The ongoing conflict involving Russia has U.S. officials increasingly concerned that Russia could launch cyberattacks against the United States. Government officials have conducted classified briefings with “companies and sectors” believed to be most at risk. This could include banks and other financial institutions. U.S. cybersecurity officials have issued a “Shields Up” tips and guidance to all organizations, CEOs and individuals and families.
This may have you wondering what you can do to protect yourself. It’s a great time to remind you about best practices you should already be following.
First, many cybersecurity security threats come from what are called Denial of Service attacks against financial networks or websites. Basically, evil-doers bombard the sites with so much traffic that it can cause the site to crash. Or networks can be disrupted in other ways. The goal is to cause the IT folks to be so busy trying to get the website or network restored that they might miss other attempts to breach the network. It’s like someone shooting off firecrackers at your front door so they can slip in the back door.
These kinds of attacks have occurred before. In one of the worst recent incidents, back in 2012-13, attacks by an activist group apparently sponsored by Iran successfully disrupted the websites of more than a dozen large U.S. banks for hours or sometimes days.
So what can you do?
1. Consider having a little bit of extra cash on hand, especially if you’re going out of town, so you’re not stressing if a particular ATM or network is down for a few hours.
2. Make sure that you have a distinct, strong password for every financial site where you have an account. Do not reuse passwords among financial sites and do not use any social media passwords on any other account you care about, including your primary email account, which is generally what’s used to reset other passwords.
3. As always, monitor your financial accounts for any unusual activity. You should check on activity on your primary bank account either online or by phone at least once a week. Every day or every other day is better; it takes only two minutes as part of your morning or evening routine. If you spot a problem, it’s better to catch it early, before fraud or errors drain your account or cause transactions to bounce.
4. Russian cyber criminals may attempt to phish or spear-phish on social media or via email or robotexts to gain entry into corporate sites to crash them. You should never click on links or open attachments in social media accounts or in texts or email if the message or email was unexpected.
It doesn’t matter whether the message claims to be from a well-known entity such as a bank, Amazon or FedEx. It’s easy for bad guys to impersonate trusted entities to trick you into clicking on dangerous material or disclosing personal information.
5. This is a good time to sign up for text or email alerts to your phone so you get real-time notifications of all activity on your bank account, debit card and credit card over a dollar amount that you select.
6. It’s also a good time to sign up for multi-factor authentication through your most important accounts. Basically, if you or anyone else tries to sign into your account from an unknown device or location, the bank or company will automatically send you a verification code to the phone number or email address you have on file. The account can’t be accessed without that verification code, even with the correct username and password. (And don’t ever, ever share these access codes with anyone. A bank or other company will never, ever ask you for the verification code you’re trying to use to log into your account.
7. Turn on automatic updates for all of your software and applications (especially browsers), on your smartphones, laptops, tablets and desktops.
With Ed Mierzwinski, Senior Director, Federal Consumer Program