This year’s IRS breach in which a multi-step authentication process, including several personal verification questions, was bypassed to access the private information from 100,000 tax accounts should serve as a clear reminder to take many steps to guard our online privacy. But protection against data breaches such as these requires more than just regularly changing passwords.
“It’s important for employers and employees to be educated on safety through annual courses and weekly tips,” says Karen Sengelmann, head of retail at Fifth Third Bank.
She says it’s important to ensure employees are demonstrating secure behaviors, including forwarding suspicious emails to their company’s internal security team for evaluation before clicking on a link or downloading an attachment.
“I worry that breaches are becoming more common. And because of that, people are becoming desensitized to them,” Sengelmann says. “They may no longer pay attention and instead just tune out the warnings.”
Smart Business spoke with Sengelmann about the five things businesses and employees should do in order to lessen the chances of a security breach.
What are the five steps businesses should take to ensure that they’re insulated from an online security breach?
When it comes to protecting sensitive business and personal information, including bank accounts, consider the following advice:
- Treat mobile banking as if it were a credit card. Mobile banking is convenient, but employees and employers often forget that account information needs to be treated with the same level of security as a credit card. For added protection, password protect mobile phones and never send account numbers through text messaging.
- Don’t click on that link. You’ve likely heard it before, yet the reason phishing continues to happen is because it still works. There is the sentiment by some that it won’t happen to them. But those who execute phishing attacks continue to get more sophisticated. They often change one letter of a popular website so that people scanning their email might not double check. Always hover over a hyperlink to see the URL address to confirm it will take you to the site you were expecting to go to.
- Use strong passwords. Don’t use words that can be easily discovered, such as your dog’s name or your children’s names, or something generic such as password1234. Use different passwords on different sites. Consider using a phrase, sometimes called a pass phrase, in cases where you can use longer passwords.
- Know that security questions aren’t really secure. With a little searching on social media, criminals can easily gather all the personal information that they need to know about you to answer and bypass common personal verification questions — much like was done in the IRS breach. To be very cautions would be to forgo using social media all together. But if that’s not desirable, or not possible, just be aware that the information you submit to a social media site, even if it’s not made public, may not be secure. And the more you share, the more vulnerable you become.
Monitor your credit on a regular basis. You are entitled to one free credit report from each of the three credit reporting companies each year. Take advantage of that. Also, monitor your bank accounts regularly for any irregular activity. If you see something out of the ordinary, don’t hesitate. Report it to your financial institution immediately.
Fifth Third Bank. Member FDIC.
Insights Banking & Finance is brought to you by Fifth Third Bank