Making Cybersecurity a Priority

The federal government is making cybersecurity a top priority and even launched a website, Onguard Online (www.onguardonline.gov), to provide practical tips to help keep you safe online.

The website calls for public-private partnerships to keep the nation secure from cyber threats, but it also recognizes the role individuals play to protect themselves online. Cyber thieves use many ploys while people are at home or at work.

Targeted phishing, a.k.a. "spear phishing" emails and custom Trojan viruses attempt to get people to:

  • Click on a link that supposedly shows an e-card, slide show or picture
  • Check out a bank, pay stub, IRS, Medicare or Social Security discrepancy
  • Download a “security” program, PC performance program, screensaver or game
  • Answer a quick survey, provide feedback or redeem a coupon
  • Use a phony identity monitoring service

Most ruses look professional and come complete with common security and commercial elements and logos. They may even mention privacy or security concerns in an effort to appear legitimate. You can no longer count on typos, strange email addresses or blatant Nigerian fraud scams to tip you off. But while the government works to protect the nation from cybersecurity threats, you can watch for some of these tell-tale signs and take appropriate steps to protect your identity:

  • Delete the email if it comes from a firm you don't do business with, weren't expecting and can't confirm independently. Don't respond, don't call phone numbers listed in the email, and definitely don't click links, download attachments or provide information.
  • Recognize that legitimate firms don't request personal information via unsecure email, period. Not from their clients, and not even from their associates.
  • Beware the buzz words “urgent,” “critical,” or “time dependent.” Phishers commonly use these phrases to get you to act.
  • Be extremely careful about who you do business with online. Check them out with the Better Business Bureau and other rating agencies if you aren't sure. They should use websites that start with https: and/or digital certificates for secure transactions, but this isn't foolproof.
  • Watch out for links to websites that are “close but not quite” to the authentic site. Phishers use these fake sites in the hopes you’ll log in with your user ID and password, which they’ll capture and use to their advantage.
  • Alert the company if you get an email from a firm you trust, but it requests personal information like your Social Security number, user name, passwords or challenge question answers. It’s a phishing email. Don’t call the number listed in the email—get it from a phone directory.

Often you can determine independently if an ID theft notification you receive is legitimate. You’ll generally get a hard copy letter in the mail that may include the last four digits of your SSN or account number as verification. The notification also should be documented publicly on the company’s website. The main client service line should be able to confirm that a breach notification was mailed and whether you were notified.

Quick Links