What you may not know about cyber security and keeping your personal information safe
What tech companies are already doing and simple things you can do to protect yourself
Whether you're shopping online, or tapping your smartphone to pay for a latte, detailed passwords and two-step authentication systems can make you feel safe. However, as we become more connected, we may be trusting our increasingly-smarter devices — as well as websites, apps, and software — a little too much.
According to technology expert Marc Saltzman, the amount of personal information that hackers are stealing is significant. "The first half of 2019 saw nearly 4,000 publicly-disclosed data breaches, and those are just the ones we know about." Not only did these breaches expose an inconceivable 4.1 billion compromised records, three of them made the list of top 10 data breaches of all time.
What's different about today's hackers is that "they're no longer sitting behind a computer sending out email after email," says Saltzman. Their software is getting more sophisticated and they're able to launch more strikes in a variety of automated ways.
Common hacker tactics
Social engineering is a deceiving practice where hackers trick an individual into volunteering personal information and then use it to set up fake accounts elsewhere.
Malicious software, also known as malware, is software that's intended to steal personal information or damage a device. It can come from a number of places, including file-sharing sites such as WeTransfer, phony apps or a link in a fraudulent email.
Credential stuffing is a practice where hackers obtain an individual's personal information. Then, they create a piece of code that allows bots to use said information to attempt to log in to bank accounts and social media sites. Since many of us use the same password on our devices and accounts, this strategy can be effective for obtaining access on a number of platforms.
Ransomware is software that gains access to a device through malicious software and locks the user out. To regain access, the user is asked to pay a ransom, usually in untraceable cryptocurrency, notes Saltzman.
What one tech company is doing to protect consumers
So what do hackers actually do with your personal information? "Some of them will use it for themselves," says Johan Gerber, executive vice president of security and cyber innovation at Mastercard. "But most of them...will sell it on what's called the dark web, where other criminals will buy it and use it in big scale attacks."
As hackers become more and more skilled at their craft, tech companies have followed pace. For example, Mastercard has spent millions of dollars on protection systems for small businesses and consumers, such as tokenization, which masks a credit card number with a randomly generated series of numbers, biometric authentication such as facial or thumbprint recognition, and artificial intelligence (AI). In fact, the company has been using AI for many years across its network to enable customers to mitigate risk in the fraud and security space. "The sheer size of our network puts us in a unique position to help our customers implement AI solutions. These solutions identify and prevent system-wide risks, and safeguard payments globally," says Gerber.
That means, before a purchase can be completed, a consumer and their device may be required to verify that they are who they say they are via biometric authentication and a texted verification code. After a purchase is made, Gerber explains that AI not only looks at the specific transaction to make sure it matches the buying pattern of the cardholder, it also scans the dark web via their identify protection program. "If someone has stolen your credentials and they are trying to sell it online, we'll actually find those and alert you," Gerber explains. Mastercard also provides guidance to consumers to help restore their identity if the worst happens. "We are doing everything we can to prevent it, but in the case that something does happen, we'll do everything we can to help the consumer recover and get back on their feet," says Gerber.
Because the digital experience has the potential to enrich life in so many ways, Gerber says he doesn't want consumers to be so scared that they don't embrace technology. And while companies like Mastercard are working 24/7 to keep personal information safe, there are things consumers can do to protect themselves as well.
How to protect yourself
Set up passwords that are strong and unique. Saltzman defines a good password as having at least seven characters and a combination of numbers, letters (upper and lower case) and symbols.
Don't use the same password for everything. Saltzman suggests using password manager apps because, by a process of elimination, they may be the safest choice. "That's not to say that these password apps can't be hacked, but it's pretty rare. They have bank grade security." He also brings up the option of passphrases, which are passwords made up of a full phrases, where the first letter of every word in the phrase is capitalized. Just keep your passphrases unique.
Change your password often. If your credentials do end up on the dark web, you definitely want them changed before they're sold.
Enable two-factor authentication on all your online activity. "It combines something you know with something you have," says Saltzman. Often, that means a password combined with a touch of your fingerprint, or a password along with a code that's sent to your phone.
Use reputable software. For instance, don't use your cousin's free software that she got somewhere... for free. "Those things are really dangerous," warns Gerber. It's worth paying for the security, because the consequences can cost you far more.
Keep the software on your devices updated. "When software ships, it's never finished," says Saltzman. "It's good enough to release and to have people use, but they always find vulnerabilities and they patch it." Set your operating systems, browsers, and other programs to update automatically if you can, or check them regularly.
Backup your important information on a hard drive or cloud storage. This way, as Saltzman points out, if you are caught in a ransomware scam, you have a copy of your data, so you can just unplug your computer and reformat it. And change all your passwords, of course.
Don't use wifi hotspots. If you absolutely have to, Saltzman suggests keeping it to basic tasks like reading the news — never conduct financial transactions on public wifi.
Use a virtual private network (VPN). This is a free or paid tool that encrypts your data and offers online anonymity. Your location services won't work — but American Netflix might. Express, Nord, and Betternet are three VPNs Saltzman suggests looking into.
If you own a small business, take advantage of available resources. In partnership with the Global Cyber Alliance, an international, cross-sector effort dedicated to eradicating cyber risk, Mastercard has created the Global Cyber Alliance Cybersecurity Toolkit. It's a free online resource that offers small businesses basic security controls and guidance, including operational tools, how-to-materials and best practices.
Be prudent and don't believe everything you see and hear. "Criminals will try and deceive you," warns Gerber. "And when someone tells you they're going to pay money into your account, please don't believe them. It's never going to happen."
This is paid content produced on behalf of Mastercard. This is not CBC journalistic content.