This October, your bucket list might include apple picking, leaf peeping, and figuring out how to navigate a socially distanced Halloween. The folks behind National Cybersecurity Awareness Month would encourage you to add one more thing to the agenda: shoring up digital security, both for yourself and for your organization.
Launched in 2003 by the nonprofit National Cyber Security Alliance (NCSA) and the Department of Homeland Security, National Cybersecurity Awareness Month aims to educate people and companies about digital threats while empowering everyone to better protect themselves online. This year’s theme — “Do your part. #BeCyberSmart.” — highlights how we all have a role to play when it comes to maintaining cybersecurity.
Here at Allstate Identity Protection, we see the campaign’s goals as closely aligned with our own. We’re deeply committed to helping our members protect their privacy and live more confidently online. That’s why we’re kicking off the month with a quick quiz to help you identify security blindspots, plus tips you can implement today to strengthen your digital defenses.
When you’re done, we hope you’ll pass the link along to family, friends, clients, and colleagues, because when it comes to keeping data safe and secure, it’s best to have the involvement of everyone.
1. Which of the following is an example of a strong password?
- Your dog’s name
- The title of your favorite song
- Something long, complicated, and totally unique
If you answered C, you’re correct. When creating passwords, many people naturally reach for personal details, like a memorable date or a pet’s name. Unfortunately, these are things that could be uncovered with a quick Google search or glance at your social media feed. A popular phrase or song lyric might seem more secure, but if you know the words by heart, others probably do too.
Randomness, then, is key to a good password. As our guide to strong passwords notes, a word or phrase that’s misspelled or nonsensical is even better. That’s why we recommend choosing something with both length and complexity, and disguising the information with special characters and mnemonic devices. It’s also smart to enable two-factor identification whenever possible.
We know it’s a lot to remember, but you don’t have to go it alone: some browsers have built-in password managers that can generate and store your credentials, and there are several free apps that offer similar services.
If one of your accounts does become compromised, an identity protection service can help you spot the problem quickly, minimizing damage. If you’re a PrivacyArmor member, you can add an extra layer of security. Just log in to the portal and click the ‘Dark Web Monitoring’ tab. Choose ‘Web Login’ and ‘Other’ from the drop-down menu, then enter your usernames and passwords. We’ll let you know if we find those details where they shouldn’t be.
2. You receive an email alerting you to a fraudulent withdrawal from your bank account. You’re urged to click an embedded link and enter sensitive credentials to reclaim the funds. What should you do?
- Click the link and enter your information immediately, before your money disappears
- Do not click any links and call your bank right away to report a potential phishing attack
- Click the link and download any attachments so you can review the information carefully before calling your bank to confirm
If you chose B, you’re correct. A legitimate bank or company should never solicit your sensitive details by email or text. A request like this is most likely part of a targeted phishing attack, in which criminals use fraudulent emails to steal your personal data.
Phishers often pose as real people or institutions, but these attacks can be easy to spot if you know what to look for. Keep an eye out for the hallmarks of phishing, such as blurry images, frequent typos, and urgent requests to “act now!”. Before clicking a link in any email, hover your mouse over the text to confirm the destination. And if you have any doubt about a communication, reach out to the company directly to confirm if it’s real or fake.
3. Data breaches keep making headlines, and it can feel overwhelming to keep track of them all. How can you best protect your data?
- Use an identity protection service like PrivacyArmor to detect and remediate threats
- There’s not much you can do, so just throw your hands up and hope for the best
- Depend on breached organizations to inform you that you’re a victim
If you answered A, you’re on it! Sadly, data breaches have become a fact of life in the digital age. Partnering with an identity protection service like ours is one of the best ways to protect your personally identifiable information (PII).
With our customizable fraud notifications, you can take comfort in the fact that we’ll ping you if there’s a threat you should know about. There are a few additional things you can do in the portal today to safeguard your identity:
- The Allstate Digital Footprint helps you see your accounts and who may have your data. Our technology syncs with your inbox to identify digital relationships. From there, we can flag compromised accounts, list the types of data that may have been exposed, and suggest next steps, such as deleting unused accounts and locking or freezing your credit.
- Our dark web monitoring feature is another powerful tool that can help you regain control of your digital life. Tap the ‘Dark Web Monitoring’ tab and enter the specific details — such as credit card or account numbers — you’d like us to monitor. Bots and human operatives will then scan the dark web for your information, and we'll alert you of potential compromises.
- Visit the ‘Credit Monitoring’ tab to review credit reports for suspicious activity and lock your TransUnion credit report, which can make it harder for a criminal to open an account in your name.
4. Which of the following practices are key to being cyber secure at work?
- Keep your software up to date; run regular security scans; and use a secure channel, such as a VPN, to connect to your company’s network
- Treat sensitive work information like sensitive personal information: set strong passwords, don’t overshare on social media, and be wary of potential phishing schemes
- All of the above.
Yep, the correct answer is C.
Companies have a lot at stake when it comes to digital security. According to a 2019 study by global consulting firm Accenture and research group Ponemon Institute, the average cost of cybercrime at the organizational level is $13 million. The same study found the average number of corporate security breaches up 11 percent over the previous year.
Employee education is a huge part of protecting an organization from cyber threats. A company is only as strong as its weakest link, so it’s key to teach workers best security practices like the ones outlined above.
It’s also worth noting that up to half of identity theft cases begin at work — and liability is increasing for companies who don’t comply with federal or state laws protecting employee data.
There’s another hidden cost of identity theft to consider. When employees have their identities stolen, they can become easily distracted at work due to the tremendous financial and legal burden. This can lead to lower productivity, lower profitability, and higher turnover for the company.
Protecting workers’ identities is just good business. That’s why it’s a smart move for employers to offer an identity protection service like PrivacyArmor as an employee benefit.
5. Which of the following is the safest to post to social media?
- A first-day-of-school photo of your kiddos: they’re beyond adorable posing on your front porch in their school uniforms
- Real-time updates from your family vacation far, far away
- A beautiful scenic photo from last week’s nature hike
If you answered C, you’re correct.
We love technology and sharing online can be lots of fun. But we recognize that when social networks aren’t used with care, problems can ensue, from cyberbullying to theft in the real world.
Unfortunately, photos that seem innocent can reveal more than you intended. Perhaps your house number and the name of your kids’ school is visible in that front-porch picture. And posting about your vacation while it’s happening is essentially giving criminals a heads up that you’re not home.
Account takeover is another huge concern, as one compromised social media account can lead to identity theft across multiple channels.
That’s why we offer social reputation monitoring to PrivacyArmor members. Visit the ‘Social Monitoring’ tab in the portal to sign up for actionable alerts about potentially derogatory, vulgar, or inappropriate comments within your social posts. This type of content can be a tip-off that someone else is accessing your account — and that your identity may be at risk.
We’re your partner in protection
We hope you aced the quiz, or at least learned some helpful tips along the way!
At Allstate Identity Protection, we’re proud to be your partner in protection. During National Cybersecurity Awareness Month and all year long, let’s #BeCyberSmart together.