multi-factor authentication (like biometrics, security keys, or a unique, one-time code through an app on your mobile device) is a simple way to keep your financial information secure, and you should use it whenever offered. If a password is hacked, guessed, or phished, it’s not enough to give the intruder access without the second form of authentication—thus rendering it useless.

Two-factor authentication varies across platforms, but the overall process is generally the same. For example, you log in to your bank account with your username and password. If entered correctly, the server will send an authentication code to a secondary device, typically via text or email. You’ll then enter the unique code to confirm your identity and gain access. If someone is attempting to access your account, they won’t be able to without the authentication code.

3. Use long, unique passwords

Use a long, unique password to keep your accounts secure. A strong password is at least 12 characters long. Focus on positive sentences or phrases that you like to think about and are easy to remember, while also using a combination of letters, numbers, and symbols. Do not use sequential letters and numbers, like “qwerty” or “1234.”

It’s also important to use separate passwords for different accounts. Around 66% of Americans use the same password for more than one account, which can be detrimental if there is a security breach. If you use the same password for your social media accounts and online banking, your financial information can easily be stolen if your social media password were to be hacked.

4. Use a password manager

It’s hard to keep track of multiple complex passwords, but avoid writing your passwords on paper or storing them on an unprotected device. The best way to manage unique passwords is through a password manager application. A password manager is software created to manage all your online credentials like usernames and passwords. It stores them in a safe, encrypted database and also generates new passwords when needed.

There are various free or cheap user-friendly password manager applications that can be used to securely store your information across multiple devices. Bitwarden offers a free personal plan that allows you to store unlimited passwords, use the app on unlimited devices, free sharing for two users, and more. They also offer a family plan for $40 per year that allows up to six users, encrypted file sharing, emergency contacts who can access your vault in case of an emergency, and more.

5. Think before you click

Links in emails, tweets, texts, posts, social media messages, and online advertising are the easiest way for cyber criminals to obtain sensitive information. Be wary of clicking on links or downloading anything that comes from a stranger or that you were not expecting. Clicking on unknown links or opening attachments may install malware, like viruses, spyware, or ransomware, on your device. The software is covertly downloaded, so you won’t notice until it’s too late.

If you do accidentally click an unknown link, disconnect your device from the internet and ensure your files are backed up. Next, scan your device for malware, then change your usernames and passwords. Lastly, set up a free fraud alert on your credit report with one of the three major bureaus: Experian, Equifax, or TransUnion.

6. Report phishing attempts

If you’re at the office and the email came to your work email address, report it to your IT manager or security officer as quickly as possible. Procedures vary between organizations, so be sure you know your company’s policy for reporting phishing attempts.

If you’re at home and the email came to your personal email address, do not click on any links (even the unsubscribe link) or reply to the email. Delete the email altogether. You can take your protection a step further and block the sending address from your email program, too.

7. Use secure WiFi

Public wireless networks and hotspots are not secure, which means that anyone could potentially see what you are doing on your laptop or smartphone while you are connected to them. Limit what you do on public WiFi, and avoid logging in to key accounts like email and financial services. Consider using a virtual private network (VPN) or a personal/mobile hotspot if you need a more secure connection.

VPNs encrypt your online traffic and anonymize your location, allowing you to browse safely and securely. Even if your traffic is intercepted, hackers can’t view your activity. VPNs are becoming increasingly popular due to the ability to unblock geo-blocked content on streaming platforms, and they’re also user friendly.

8. Back up your data

Protect your valuable work, music, photos, and other digital information by making an electronic copy and storing it safely. If you have a copy of your data and your device falls victim to ransomware or other cyber threats, you will be able to restore the data from a backup. Use the 3-2-1 rule as a guide to backing up your data. The rule is: keep at least three (3) copies of your data, and store two (2) backup copies on different storage media, with one (1) of them located offsite.

9. Check your settings

Every time you sign up for a new account, download a new app, or get a new device, immediately configure the privacy and security settings to your comfort level for information sharing. Regularly check these settings to make sure they are still configured to your comfort.

10. Share with care

Think before posting about yourself and others online. Consider what a post reveals, who might see it, and how it might affect you or others. One popular trend on social media consists of answering a list of personal questions, such as the name of your first pet or the street you grew up on. Many of those are common security questions, and you’re unknowingly distributing those answers for hackers to view—and potentially gain access to your financial information.

Following the above steps is essential to keeping your personal and financial information secure. This is the first in a series of cybersecurity education posts meant to help you stay safe online. Over the next few months, we’ll share greater insight and tips on each of the topics mentioned above. In the meantime, we offer additional resources to brush up on your financial education, with ACHIEVE for consumers and small businesses. Click here to start learning today.

Top identity theft scams on the rise

Did you know that in 2020 alone, the Federal Trade Commission (FTC) received nearly five million fraud reports from consumers? And while we hate to be the bearer of (more) bad news, that statistic does not include those consumers who may not have realized they had experienced fraud, meaning the number is probably even higher. One of the top categories of reported fraud is identity theft, which is becoming more of an issue as we venture further into the digital age. So how do you avoid becoming an identify theft scam’s next victim? In this case, information is power—so read on to learn how to recognize some common identity theft scans.

Prizes, lotteries, and contests

We’ve all gotten those spam texts that congratulate us for entering a contest we don’t remember signing up for, complete with a link to click on to claim our prize. Read carefully: never click on strange links.

Even if you just click on one of these fraudulent links without entering additional information, many of these website and services have the ability to gain valuable information that is stored elsewhere—like on your Google Chrome account or from your Facebook app. If you do click on a link by mistake, exit ASAP and monitor your credit and other activity to ensure your personal info stays safe.

Password passivity

It’s hard to keep up with all your passwords—between social media, email, job-related resources, and even your home alarm keycode, you probably feel the need to keep your passwords simple and easy to remember. But you should know that using these simpler passwords makes it easier for scammers to gain your personal info—especially if you don’t change your password often.

Create passwords that don’t include your birthday, kids’ names, favorite pet, or your mother’s maiden name—this is all info that anyone can look up online. Instead, create passwords that are difficult to guess and include a lot of variables, like capital and lowercase letters, numbers, and special characters. Bonus: you can use an online password storage system to help you out… just be sure to change your password to whatever service you use.

Unsolicited calls or emails

Raise your hand if you have gotten at least three calls today about your car’s supposed warranty expiring. The rate of spam calls has risen dramatically over the last few years, and while many of us know better than to trust the person talking about a nonexistent warranty, you should also know that many spam callers are working smarter to get you to take their call.

For instance, many spammers now use a local number that will increase the odds of you answering the call. Spammers also use email to personalize messages to you that seem legit enough to stay under the radar of your system’s spam filter. Use your common sense for these—if you didn’t purchase a “car warranty,” it can’t have expired. Send those calls to voicemail and then block the number or hit the “mark as spam” button and delete any weird emails you receive.

High-pressure communicators

You’re on LinkedIn when you get a private message asking you to consider a job opportunity. The person’s profile seems legit, Googling the company yields some results, but something about the message doesn’t ring true. Before you can answer, the person messages again, telling you that you must decide quickly. This is a red flag situation—legitimate potential employers will not ask you to decide on a job online within a matter of seconds.

These high-pressure tactics are also used by some spam callers who try to convince you that your social security number has been compromised or that you are under arrest and the police are on the way. If you’re not sure about the legitimacy of a caller or messenger, ask for their info to call them back (which they will probably not give) and do some research on your own. If it feels wrong, trust your instincts.

Ignoring data breaches

As much as we wish it didn’t happen, data systems can fail, sometimes leaving your information vulnerable. When this happens, the company who was breached will contact you or post a public announcement, but it’s up to you to update and secure your information, usually by changing a password. Even reputable businesses can experience data breaches, so don’t think you don’t have to take a threat seriously just because you feel confident in the business.

While you may not think that a data breach from your favorite pizza place matters, consider how many times you have ordered online from this restaurant, and whether your credit card info may be stored in their data. Small issues can turn into big ones when it comes to strangers having access to your finances.

Scams designed for kids

It seems especially wrong to scam a child, but, unfortunately, it’s been known to happen. Even older kids don’t always understand that a nice person asking them for personal information may have bad intentions, so it’s important to talk to your kids about what kind of info they should share with strangers.

If your child enjoys playing online games where purchases can be made, lock down the accounts as much as possible to avoid being defrauded by another player. Even features like the chatrooms available on many games can be used as avenues to gain personal info, so monitor your kids’ chats (or turn the feature off) to make sure they are not oversharing.

It may seem like identity theft is inevitable—but it doesn’t have to be. You can take steps to ensure the safety of you and those around you by implementing some simple safeguards. Change your passwords often, don’t answer sketchy calls, always double check that your emails are from a legitimate source, and get into the habit of treating your personal information like the invaluable resource it is. Not saving passwords on websites might seem unnecessary now, but the potential of undoing a web of financial fraud makes these extra steps worth it.

Are you high risk for identity theft?

Young adults ages 18-24 are most at risk for identity theft and often targeted by people they know. But, it’s vital to understand and recognize that identity theft can happen to anyone—even you! Identity theft may not seem like a big deal until it happens to you. It can damage your credit report and financial history as a young adult. Knowing this, it’s crucial to safeguard your financial information—but what does that mean? Here are five ways you can keep yourself from being at risk for identity theft:

Don’t leave out credit or debit cards

It’s as simple as it sounds—don’t leave your credit or debit cards lying out, whether you’re at home or in public. For example, you’re at a restaurant and pay for the check. You leave the table for a few minutes to run to the bathroom—in that short period, someone could easily and quickly snap a photo of your credit or debit card and use that information to their advantage. You’d never know, either, until you check your bank account, your account is drained, and there are dozens of unfamiliar charges. An easy way to combat that is by putting your credit or debit card in your wallet as soon as you’re finished using it.

Don’t leave your wallet in an unlocked room or office

You may think your office is one of the safest places to leave your wallet, and that could be the case—but only if your office is locked. Anyone could walk by while you’re gone and grab your wallet that contains sensitive information, from your credit and debit card numbers, driver’s license number, and more. It seems tedious, but if you’re leaving your office, even for just a second, be sure to lock the door if you can. If you can’t, bring your wallet with you.

Safeguard personal documents

Lock up and protect any documents that contain personal information like bank account, Social Security, and personal identification (PIN) numbers. Your best bet is to store them in a safe deposit box at your financial institution or credit union. If you have copies of those documents or want to keep the original documents with you, purchase a fireproof safe for at-home storage. You can purchase a fireproof safe with a locking mechanism for less than $50. Not only does it protect you from identify theft, but it also safeguards those documents in the event of an emergency, like fires or floods. And, be sure to shred receipts, credit card offers, and bank statements at least once per month.

Keep your guard up

Never provide financial information over the phone, via text, or email. One scam on the rise, called spoofing, allows fraudsters to fake the number they’re calling from by making a fake number appear on your caller ID. It can be easy to fall for, as the number could appear to be your bank’s phone number. They may say there’s a charge on your account you need to verify, or you may receive a fake text message. Remember, financial institutions (or any legitimate organization) will never ask for your Social Security number, card number, PIN, CVV, or expiration date.

Monitor your accounts

In addition to protecting your information, it’s necessary to monitor it, too. Checking your bank account or credit card activity often can help you recognize identity theft sooner. If you notice any suspicious activity, it’s a good idea to freeze or lock your debit or credit card so no one can use it, and contact your credit union or financial institution immediately. They can ensure you aren’t penalized for these transactions, help you get your money back, and ensure your card is replaced promptly. You should also periodically check your credit report to ensure no one opened any new accounts in your name. As a Georgia resident, you can request free copies of your credit reports through each of the three credit bureaus for free up to three times per year.

It may seem scary, but protecting yourself from identity theft is a necessary measure in today’s world. Your financial history is crucial in nearly every aspect of your life, and it’s critical to ensure no one gains access to personal information to potentially damage that. By implementing these measures, you’re taking control of your finances and preventing yourself from becoming someone’s next target.

Fraud alerts: COVID-19 scams to look out for

With so much uncertainty in our world right now, the presence of COVID-19-related fraud and scams is an unfortunate reality. Now, more than ever, it’s important to be vigilant about your protected information and, as your financial institution, we’re committed not only to providing the utmost security for your accounts, but also to increasing awareness around common schemes. We’ll keep an updated list of known scam attempts and tips to stay safe, so check back often to remain in the know. And remember: we will never call you and ask for your account information, social security numbers, or other sensitive material.

The FTC is a great resource for consumers during this time. See below for their recommended best practices and visit their website to learn more.

• Don’t respond to texts, emails, or calls about checks from the government. Here’s what you need to know.
• Ignore online offers for vaccinations. There are no products proven to treat or prevent COVID-19 at this time.
• Be wary of ads for test kits. The FDA recently announced approval for one home test kit, which requires a doctor’s order. However, most test kits being advertised have not been approved by the FDA, and aren’t necessarily accurate.
• Hang up on robocalls. Scammers are using illegal robocalls to pitch everything from low-priced health insurance to work-at-home schemes.
• Watch for emails claiming to be from the CDC or WHO. Use sites like coronavirus.gov and usa.gov/coronavirus to get the latest information. And don’t click on links from sources you don’t know.
• Do your homework when it comes to donations. Never donate in cash, by gift card, or by wiring money.

Be on the lookout for some of these trending scams being reported from the FTC. This blog post is a great way to stay in touch with what other consumers have seen as well.

• The top complaint categories relate to travel and vacations, online shopping, bogus text messages, and all kinds of imposters.
• While reports of robocalls are way down overall, we’re now hearing about callers invoking the COVID-19 pandemic to pretend to be from the government, or making illegal medical or health care pitches, among other topics.
• If you’re getting calls, emails, or texts, or you’re seeing ads or offers online, keep a few things in mind: First, the government will never call out of the blue to ask for money or your personal information (like Social Security, bank account, or credit card numbers). And second, anyone who tells you to pay by Western Union or MoneyGram, or by putting money on a gift card, is a scammer. The government and legit businesses will never tell you to pay that way.
• The big states have, not unexpectedly, the biggest number of reports. You can check out how many people are reporting what in Georgia.

Below are some additional tips from the Department of Justice’s National Center for Disaster Fraud. If you believe you are a victim of a scam or attempted fraud involving COVID-19, you can report it without leaving your home by calling their hotline at 866.720.5721 or via the NCDF Web Complaint Form.

• Be cautious of unsolicited healthcare fraud schemes of testing and treatment through emails, phone calls, or in person.  The U.S. have medical professionals and scientist working hard to find a cure, approved treatment, and vaccine for COVID-19. Learn more about what to avoid
• Be the lookout for an increase in cryptocurrency fraud schemes including but not limited to blackmail attempts, work from home scams, paying for non-existent treatments or equipment, or investment scams. Read more on how to report these scams
• Be wary of unsolicited telephone calls and e-mails from individuals claiming to be IRS and Treasury employees.  Remember, the IRS’s first form of communications is by mail—not by phone. Learn more about fraudulent schemes related to IRS