What Are You Actively Doing To Stay Safe Online?
If you were to receive a text message claiming that your Netflix account was just suspended, your pulse might ratchet up.
Scrambling to fix the issue, you click on the link in the text and navigate to what looks like a password reset page. But instead of resetting your password, any information you enter is harvested by a scammer.
For several residents of South Bend, Indiana (and countless others worldwide), this is not a hypothetical [*]. What lends even more credibility to the likelihood of such scams is the ever-growing number of victims. 32% of U.S. and U.K. respondents in a survey revealed that their social media logins have been stolen in the past [*].
The pandemic introduced us to remote socialization, school, work, and even healthcare. But with roughly 22 connected devices in every household, have Americans truly mastered the art of managing their digital presence?
What Is Digital Security?
Digital security is a set of best practices and tools used to safeguard your personal data and online identity. Password managers, parental controls, and antivirus software are examples of such tools. Since that definition can seem a little abstract, here’s a real-life analogy.
Think for a moment about your most prized physical possessions. You might make a point to lock your expensive car in your garage, put your heirloom jewelry in a safe, or store the title to your house in a safety deposit box. Such actions keep these objects safe from damage, destruction, and theft.
Your digital assets have the same — if not more — value. They hold the keys to your identity. Yet you share information online every day.
You post on social media, sign up for newsletters, and log in to online banking portals. And in the absence of thoughtful digital security, any errant sensitive information could be quietly inviting identity theft.
Digital Security Vs. Cybersecurity
Digital security and cybersecurity are used interchangeably but have distinct meanings and applications. Digital security is often used in the context of individuals and the manner in which they protect their personally identifiable information (PII).
Firewalls, multi-factor authentication (MFA), virtual private networks (VPNs), and identity theft protection tools all offer ways to preserve your identity.
Cybersecurity describes how organizations use technology to protect employee, customer, and company data. This can include web vulnerability scanning, email encryption, and emergency response systems.
To strengthen their security posture, government and industry security teams typically adopt what’s called the “triad of risk management” — Security by Design, Defense in Depth, and Zero Trust [*].
- Security by Design is the idea that organizations need to monitor, manage, and maintain risk governance on a constant basis [*]. Any new risks are flagged, prioritized, and addressed quickly; subsequent learnings are used to further bolster security.
- Defense in Depth is an architecture principle that maximizes security with layers of defenses while minimizing potential paths of attack. Defense in Depth can be applied to cloud services, industrial control systems, and data warehouses.
- Zero Trust is a set of evolving cybersecurity processes to verify device and system transactions as trustworthy. Part of Zero Trust is enforcing the concept of least privilege. That is, employees should only have access to the infrastructure that they need to perform their jobs.
For example, technology giant Microsoft takes a structured approach to Zero Trust that spans four pillars: Identity, Devices, Access, and Services [*]. In practice, this means:
- Biometrics replace passwords.
- Personal devices have alternative secure access control methods.
- Networks are segmented based on role and function.
- All company applications have conditional access.
These measures ensure that data is kept as safe as possible from both internal and external threats — regardless of the industry or end users.
Why Does Your Digital Security Matter?
As you go about your daily life, you leave a trail of online activity behind. You actively contribute to your digital footprint each time you use online banking, sign in to loyalty accounts, or message friends on Facebook.
And you passively contribute to this trace in ways that you may not be aware of — exposing browsing history, IP addresses, device information, and online purchases. You may rarely give these mundane activities a second thought, but they could needle your identity in many ways.
- According to Deloitte, 91% of data breaches happen due to phishing [*]. Scammers could intercept the email you use to sign up for a new social media app and enlist you in their next phishing campaign.
- That video link you thought you were clicking on in a subreddit could be a malicious page hosted on an otherwise benign domain, immediately spreading malware to your phone or computer.
And those are just some examples. New types of cyber threats and scams surface every day. The Better Business Bureau (BBB) reports that online scams rose 87% in 2022 as compared to 2015 [*].
Most of these online scams are perpetrated with PII that scammers amass from all corners of the internet. Unbeknownst to you, porous cyber hygiene can open the floodgates to identity theft, emotional distress, and considerable financial loss.
Types of Vulnerable Personal Information
Personally identifiable information can take many forms, and some are more sensitive than others. Sensitive PII (SPII) could cause substantial emotional harm, unfair treatment, and inconvenience. Examples of SPII are:
- Bank account numbers
- Biometric identifiers such as faces, fingerprints, or voices
- Passport numbers
- International visas
- Social Security numbers (SSNs)
- Driver’s licenses or state IDs
Examples of information that becomes SPII when coupled with other PII are:
- Medical records
- Criminal history
- Immigration status
- Mother’s maiden name
- Religious affiliation
- Date of birth
- Last four digits of an SSN
SPII helps scammers assume someone’s identity. They can use personal information to hack into bank accounts, locate credit card numbers, or take out loans in someone else’s name. SPII can be gathered from your digital footprint or after a data breach.
For example, Firewall Times recently reported that the U.S. Marshals Service, Pepsi, and Heritage Provider Network suffered from ransomware and malware attacks. In each case, employee and customer PII and SPII were exposed, putting those individuals at risk of criminal activity [*].
PII and SPII leaks can cause significant damage to employees, customers, and investors. So the U.S. government has enacted several laws that regulate its use:
- Privacy Act of 1974, governing the collection, maintenance, use, and dissemination of information about individuals in federal agency systems of record [*].
- Federal Trade Commission (FTC) Act, requiring companies to uphold the privacy promises they make to their customers [*].
- Gramm-Leach-Bliley Act (GLBA), limiting when a financial institution can disclose a customer’s “nonpublic personal information” to third parties [*].
- Health Insurance Portability and Accountability Act (HIPAA), prohibiting organizations from disclosing health information without the patient’s consent or knowledge [*].
How Can You Defend Your Data?
Here are 12 examples of digital security tools (and steps) to shepherd your identity online. For most, this may seem like a litany of steps — that's where a complete suite of tools like Aura comes in.
Embracing online security can feel arduous, and it often boils down to convenience over digital safety. But even these five best practices can make you less vulnerable online.
1. Use a password manager and multi-factor authentication
Everyone knows that long, complex passwords are better. But they’re harder to remember. So many people wind up using phrases, names, and numbers that are easy for hackers to crack.
Password managers can alleviate this problem by suggesting and storing unique, strong passwords for you. Most password managers sync across devices, notify you of weak or vulnerable passwords, and prompt you to change them. Others generate email aliases to hide your actual email, protecting you in a data breach.
But your security shouldn’t stop there. Multi-factor authentication, or MFA, can give your accounts a wide berth from unlawful access. When MFA is installed, you are prompted to enter something that you know, have, or are.
For example, you might have to enter a text message code, click on an emailed magic link, or use facial recognition to open an app.
What to do:
- Sign up for a robust password manager such as the one included in every Aura plan. Look for a solution with password auto-generation, built-in alerts, auto-syncing, alias generation, and helpful customer support.
- In tandem, enable two factor authentication (2FA) on apps that offer it, like Gmail, Reddit, Twitter, and Facebook. Most leverage SMS authentication, but you could also download an authenticator app like Duo or Google Authenticator to avoid sharing your phone number.
📚 Related: Social Media Security: How To Secure Your Profile (& Stay Safe) →
2. Enable Wi-Fi security and parental controls
John Binns hadn’t been foraging T-Mobile’s known internet addresses for long before he found an unprotected router [*]. All Binns needed to do was hack into one of the carrier’s data centers that stored the credentials for over 100 servers. After a week of burrowing into this data, Binns exposed nearly 50 million customer records.
On the flip side, 23% of people believe that public Wi-Fi is safe — even for financial transactions [*]. But potential hackers don’t park themselves solely at public and private routers. IoT devices like voice assistance (Amazon Alexa), thermostats, and even smart fridges can be vehicles for cyber attacks.
Many of these connected devices tend to be used by children just as frequently as they are by adults. Enabling parental controls on such shared devices can prevent kids from accessing harmful sites that harvest personal data.
What to do:
- Change your router’s administrator credentials — username, password, and SSID (service set identifier — or more commonly known as the name of your network).
- If you think your home Wi-Fi has been compromised, you should immediately disconnect, and reboot your router. Make sure your router also has the most recent firmware update installed.
- Turn off the remote administration option on the router and alert your internet service provider of the hack. They will likely have other suggestions for next steps that you can take. In the meantime, scan your other devices for malware that could have contributed to this hack.
📚 Related: YouTube Parental Controls: 4 Ways To (Easily) Get Started →
3. Install software updates, a VPN, and antivirus software
Phone manufacturers release software updates to patch security issues. Up-to-date firmware will render ineffective a potential hack that exploits known vulnerabilities.
WebKit — an open source browser engine managed by Apple— for example, was in the crosshairs of a recent security incident [*]. In response to the flaw, Apple released updates that spanned its browser, devices, and operating systems.
Antivirus solutions can protect your devices from multiple threats, from adware to Trojan horses, to worms. Using a Virtual Private Network (VPN) can also help you keep hackers at bay. With a VPN, your IP address, browsing history, and personal data remain hidden.
What to do:
- Turn on automatic software updates across your devices for the latest and most enhanced security features. Download these patches only from trusted vendor websites, and while on known networks or when using a VPN.
- Retire the use of any software that no longer receives such patches. Windows 8.1, while still functional, reached End-of-Life (EOL) on January 20, 2023 [*]. Not only will you be without adequate technical support for such EOL software; you also run the risk of being hacked.
4. Monitor credit reports, financial accounts, and your SSN
Attacks can still happen — even if you’ve completed all recommended security steps thus far. That’s why it’s critical to keep a close eye on your credit reports and financial statements. Report any dubious transactions or hard inquiries to your lender or credit reporting agency.
Even perfunctory glances at your credit report could flag unfamiliar mailing addresses or credit card activity that you don’t recognize. Acting quickly can help you preserve your credit report and recover any lost funds.
What to do:
- Consider signing up for a credit monitoring service that offers instant credit locking, along with alerts based on changes to your bank accounts, car or property titles, and spending thresholds.
- Beyond an annual credit report check, also consider reviewing your report if you were part of a data breach or received a Dark Web alert, if your SSN was stolen, or if you saw an unusual swing in your credit score.
5. Recognize phishing and other online scams
New phishing tactics and online scams appear every day and can unfold over phone calls, text messages, emails, social media, or in person. Even without structured security training, timely information and vigilance can help you give new scams a wide berth. Some examples of recent scams include:
- Google Voice verification code scams. Posing as an interested buyer for an item you may have listed online, the scammer insists on verifying your identity. Having already set up a Google Voice account with your phone number, all they need to do is induce you into sharing a one-time code that Google sends you.
- Student loan forgiveness scams. Illegitimate loan servicers may peddle loan forgiveness or consolidation in exchange for a paltry fee. Scammers dupe unwitting victims into disclosing their SSNs and Federal Student Aid (FSA) IDs and passwords.
- Heartstring scams. Scammers create fake accounts and coax you into wiring money or sharing passwords. In 2022, the FTC reported that nearly 70,000 people were roped into romance scams, accruing 1.3 billion dollars worth of damages [*].
What to do:
- Beware of the most common red flags that scammers relentlessly recycle — a mounting sense of urgency, threatening pronouncements seemingly from a government official, requests for sensitive information, and non-traditional payment methods are all overtures to an imminent scam.
- Consider blocking unknown callers, silencing spam calls, and asking customer support representatives to verify your account details before you speak with them further. Also place your phone number on the National Do Not Call Registry to stop telemarketing sales calls.
Can Identity Theft Protection Help?
According to the Federal Trade Commission’s (FTC) most recent data, people filed more reports about identity theft than any other type of complaint [*].
Despite this staggering data, news and consumer review websites are quick to suggest that you can do almost everything an identity theft protection provider does by yourself.
While these providers can't stop people from misusing or stealing your personal information, they offer proactive services that help keep you and your family safe:
- Monitor your credit beyond the three major bureaus (Experian, Equifax, and TransUnion). Identity theft protection solutions monitor your credit across all bureaus and also alert you to suspicious changes to your bank accounts and property titles. Aura’s fraud alerts are 250 times faster than competitors.3
- Identity restoration and identity theft insurance. Identity theft protection providers contact agencies on your behalf. They can assist with reclaiming lost data, requesting reimbursements, and helping you get in touch with legal representation if necessary.
- Monitor the Dark Web. Illicit marketplaces that potentially contain your information are rife on the Dark Web. Identity theft protection platforms notify you of data leaks and remind you to change your passwords.
- Opt out of data broker lists. Brokers collect emails and phone numbers shared on the web and charge companies to use their lists. Spammers can and have intercepted and leaked that data. Identity theft protection service providers can preemptively remove your contact information on your behalf.
📚 Related: Is Identity Theft Protection Really Worth It In 2023? →
Digital Security Is an Imprecise Science. Try Aura.
Even if you exercise good personal data security practices and are in the habit of using most of the online security tools listed above, identity theft protection is strongly recommended if you:
- Have already been the victim of identity theft, or if you or a family member are in a high-risk group for identity theft (such as the elderly).
- Are unwilling or unable to continuously monitor your credit reports or proactively freeze your credit.
- Don't have adequate identity theft monitoring available for free as a credit card or membership perk, or if your personal information has been exposed in a data breach.
The average identity theft protection plan costs between $9 and $50 per month. Aura’s individual plans start at $12 per month when billed annually. Pricing varies based on software features, insurance coverage, and the number of users on your account.
Aura’s all-in-one digital security systems monitor your online presence, so you don’t have to. With Aura, you can stay abreast of any credit score changes in near real-time.
Aura also has a built-in VPN, masking your internet traffic when you're online. Should identity theft occur, Aura provides coverage of up to $1 million per adult to offset legal fees and lost wages.