Technology has made it possible to complete virtually any transaction from the comfort of your home (or office, or cafe, or train…) and, with a record $6.59 billion spent online on cyber Monday last year, Americans are taking advantage of the convenience of shopping online.
From online and mobile banking to online shopping, with the number of online transactions and purchases increasing every day, failing to adhere to data privacy best practices could be a costly mistake. However, technological vulnerability isn’t a concern for consumers alone. Governments, financial institutions, businesses and not-for-profit organizations have a responsibility to manage the risk to any personal data they store.
What BECU is Doing
Here at BECU, we’re working hard to stay ahead of potential security vulnerabilities. Just a few days into 2018, security researchers released reports on two major flaws that exploit vulnerabilities in central processing units (CPUs), which run everything from computers to phones to flat screen TVs.
Known as Meltdown and Spectre, these two security vulnerabilities pose a significant and widespread risk. To date there have been no reports of known attacks from Meltdown and Spectre, but these vulnerabilities could allow cybercriminals to read the memory of a vulnerable system, which could potentially include passwords or other sensitive data stored on the CPU.
Rest assured that BECU is taking the appropriate steps to address this potential risk. We're closely monitoring our CPUs and doing our part to protect our members' personal information.
As part of our standard vulnerability management program, BECU aggressively monitors for potential vulnerabilities and prioritizes mitigation to ensure critical systems are safe. BECU has reviewed all systems within our environment to identify suspect versions, and will apply vendor patches as necessary to complete our due diligence.
We will continue to monitor for additional fixes and attack scenarios, and will update this post if we have more information to share. If you have questions, please contact a BECU representative at 800.223.2328.
What You Can Do
You can help keep your personal data and financial accounts safe by following these important steps:
Keep up with software and device updates
The best thing you can do is keep your software and device updates current, including your antivirus software. One of the simplest hacking methods used by fraudsters is to take advantage of out-of-date software, browsers, or antivirus software.
In terms of Meltdown and Spectre, software and hardware manufacturers will release fixes and patches as they become available. We recommend installing these updates as soon as possible. Turning on automatic updates will help protect your software and devices. You can also do some research online to learn more.
Use complex and different passwords
Don’t use the same password for any two different properties, and definitely don’t use the same password on low-security sites like chat-rooms or social media as you would use for your online banking login. Your passwords should be long, complex, unique, and contain numbers, letters (both uppercase and lower case) and symbols.
Some experts advise that you should change your password every 90 days. This might be a bit extreme, but it is definitely worth considering. At the very least try to change your passwords annually. Also, ensure you change your passwords anytime you think there may have been a security breach.
Use a trusted virtual private network
A virtual private network (VPN) will route your Internet traffic through intermediary networks, making it much harder to track your online activity. Free VPNs are available but come with their own security risks, so do your research and choose a trusted VPN instead.
Use two-factor authentication
Two-factor authentication means that whenever you login, you will have to type your password (the first factor of the authentication) and then confirm a code sent you via SMS or email (the second factor). Google, Apple, Amazon, and many other sites now provide the option to use two-factor authentication.
Use a password on your mobile device
When it comes to your mobile device, having your social media “hacked” by a friend should be the least of your worries. With the growing use of mobile banking and shopping applications it could take just minutes for your phone to fall into the wrong hands, your data stolen, and then your phone returned to your pocket without you even knowing. That’s why having a complex password on your mobile device (or a biometrics login like a fingerprint) is critical.
Use biometrics and other new technology
Fingerprint readers, iris scanners, and other technologies are making data privacy more secure and convenient. Be warned however, that new technologies sometimes have vulnerabilities that haven't been discovered, so using two-factor authentication is always a good idea.
Check your statements and credit reports often
This tip might seem slightly reactive rather than proactive, but checking all your financial statements every month (as well as your credit score at least once per year) is a good way to nip any identity theft in the bud. The earlier you catch and report potential fraud the better your chances are of being reimbursed. BECU members who experience fraud or identity theft should contact BECU immediately.
Don't access private information on public computers and networks
Do not use public computers (at the library, your school, an Internet café, or even a friend’s laptop) for your personal banking. There are dozens of ways that hackers can track everything you type (including passwords) or skim information through other methods.
Also, be wary when using public hotspots or unfamiliar WiFi networks, and don't enter any information on unsecured or unfamiliar sites or networks.
Be careful about what you publish on social media
Information that you publish on social media can be easily found and abused to answer security questions or deduce passwords. Sharing too much information on social media can be used by fraudsters to trick you into providing more personal information. Don't publish anything publicly online that you wouldn’t be comfortable with a stranger (or potential criminal) reading, and ensure your social media sites are set to private!
Fraudsters ‘phish’ for your information through fraudulent sites, emails, and even phone calls. Be skeptical anytime you are asked for your social security number (which you should never give out online or on the phone), credit card number, birthday, or other personal information.
Phishing isn’t only an online phenomenon. Some identify thieves have been known to look through garbage for discarded documents and other pieces of information. Ensure you shred anything with personal or financial information. BECU members can take advantage of one of our free shredding events.
Only make online purchases from trusted sites
If a deal is too good to be true then it probably is. Look for trusted brand names, but also remember that skilled fraudsters can make very convincing fake sites.
So, how can you tell a site is trustworthy? Ensure it has an SSL certificate. This is denoted by an ‘s’ after the ‘http’ in the URL. A secure site (like ours) will always begin with ‘https://’.
Another way to ensure the site you’re on is trusted is to double check the URL. Is it spelled correctly? Be wary of an extra number or letter that may be added to the site’s URL – any discrepancy from the URL you’re used to could indicate that you’re on a fake site that is designed to capture your user name, password and other sensitive information.
Ultimately, the convenience of shopping and banking online has many wonderful benefits, but it’s important to do what you can to protect your data and personal information from being compromised.
What are your concerns about online security? Do you have any tips to share that we missed?