Blog Technology Online security: how to protect your account against a $6 trillion problem

Online security: how to protect your account against a $6 trillion problem

date April 20, 2020 time 6 min read

Online security is a shared responsibility. 

It involves you, us, and every other internet entity on the planet. 

There’s no room for complacency. Cybercrime is estimated to cost $6 trillion in damages by 2021 – triple the US coronavirus stimulus package. The stakes, therefore, are phenomenally high. 

While in our care, we protect your data in a number of ways:

  • We require 2-Factor Authorization (2FA) via a 2FA app (Authy or Google Authenticator). 
  • We require password formats that are difficult to hack.
  • We hash password data using SHA-256 so it’s impossible to decrypt. 
  • We maintain multi-level security protocols on our servers. 
  • We use SSL connections only (the little padlock or HTTPS before our URL).

Nevertheless, these measures alone can’t protect your account against all risks. 

You are the first line of defence against cybercrime.

So what can you do? 

Well, let’s back up a moment…

When things go wrong: a case study

As you might know, seven customers suffered unauthorized use of their accounts, recently. Two of whom lost money, with a combined loss of around $2,000. So what happened?

Online security in fintech
Online security in fintech

Nothing on our end: no breach to our database, no infiltration of our servers. All we know is someone obtained the email addresses and passwords of these individuals and then logged into their accounts to transfer money to an unknown wallet address. 

None of the affected accounts had 2FA enabled, which meant there was no secondary authorization step after entering the email address and password. 

How someone managed to obtain these customers’ details is unclear, but we have our suspicions. 

First, their information was already involved in several external data breaches according to security sites Avast Hack Check and Have I Been Pwned?. The compromised data included email addresses, passwords, phone numbers, and physical addresses.  

There are also countless other ways criminals might steal this data, including:

  • Phishing: where an attacker poses as a legitimate business to trick you into sending sensitive information. 
  • Malware: such as a keylogger that records keystrokes and sends them to the attacker’s computer.
  • A hijacked browser: where an attacker hijacks your browser to take advantage of browser-saved passwords and email addresses, or directing you to fake websites. 
  • A hijacked internet connection: where hackers view data sent between your device and the website. This is common on sites without the padlock or “https” before the URL, and when browsing on unsecured public wifi hotspots. 

This is just a short list. While using an email and password alone might be more convenient, it’s also high-risk. It’s much safer to protect your account using all the measures at your disposal, so let’s take a look at them now. 

How to keep your data safe?

Like most things in life, online security is not guaranteed. Cybercrime is becoming increasingly sophisticated and even law enforcement struggles to keep up. That said, if you rigorously follow the steps below, you will dramatically reduce your chances of falling victim to an attack. Below are some online security tips for you.

Enable 2-Factor Authorization (2FA) on all sensitive apps.

MyConstant is a sensitive app. Any app that handles your money is sensitive. Enable 2FA wherever it’s available – and think twice about using a website where it isn’t. If you lose your device, contact us immediately so we can help reset your 2FA app.

Pick a strong password and change it whenever there’s a security risk.

A strong password is essential. This Avast blog (https://bit.ly/2PNDQRX) lists some good ideas. Essentially, you want to avoid short, common formats and use a minimum of 15 characters. The longer, the better, the more random, the better, the larger the selection of character types, too, the better. Importantly, don’t share it with anyone – if you do, change it. Always change your password when compromised in data breaches, too. Sign up for security alerts such as those Google and Firefox offer (https://bit.ly/2FhVqLW).

Consider a password manager.

If the thought of managing your password manually puts you off, consider a password manager. It generates strong passwords for you and enters them with a single click. A popular choice is 1-password. It’s about $3 per month and is considered one of the best password managers on the market. 

Don’t share your password with anyone else.

Sounds obvious, but only you should know your password. You multiply your risk every time you share it with someone else. How can you be certain they’ll protect it? So don’t share it with anyone – not even friends and family. If you do, change it immediately afterwards. 

Beware of suspicious emails, texts, notifications, and phone calls.

Cybercriminals often impersonate a legitimate person, company, or institution to trick you into revealing personal data in a practice called phishing. This might be a fake email from your bank – with logos and everything – or a customer service representative calling to ask you to “update your details”. 

Be vigilant and only trust official communication channels and senders. If you’re unsure what to trust, please email us at [email protected] and we’ll send you our list of official communication channels. Whatever you do, don’t click links or reveal data to anyone even vaguely suspicious – if the sole aim is to get sensitive information from you, be on your guard.  

Check the websites you visit are authentic and secure.

When visiting a website, look at the URL bar at the top. Fake sites use a similar URL to convince you it’s real, but the Top-Level Domain (the bit after the website name) often differs. For example, it might be “myconstant.co” or “myconstant.xyz” instead of our legitimate URL “myconstant.com”. 

Also, you should see a padlock or the letters “https” before the URL. Like this:

undefined

This means the connection between your browser and our website is encrypted. If you see neither, the data you send is visible to anyone listening in on your connection. You can still use websites without the secured symbols, but don’t give them any sensitive data. 

Install and schedule regular antivirus and antimalware checks.

A good antivirus and antimalware program will help keep your computer free of viruses and other software that can track, harm, or exploit your data. But only if you use it, of course. They should always be left on, with full-system checks scheduled at regular intervals. Here are a few security packages to choose from (https://bit.ly/2XZiCFj). 

Beware of public wifi – or any unsecured wifi hotspot.

Public wifi hotspots at airports, coffee shops, malls, and so on rarely offer secure connections. They’re easy pickings for any hacker who wants to steal your data. All they need do is intercept the connection and then wait for you to transmit data. If you must use public wifi, don’t access password-protected sites or share any sensitive information. Even better, use a VPN (Virtual Private Network) that secures your connection.

Use a VPN when necessary.

If you suspect someone is monitoring your internet connection, use a Virtual Private Network (VPN) to browse. This creates a secondary but secure transmission pathway from your browser to the website you want to visit. 

A VPN works by masking your IP address and diverting data through its servers. This means only you and the website you visit can see transmitted data. You do need to pay for a VPN, though, and they can slow down your connection, so only use them when you need to be extra safe. 

Stay on top of the latest threats.

Lastly, sign up to a free cybersecurity newsletter so you’re aware of the latest threats. There are many to choose from such as this from the Mississippi Department of Information Technology Services. Prevention is always better than cure and the more you know, the better protected you’ll be.  

I hope these measures help you stay safe online. Remember this isn’t an exhaustive list, but a solid starting point. Please take the time to understand the importance of online security. A “this won’t happen to me” attitude is risky, and as I said at the start, online security is a shared responsibility. We’re doing our part – please also do yours.  

___________________

Please follow us on Twitter | Linkedin | Facebook for more news, views, and updates from the MyConstant team. If you have any questions or feedback, please join us on Telegram or drop us an email at [email protected]


Share this article

Chris Roper

Chris Roper

Communications Manager

Tags:

Related Articles