Are You Safe? Local Businesses Talk Cybersecurity

October is National Cybersecurity Awareness Month

(OnFocus) October is National Cybersecurity Awareness Month and local businesses are joining the annual effort to educate about cybersecurity.

“Cybersecurity is an invasion on an individual’s personal information and can lead to financial losses if the information ends up in the wrong person’s hands,” said David Murphy, VP-Finance & Risk at Marshfield Medical Center Credit Union. “In the case of the hundreds of data breaches we’ve experienced, like Experian, Target, or Wendy’s, for example, criminals were able to obtain information ranging from debit/credit card numbers to passwords to personal data, like Social Security Numbers.”

Criminals can use this information to obtain information about personal accounts or to make changes to accounts in an attempt to facilitate fraud and hide it from the rightful owners.

“Have you ever had fraudulent charges show up on your credit card or in your checking account? Many times, this is perpetrated from criminals obtaining your data through a breach,” said Murphy. “Have you ever contacted a merchant to find out they had the wrong phone number and address listed on your account, even though you never requested that information be changed? This could be a result of criminals obtaining information about you and contacting merchants to make the changes to hide any fraudulent attempts on your accounts.”

Murphy said that MMCCU makes every effort to protect its members, but it is still important for individuals to be aware of steps they can take to protect their own data.

“We feel we have a good, personal relationship with our members, and many times, our staff can recognize voices of members calling in based on previous interactions. However, we still want to make sure we are not giving out your information to the bad guys, so we may ask questions related to you or your accounts with the credit union,” said Murphy. “We don’t always rely on the cookie-cutter questions, like SSN or DOB, however. We may ask you details about your account that only you should know. Our goal is to make sure we’re giving out information to the right people.”

According to Murphy, social engineering has increased the importance of protecting personal information, like Social Security Numbers, Date of Birth, and Account Numbers.

“Think about when you call to make changes to an existing set up for cable or have questions on your bill with the local utility company. What kinds of questions are they asking you? What’s your date of birth? What’s the last four digits of your Social Security Number? What’s your address? These are all common items criminals can obtain through Social Engineering,” he said.

“What about questions about your pet’s name or your favorite vacation spot?” he added. When you post pictures of your pet on social media or upload pictures of your last vacation spot, criminals now have a means to obtain more personalized information about you simply by the information you share online.”

Murphy encourages the use of passphrases in place of less complex passwords, which has been a recent development to encourage users to using unique and complex passwords. Technology allows criminals to hack into accounts simply by guessing passwords or from stealing passwords from one merchant and using it to access an account with another merchant.

“Do you use the same password for your online banking account and your Facebook account? If your Facebook password is compromised, the criminal now has your password to access your online banking,” he said.

“Attempts from cybercriminals to steal your information is ongoing and doesn’t appear to slow down anytime soon,” said Murphy. “Whether it’s receiving a call from a phone number you do not recognize, receiving an email from a sender you do not recognize or one you are not expecting, you must remain diligent at all times in protecting your data. If you ever have a question on the legitimacy of a request for data, we’d encourage you to reach out for assistance. We’re always happy to help members and only want to protect our members and their data”

In the insurance world, Ryan Arnoldy of Marshfield Insurance encourages businesses that handle personal data to consider cybersecurity insurance.

“Any business that maintains data on their clients and employees has exposure and has the responsibility to safeguard that data,” said Ryan Arnoldy, Marshfield Insurance. “The expensive part comes in the form of fines and notification. Most states have laws in place that require you to notify affected individuals that their information was compromised that you will provide a credit monitoring service. Costs for this can run in the hundreds of thousands of dollars, even for a small to medium size business. Most general lability policies will not cover this.”

The state of Wisconsin requires notification if any of the following is obtained:
-Social Security Number
-Drivers’ License Number
-Financial account number
-DNA profile
-Any unique biometric data including fingerprint, voiceprint, retina or iris image.

“Wisconsin requires any business that suffered a breach to notify the affected individuals within 45 days of discovery. If the breach affected more than 1,000 individuals that business must also notify the major credit bureaus an behalf of each person affected,” he added.

Arnoldy said that an assessment is provided on each commercial policy upon inception or renewal to determine the extent of exposure. A recommendation is then made on what level of coverage would be best.

“We also have free online workshops developed by our carrier partners. These can help our customers understand the full extent of their exposure and the responsibilities they have,” he said.

To protect themselves, Arnoldy encourages being cautious about which items are stored on a phone.

“The easiest way to protect yourself is to limit the amount of stuff you have on your device. Get rid of any contacts, pictures, or emails unless they’re absolutely necessary,” he said. “If your phone is stolen, and all the above mentioned is on there, a hacker will look at that and know everything about your life in 30 seconds.”