A cyber-attack can happen at any time, often when we least expect it. Many of us wouldn't even think of the possibility of being hacked during something as routine as our morning commute. However, the reality is that many of us use electronic devices every day, all day, that can become targets for cyber crime. The good news is we can prevent these attacks. Below are some of the ways you may put yourself at risk before you've even arrived at the office, and the simple steps you can take to protect yourself.
Checking email at home or on the go
The ability to remotely access our office network from home is convenient, but are we doing it in the safest way possible? In these seemingly Wild West days of social engineering, botnets, and crime-ware, we can take some basic precautions to avoid modern day cyber bandits:
- Ensure your home Wi-Fi network is configured securely. See our tips on securing your home Wi-Fi network
- Make sure your home computer has the latest security patches for its operating system and third-party software. Enable automatic updates if available. Make sure anti-virus/anti-malware detection software is installed and running correctly (at a minimum, definition files should be auto-updated daily).
- Make sure your smartphone's operating system is up to date and that you are accessing sensitive information such as work email using a strong username and password with two-factor authentication.
- See our blog post Protecting Your Data at Home, for more information on how you can protect your devices and data while at home.
Stopping for coffee
Stopping for coffee may seem like a quick, harmless errand, but potential dangers may lurk just behind that table in the corner. When using your phone in any public place, you may be tempted to connect to public Wi-Fi in order to save data and connect faster. However, public Wi-Fi networks are common targets for cyber criminals, so it's important to use these networks with caution. See our public Wi-Fi best practices for ways you can protect yourself from a possible coffee shop attack.
Filling up the gas tank; using the ATM
What may seem like more harmless errands can yield multiple opportunities for cyber criminals to pounce:
- Phone theft — Lost or stolen mobile devices remain the number one source of data breaches. When stopping on the way to the office, do you leave your devices in your vehicle? Individuals called “sliders” have been known to operate at gas stations and secretly enter vehicles from the passenger side to steal valuables. You can protect yourself from this type of theft by closing and locking all doors and windows when no one is in the vehicle, and by keeping your devices on your person at all times.
- Credit/debit card skimming — Gas station pumps and ATMs are a prime target for thieves to steal your credit or debit card information using skimmers. Skimmers can often go undetected, but if you see something suspicious about a credit card machine or ATM, tell the attendant immediately and do not swipe your card. When possible, avoid using debit cards at gas stations, pay inside, and avoid using stand-alone ATMs.
Driving or parking your vehicle
Many vehicles are now internet-connected, making their various systems — infotainment system, speedometer, brakes, and air bags, to name a few — vulnerable to a remote attack. If criminals know your car’s IP address, they can gain access to these systems via a cellular connection. The next time you bring your vehicle to the dealership for an oil-change, ask if the vehicle's on-board software requires any updates.
For More Information
For more cyber safety tips and resources you can apply at work and at home, see our Cyber Awareness Resources page. If you have any questions, please contact your ACA Aponix consultant or email us at email@example.com.
About the Author
Raj Bakhru, CISSP, is a Partner at ACA Aponix, the cybersecurity and IT risk division of ACA Compliance Group. ACA Aponix focuses on independent, holistic technology risk assessments and advisory services for financial firms. It also performs vendor due diligence, penetration testing, phishing testing, staff training, and information security policy build-outs. Prior to ACA’s acquisition of the firm, Raj was Chief Executive Officer of Aponix Financial Technologists, which he cofounded. Before that, he led firm-wide software development and was part of the founding team at Kepos Capital, now a $2 billion global macro quantitative asset manager. Prior to Kepos, Raj served as a Vice President at Highbridge Capital, where he led the team building the firm’s proprietary order and execution management system. In addition, he previously worked on research and cross-asset-class algorithmic trading algorithms and software systems at Goldman Sachs Asset Management’s quantitative hedge funds.
Raj earned his BS from Columbia University in Computer Engineering and has received his CFA charter and his CISSP designation. In the course of his career, he has been frequently quoted in Ignites, HFMWeek, MarketWatch, The Cybersecurity Law Report, and other industry-leading publications on information security in financial services.