October is Cybersecurity Awareness Month, and the Identity Theft Resource Center is providing tips to keep consumers and companies safe.
TechRepublic’s Karen Roby talked with Eva Velasquez, the president and CEO of the Identity Theft Resource Center about Cybersecurity Awareness Month and tips for individuals and businesses. The following is an edited transcript of their interview.
Eva Velasquez: We tell people to practice good cyber hygiene because that’s sort of intuitive and easy to understand that hygiene is doing a lot of little steps in order to get a big bang for your buck at the end. So if you went into a doctor and said, “Doc, what’s the one thing that I can do to practice good hygiene?” You’re probably not going to get the answer of, “Well, just brush your teeth.” Your doctor’s going to tell you to do all of these little things: eat right, get enough sleep, de-stress, take a shower, and brush your teeth.
SEE: Mastermind con man behind Catch Me If You Can talks cybersecurity (free pdf) (TechRepublic)
And it’s the same with cyber hygiene: little things. Don’t overshare your information on social media platforms. Please use complex passwords, don’t use them across multiple accounts, and change them frequently. If you get incoming communication, something that’s coming into you like a data breach notification, follow up on that. It’s very simple. All of these little steps add up into you, essentially, reducing your risk surface and making it that much harder for the thieves to commit identity crimes against your good name.
Karen Roby: What are some of the common things that people do wrong?
Eva Velasquez: It really depends on who you are, and how you interact with the outside world where you create those vulnerabilities. Of course, there are studies about online engagement with different demographics, seniors vs. Millennials, vs. Gen Xers, but I want people to realize that it’s very dependent on how you engage. Are you extremely active on social media? Then, perhaps, that is going to be your most vulnerable point, and that’s where you need to look, and spend your efforts, and your time understanding how you can be better at that, how you can be safer when you’re engaging on social media.
Do you do a lot of work remotely and so you’re always using email and it’s your preferred method of communication? Well then, you are more likely going to fall for a phishing scam because you’re just in there all the time and they’re so ubiquitous right now. So those are sort of the vulnerabilities. And I do think that people have a tendency to think,”One, think it’s not going to happen to me.” Or they go, “Well, it’s out there, and I can’t do anything about it.” There’s slightly a level of apathy and, again, not because they don’t care, but because they feel actually a little bit paralyzed that there’s nothing that they can do about it.
Karen Roby: You mentioned off camera that robocalls continue to be such a huge problem for consumers, and people are falling victim to scams that way. But on the enterprise side, talk a little bit about what you’re seeing there in terms of how businesses are being impacted most by security issues.
Eva Velasquez: Good companies that invest a lot into a good cybersecurity infrastructure, unfortunately, can still suffer a breach. Now, there are some companies that don’t want to make that investment. They’re more concerned about their quarterly earnings statement, and so they roll the dice, but both of those exist, and we have to look at each situation individually.
Far and away where I’m more concerned is with small businesses because small businesses really think, “I can’t afford to do this, and I can’t understand it, and, by the way, I don’t really have anything that’s that important anyway,” and that’s just not true. All of those are not true. Do you have employees? You have employee data that is extremely valuable to identity thieves? Do you have customers? Are you collecting payment information? All of those things, just knowing what sensitive data that you’re collecting is a great place to start for a small business. And understanding that, yes, it’s expensive to invest in cybersecurity best practices, but it doesn’t have to break the bank. You can start with a lot of the free resources that are available out there. During national Cybersecurity Awareness Month there is just a ton of information that’s available at no cost: Just your time to sit down and learn about it and look at some of the other resources that are available, and where you can start.
Karen Roby: Eva, any final words that you want to share on this?
Eva Velasquez: I just want people to know that this is a really confusing and complicated space. And sometimes when we’re talking with folks, victims, people that have actually fallen for a scam, maybe compromise their own personally identifying information through a phone call or clicked on a phishing link they’re really ashamed that they did that, and they’re kind of kicking themselves feeling like they should know better. And then, consumers that have questions will often pull back as well and think, “You know, I really should know this, and I don’t want to let anybody know that I don’t know.” I just really want to encourage people, we don’t need shame and embarrassment in this space. Cast it aside. Get the help that you need.
For Pete’s sake, if you broke your leg, no one would be saying, “You should just set that yourself. Can’t you take care of yourself?” You would go to a doctor and say, “Doc, help me out. I need some professional advice and a plan here.” It’s the same thing in this complicated space. Seek out a professional. There are free resources. The federal trade commission has a ton of resource-free resources. Identity Theft Resource Center has a ton of free resources. We’ve got live chat on our website, we’ve got a toll-free call center, we even have an app that was funded by the Department of Justice. You don’t have to do it alone, and you don’t have to be embarrassed or ashamed if you need that help.