Personal Security 101: A Minimalist Approach to a Complex World
With a bright and connected future comes an underworld of malevolent activity sending shockwaves through an unprepared society. Stolen login credentials and payment information resold on the black market for pennies on the dollar, bottom-feeding phishing attacks and robocallers flooding inboxes, and ostentatious dollar washing via cryptocurrency exchanges are high volume examples of the ease in today’s ever-evolving cyber con game. Cadres of criminal specialists have been draining financial nest eggs faster than Tony Soprano and Richie Aprile tapped out Davey Scatino’s credit lines at his sporting goods store in the “Bust Out” episode. Welcome to the 21st century.
Of course from a personal standpoint, there are general security best practices that can help flatten the bumpy ride, such as the following..
Creating Strong Passwords
- Create site-unique passwords that use a combination of words, numbers, symbols, and upper and lower-case letters
- Never repeat passwords across multiple sites (especially financial institutions)
- Don’t use private details or your network username as your password
- Don’t store your password list in plain sight
- Don’t use neighboring keyboard combinations such as “qwerty”
- Make it strange and random (i.e. your favorite sports team mixed with the average cost of lunch in Mumbai)
- Don’t use words from the dictionary (free password-cracking tools come with dictionary lists that will try numerous common name and password combinations)
- Use a password manager (i.e. 1Password, LastPass, or DashLane)
Banking Alerts
- Turn on all financial institution email/text alerts for “irregular account activity”, “card not present” (online) transactions, “cash withdrawals”, “foreign transactions”, and potentially any purchases over a certain amount (i.e. $100)
Multi-Factor Authentication
- If a site supports it, enable MFA
Phishing Protection
- Check where a link is taking you before you click it by resting your mouse cursor on the link and examining the URL
- Institutions will never use email to request for you to reply with your password, social security number, or personal information
- When receiving a questionable email, separately contact the supposed institution sending the message to confirm it’s legitimate
- Never send personal details via email (banking institutions will never request this)
For Businesses
- Document corporate policies concerning what’s real and communicate to consumers
- Implement anti-virus, content-filtering, and anti-spam solutions
- Require a browser extension that will prevent employees from clicking on bad links
- Monitor for widespread phishing attempts/sites
- Create a fake phishing campaign to test who clicks
- Cyber Security Training session (game, quiz) to test vulnerable employees and see who’s paying attention
The future of tomorrow.
Cybercrime is an ever-growing problem, like LeBron James vs Michael Jordan comparisons or man buns. Nothing we do will prevent the inevitable attacks, but we can continue to get smarter and keep our spidey senses perked. The technology to protect us will only continue to get stronger, yet without our own developing awareness we will be simple koi fish in a pond surrounded by beavers. It won’t make too much sense, but we’ll have our identities scooped up left and right faster than a Mike Tyson combo punch.
Stay positive, but don’t forget to protect yourself out there. And remember, FanDuel will never ask you to provide confidential personal information over email.
Stay tuned as we continue our security series, with more to come on how we manage passwords, setup multi-factor authentication, and protect our users over at FanDuel!!
