Cybercrime has reached epidemic proportions in the U.S. and abroad. From spam and phishing attacks to identity theft and ransomware, your personal information is under threat like never before.
For years, hackers have been playing a high-stakes cat-and-mouse game with software security specialists who race to patch vulnerabilities as soon as they’re discovered. Increasingly, so-called “white hat” cybersecurity experts are struggling to keep pace with “black hat” hackers.
In this new environment, digital security is more important than ever. “Think of your identity like a puzzle,” said Eva Velasquez of the non-profit Identity Theft Resource Center. “The more pieces of the puzzle that the thief can gather, the more they can do with it. If I’ve got your name, date of birth and social security number, I can do a lot of damage.”
Here are some valuable tips to strengthen your digital security:
One of the fastest growing types of cybercrime is ransomware — a spooky attack in which hackers remotely breach and freeze the contents of your computer. They threaten to destroy all your files — usually within a day or two — unless you pay a “ransom” in untraceable digital currency like Bitcoin.
Experts told NBC News that it’s the most profitable type of cybercrime ever, and even law enforcement officials have acknowledged that they’re usually powerless to either thwart the attack or track down the culprits. Now security analysts say that mobile ransomware — which locks up your phone — is skyrocketing this year.
Velazquez recommends placing two-step notification on your email and social media accounts. The upside is significantly stronger account security. The downside is minor inconvenience: Each time you sign in, you need to enter a separate code you receive by text or email in order to access your account. Thieves can post unwanted messages to your account, but they’re usually much more interested in capturing the personal information stored there.
“You should protect your email the way you protect your financial accounts,” Velasquez said. “If they get access to your email, they can send password reset notifications back to it and take over your other accounts.”
Mobile Security Apps
Software security firms offer a spectrum of apps to guard against unwanted intrusions on your cell phone. Nearly all of them contain malware, adware and spyware detection and prevention. Most also offer cloud-based backup, and the ability to remotely lock or wipe your phone’s data and pinpoint the location of a missing device.
But a new generation of mobile security apps is taking digital vigilance up a notch, with features like strengthened end-to-end data and voice encryption, or the ability to secretly snap a selfie — even trigger a loud alarm sound — if a thief enters too many incorrect passwords. Some apps will even monitor not just your email account but those of your contacts to detect whether they have been compromised.
Security experts recommend that you use different passwords for each account — and change them regularly. But few people can maintain that level of vigilance for very long. An easier option to keep your passwords safe and secret is to get a password manager. Once you enter a single master password to open up the manager, it will auto-fill username and password entries for each account that you’ve stored in it.
In addition to saving all your passwords in one place (which also makes it easier to change them up regularly), many services also offer to create super strong passwords for you.
Internet of Things
The rise of what the cyber community calls "the Internet of Things" (IoT) — the way in which devices like your mobile phone are now linked to the web and each other and send and receive data remotely — has ushered in a new era of security vulnerabilities. Conveniences like wireless speakers that connect to your phone using Bluetooth, or apps that allow you to remotely activate your garage door or your coffee maker come with a price: If there are security vulnerabilities in any one of the devices that connect wirelessly, every device that connects to it are vulnerable.
Fraud Alerts and Credit Freezes
If you fear that one of your financial accounts has been breached, you can direct the three major credit bureaus to put temporary freezes on your credit report. Most financial institutions need to see your credit report before letting you open a new account. So a temporary freeze makes it more difficult to open new accounts in your name.
Your existing creditors will still be able to access your credit report if a freeze is in place. You can also put a fraud alert on your credit report, which allows new creditors to see your report, but requires them to take certain steps to verify your identify. You can lift the freeze or fraud alert at any time.
Credit Cards vs. Debit Cards
When making purchases, credit cards are generally safer bets for consumers than debit cards. If your debit card is compromised, that means you are fighting to get your money back. If your credit card is hacked, it’s the credit card company that’s fighting to get its money back.
While in most cases, both banks and credit cards companies will cover losses dues to fraud, there are differences in legal liability. Under the Electronic Fund Transfer Act, your maximum liability for fraudulent charges on a credit card is $50. Under the Fair Credit Billing Act, your liability for fraudulent debit card transactions is unlimited.
Identity Theft Monitors
Comprehensive identity theft monitoring services — which can include social media and credit monitoring, identity theft insurance and removals from pre-approved credit card offer mailing lists — are also available. But consumer advocates recommend doing plenty of research beforehand. Consumer Reports notes that many of the services offered can be obtained individually for free: One of the most well-known companies, LifeLock, paid out $100 million last year in a settlement with the FTC over deceptive advertising.
A less likely but far creepier form of digital intrusion is surreptitious surveillance. Cybercriminals aim to steal from you. Cyber surveillance aims to spy on you.
One ominous threat to cell phone users’ privacy is what’s known as a “roving bug.”
Most people know that your physical movements can be tracked through the GPS on your phone. Far fewer realize that it’s possible to remotely activate the microphones in your cell phone and listen in on your conversations, even when the phone is turned off. Similarly, remote intruders can spy on you through your device’s camera.
Privacy advocates are fighting back. Earlier this summer, National Security Agency whistleblower Edward Snowden announced that he is designing a prototype for an iPhone case that prevents location tracking and audio surveillance. The device, dubbed the “introspection engine,” would alert the user if the phone’s radio signals are activated and prevent location tracking as well.
Switching your phone to airplane mode can turn off the phone’s cell and Wi-Fi signals, but on some devices the GPS function remains active.
A keylogger is a type of surveillance software that records your every keystroke, allowing a snoop to capture copies of every email and instant message you type, every search engine query you enter and every website you visit. Some can even take screenshots that would show what you’re seeing on the screen – like emails that are sent to you.
Most keyloggers are installed surreptitiously while a computer user is away from his or her desktop, but they can also be installed remotely without your knowledge. Keyloggers are popular with spouses who suspect their partner is cheating on them, or parents interested in monitoring their children’s online behavior. They also come in portable thumb drives. While there are software programs that can detect the presence of keyloggers on your system, it can be challenging to remove with them without some technical know-how.