Arhan Menta launched The Kumar Project, an initiative that educates vulnerable seniors about the types of scams that exist and ways to prevent becoming a victim.
Arhan Menta launched The Kumar Project, an initiative that educates vulnerable seniors about the types of scams that exist and ways to prevent becoming a victim.(Courtesy Arhan Menta)
Arhan Menta launched The Kumar Project, an initiative that educates vulnerable seniors about the types of scams that exist and ways to prevent becoming a victim.(Courtesy Arhan Menta)
During summer trips to India to visit his grandparents, Arhan Menta spent time teaching his grandfather how to use the internet.
His mom hoped her father would be able to become more independent, and the lessons started with the basics. Menta taught him about creating Word documents and sending emails.
As more time went by and his grandfather practiced more, the lessons transitioned into buying things from Amazon and online banking.
But one summer, after Menta had left, someone posing as a teenager called his grandpa saying they were in danger and just wanted to talk. His grandpa thought it was him. During that conversation, his grandpa gave a scammer remote access to his computer and lost about $13,000.
The experience prompted Menta to launch The Kumar Project, an initiative that educates vulnerable seniors about the types of scams that exist and ways to prevent becoming a victim.
Menta, a senior at Thomas Jefferson High School for Science and Technology, and a friend give many presentations at senior living facilities across Northern Virginia.
“We’re really focused on creating new technology and the advent of online banking,” Menta told WTOP. “A lot of seniors are left behind. They don’t have the tech savviness to be able to protect themselves online from scams.”
Using materials from government sources, Menta and co-founder Aayush Tendulkar craft presentations. The first portion usually involves a lecture about the types of scams that exist and the ways artificial intelligence is impacting how scammers operate. The second half of the program involves tips to identify scams and stay protected.
In one exercise, participants write down the five people they’re closest with and consider a common phrase that’s used often that could serve as a code phrase. Using the phrase, Menta said, could help someone figure out whether the caller is who they say they are or a scammer.
“I observed there’s a lack of education,” Menta said.
The concept, Menta said, has evolved and expanded. There are now eight chapters across several states, India and the Philippines.
In Virginia, Menta said the group is working with state lawmakers to craft legislation ahead of the next General Assembly session. The plan would remove money that’s lost as part of scams from credit reports.
“The problem doesn’t just end at being scammed,” Menta said. “We try to prevent that from the jump, but there’s other consequences that can happen from that, and that’s what our legislation is trying to stop.”
Menta said he’s always been interested in finance, and his father let him make his own stock choices during the pandemic.
“I thought, ‘Is there something I can do in my community to help this?’” Menta said.
Get breaking news and daily headlines delivered to your email inbox by signing up here.
MOUNTAIN VIEW, Cal. — Google has sent out an updated warning to billions of Gmail users about a massive data breach.
They say around 2.5 billion users are urged to reset their passwords immediately. And to tighten security after the contact information of small and medium sized businesses was hacked. KXL Tech Expert Brian Westbrook says Gmail users should also be on guard for phishing attacks. He recommends when users do change their passwords, they make sure it’s unique. And also to retire your old Gmail password while using 2 factor authorization moving forward.
Online safety and security is a great challenge, however, taking up responsibility personally helps deal with it to a great extent. We’ve to proactively take measures to secure our devices, be careful about our actions and activities online, increase our awareness about the possible threats to our online safety and security and just act responsibly. These tips will give you a good headstart. ~ Ed.
There is no doubt that modern technology and Internet has many positive impacts on our lives. However, theimpacts on teenagers and adults alike can include several negative factors. Perhaps the biggest danger relates to online security and privacy.
The harsh reality is that people fall victim to cyberattacks and other online threats every single day. It is quite a scary thought, not least because it’s virtually impossible to live in modern society without using digital tech.
8 Ways to Stay Safe and Secure Online
While it might not be possible to eliminate the threats completely, you can significantly reduce them. Here’s how:
Stay Private
We are already being watched by big brother through surveillance cameras and AI tools when out in public. So, the last thing you want is to let other people see what you’re doing when online. Investing in good security features is vital.
Adding cybersecurity and antivirus software will protect devices. Meanwhile, you candownload VPN apps to stop people and location services from tracking your movements. Aside from an extra layer of privacy, it can stop annoying ads.
A VPN doesn’t suddenly remove all dangers but does allow you to browse the internet with greater confidence. It is the best starting point.
Think Carefully About What You Post
Maintaining your privacy isn’t just about stopping others from tracking your online activities. You must also pay close attention to the content that you share publicly, especially on social media channels. Even private stories should consider potential risks.
For example, we all enjoy posting holiday photos. However, doing this while you’re away tells people your property is currently vacant. This could leave you open to theft. With this in mind, it’s better to delay the photo dump until after you return.
Similarly, you must avoid posting any personal details. Passport info, bank details, and other items could be used maliciously if you’re not careful.
Use Multi-Layered Security
When thinking about online threats, the thought of someone gaining unauthorised access to an account is a big one. Sadly, cybercriminals are attempting to hack your accounts. So, it is imperative that you take the right steps to stop them from succeeding.
Firstly, setting strong passwords is vital. An 8-character password takes just minutes to crack but a 16-character one can take billions of years. Even if someone guesses your password, biometrics and two-step authentications will come to the rescue.
It may occasionally mean it takes an extra few seconds to get into your account. But it’s a worthy trade for preventing the damages that unauthorised access could bring.
Use Trustworthy Businesses
Arguably the scariest aspect of online safety is that your details could be compromised as a result of a third-party’s shortfalls. In the UK alone, almost15 attacks on businesses are recorded every minute. Worse still, companies of all sizes are at risk.
Even the biggest and best companies can suffer data breaches. Still, mindful decisions about which companies you use will reduce your risks. Businesses that are shown to take security seriously won’t only prevent attacks. They’ll also implement quick responses.
By using different passwords and security credentials on each account, the impact of any breach will be limited.
Learn About Threats
Research shows that88% of all data breaches are attributed to human error. Therefore, staying vigilant and carefully considering all online actions is vital. Prevention is the best form of protection and it’s better to be overly cautious than not cautious enough.
Phishing scams, malware, and other tactics may be used by cybercriminals. They will try to trick you into making a costly mistake that allows them to steal information or money. Take care when clicking hyperlinks and always check that websites have https security.
Whether it’s a lack of encryption or due to entering data that is directed to a cybercriminal, the threats are huge. Do not fall victim to them.
Know Who You Are Talking To
The internet allows us to connect with people like never before. However, it also opens the door to several possible dangers. Most notably, the person you are talking to behind a screen may not be the person that you think you are talking to.
This could come courtesy ofcatfishing on dating apps or someone pretending to be a loved one. Either way, it could potentially lead to financial scams, such as them getting you to send money before disappearing. Or you may share too much info that could be used against you.
So, you must always focus on retaining some secrecy at least until you have confirmed that the person is who you think.
Update Your Tech
While the use of VPNs and cybersecurity tools will reduce the risks, you also need to update the tech. Software companies don’t just update products with new features. They also add security patches that actively combat the latest threats.
It can be frustrating when your device needs tocomplete an update. So, scheduling an update to occur once per week when you are not busy could be a particularly smart move. It will keep you protected without encountering stressful updates at the worst times.
Phone updates, PC updates, and tablet updates are all vital. The sooner you complete them, the better. Not least because it puts your mind at ease.
Use Reliable Accessories
When thinking about your online data and general safety, it’s not just about browsing and devices. The accessories used can also pose a huge threat. Unbranded products don’t only threaten the device battery. They may also spy on your online activities.
It might not be a hugely common risk for the average person but it does happen. More worryingly, public chargers are known to pose this threat. For this reason, avoiding them, along with public WiFi is vital. Otherwise, another person could be snooping.
Even if you don’t want to pay sky-high prices from manufacturers, you should always buy from reputable retailers. Their own branded goods are safe.
The Final Word
If you truly want to stay safe online, you need to be both comprehensive and consistent in your thinking. Sadly, it only takes one incident to spell disaster. With the right care, though, danger can be averted.
Over to you
What steps do you take to enhance and ensure your safety and security online? Share in the comments section.
When Bill Cheney led the National Trade Association, policymakers often asked him, “If credit unions are as good a deal as you say, why isn’t everyone a member of a credit union?”
His response was always, “Exactly!”
“If I were the CEO of a bank, my job would be to maximize the value of that bank for the shareholders,” said Cheney, who is now the CEO of SchoolsFirst Federal Credit Union, the largest credit in California for school employees and their families. “We don’t pay dividends to shareholders because we don’t have shareholders; we pay dividends to our members. Our job is to put members first. It’s really an amazing business model.”
As a member-owned, not-for-profit financial cooperative, SchoolsFirst is part of a unique and trusted banking experience 90 years in the making.
Founded on June 12, 1934 during the Great Depression, what was then the Orange County Teachers Credit Union began when 126 school employees pooled $1,200 to establish it. The credit union has grown steadily since.
A 2020 merger with Sacramento-based Schools Financial Credit Union made the state’s largest credit union even bigger. Originally serving Orange County, it now covers the entire state, offering a variety of products and services such as checking and savings, credit cards, home and car loans and retirement planning.
With this expansion, SchoolsFirst’s big challenge is educating younger generations about credit unions while safeguarding its members’ finances against cyberattacks and effectively integrating new technologies.
Southern California News Group spoke to Cheney about SchoolsFirst’s 90 years of serving school employees and their families and what the future might hold. The interview has been edited for space:
Q: Do all credit unions focus on a specific community?
A: Credit unions have what’s called a field of membership. Our field of membership is the educational community and has changed only in the sense that we’ve expanded geographically.
Q: Did that expansion coincide with your recent merger?
A: No, we actually expanded our charter before that.
Schools Financial became part of SchoolsFirst on January 1, 2020, but our systems were integrated toward the end of the year. When we planned the merger, we didn’t plan to send everybody home in the middle of March — hats off to our team for pulling it off.
Q: What impact did the pandemic have on your day-to-day business?
A: We’re an essential business, so we kept all our branches open except those serving colleges, universities and school districts. For example, we closed a small branch at Cal State Fullerton, but our biggest, oldest and busiest branch in Santa Ana stayed open.
We had to move quickly to protect the employees at our branches. But we also sent hundreds of team members home, so we had to make arrangements for them to work from home.
That first week, I reassured our team — and the rest of our leadership team did as well — that everybody’s job was protected regardless of their role in the organization and that our members needed us now more than ever.
Q: And how did you reassure your members?
A: We have an emergency loan program for use if, for example, there’s a state government shutdown and people’s pay is delayed. It hasn’t happened for a while, but it has happened. And so, we had this program in place (during Covid-19).
The government stepped in and provided stimulus payments, so we didn’t have to utilize (the program) too much. But some of our members did lose their jobs and that emergency loan program helped them through that interim period until the government stimulus kicked in.
But the big challenge credit unions face is educating younger generations about their value, mission, and purpose because it’s not always clear. Even some of our members refer to us as their bank. We are in the banking business, but we are not a bank. We’re a credit union; we’re a mutual.
We have board members like a bank, but our board members are elected by our members to serve as volunteers to run this $30 billion financial institution. They represent our members’ interests, and that builds trust.
Q: Can we talk about services? For example, there is immense pressure in California to own and finance a home. How is SchoolsFirst working to make these loans happen for your members, and how much of the business does it represent?
A: People are challenged by higher interest rates and higher prices. Higher interest rates are good for our members who save, but if you’re a borrower, it’s challenging. You used to be able to get a mortgage for 3%, and now they’re close to 7% and higher. That’s a big difference on a home payment in a high-priced market like California.
Real estate is a huge part of our business—not as much as it was when rates were lower, but we do make a lot of mortgage loans and home equity loans. Most of our real estate team is in Tustin, although we also have operation centers in Riverside and Sacramento.
With first mortgage lending, we do have some flexibility, but the rates are pretty much set by the secondary market. Our rates are competitive, but the difference may not be as much on the real estate side, just because of the way the market works.
What’s different are the fees and the terms of the loans. For instance, we have a special school employee mortgage with a low down payment and no private mortgage insurance requirement. By not requiring them to have that, we’re able to lower their monthly cost quite dramatically.
Q: Do you ever bundle and sell loans?
A: It does happen occasionally, but when we sell a loan, we retain the servicing. The member still comes through us for everything.
Q: Why do you think SchoolsFirst has managed to grow when smaller credit unions have folded or been absorbed?
A: We’ve expanded geographically, and we’ve certainly changed a lot in the products and services that we offer over the 90 years. I actually started on the 80th year of the credit union, coincidentally, and we’ve seen a lot of growth in that time period. But really, since our beginning, we’ve stayed focused on school employees and their families with, as we say in our mission statement, world-class personal service.
Q: What does the future look like for SchoolsFirst?
A: Things are now changing faster than ever, and our member’s needs are changing. Cybersecurity is a huge deal. We have a great team here that protects our system and our servers. And, of course, you can’t open a newspaper or turn on a program without hearing about AI.
In some respects, we’ve been using artificial intelligence in our business for a long time, but it isn’t the same as people. If a member calls with a question, for example, we have an internal pilot that uses AI to help our team quickly find the answer by going through thousands of pages of standard operating procedures. But a person always answers the member’s question.
Continuing to focus on our members and anticipate their needs and look out for their financial wellbeing—it’s what got us to this point. And that’s what is going to make us successful in the future.
Q: Will you continue to expand geographically?
A: Yes. We are expanding geographically in several ways. We provide a wholly-owned subsidiary organization that provides third-party administration services to more than 300 school districts and county offices. That’s expanding statewide as far north as Nevada County.
We also work with a third party to help us understand where our members are and where there’s potential for growth in terms of our future expansion. We typically add two or three branches a year, so it’s not rapid growth; it’s controlled. Even if people never go into a branch, they like to know that there is one convenient to them in case they need it.
Bill Cheney is the CEO of SchoolsFirst Federal Credit Union. (Photo by Paul Bersebach, Orange County Register/SCNG)
Bill Cheney is the CEO of SchoolsFirst Federal Credit Union. (Photo by Paul Bersebach, Orange County Register/SCNG)
Bill Cheney is the CEO of SchoolsFirst Federal Credit Union. (Photo by Paul Bersebach, Orange County Register/SCNG)
Bill Cheney
Title: CEO
Organization: SchoolsFirst Federal Credit Union has more than 30 billion in assets and serves 1.4 million school employees and their families. It has 69 branches and more than 300 ATMs statewide. Members can also access a cooperative of thousands of free ATMs there and nationwide.
When he first joined a credit union: “My initial introduction to credit unions was (at the McCombs School of Business at the University of Texas at Austin),” he said. “I worked for the State Property Tax Board and joined the Public Employees Credit Union in Austin, Texas, in the early ’80s.”
How he ended up working for credit unions: After graduating from college, Cheney spent five years at what was then Andersen Consulting.
“One of my clients was the Security Service Federal Credit Union in San Antonio, Texas,” he said. “I worked there off and on different consulting assignments, mostly having to do with technology. In 1987, I was offered an opportunity to work for the Security Service. That was my first credit union job.”
Moving around the credit union world: Cheney moved his family to California in 1997, where he spent nine years as CEO of what was then Xerox Federal Credit Union in El Segundo and another four years as CEO of the California and Nevada Credit Union Leagues. He also spent four years as CEO of the Credit Union National Association in Washington, D.C.
In 2014, Cheney returned to California and settled in Orange County as CEO of SchoolsFirst Federal Credit Union.
For an important reminder of the stakes involved in shoring up the cybersecurity of the nation’s critical infrastructure, from banks to power plant operators, read the nonfiction book “This Is How They Tell Me the World Ends” by Nicole Perlroth.
Though the book came out in 2021, it remains an important read for bankers today because it helps explain much about the current landscape of cyber threats. It covers not just how nation-states attack their enemies with cyber warfare, but the proactive mindset that banks need in efforts to mitigate their own risks and risks to the financial system as a whole. All of this remains relevant today.
Perlroth is a former New York Times reporter who has moved on to cybersecurity venture capital, advising the Department of Homeland Security’s Cybersecurity and Infrastructure Security Administration (one of the many subjects of her book) and producing a television series adaptation of her book for FX Networks.
Perlroth’s reporting has unearthed Russian hacks of nuclear plants, airports, elections and petrochemical plants; North Korea’s cyberattack against Sony Pictures, Bangladesh banks and crypto exchanges; Iranian attacks on oil companies, banks and dams; and thousands of Chinese cyberattacks against American businesses, including against the Times itself.
“This Is How They Tell Me the World Ends” is Perlroth’s opus. It synthesizes and expands on her impressive body of work. It opens with the dramatic moment in 2013 when her editors at the Times pulled her onto the cybersecurity beat, stuffing her into publisher Arthur Sulzberger’s storage closet alongside other Times reporters to analyze files leaked by Edward Snowden. It ends in 2021 with her locked up in quarantine because of COVID-19, anxious that the next big hack might come at any second.
Between those bookends, Perlroth’s writing reads like a spy thriller. It is, but it is also nonfiction, written by a reporter who, during her eight years as a cybersecurity reporter for the Times, was often first to break news about the cyberwar playing out between the U.S. and its adversaries. The book largely dives into the world of zero-day vulnerabilities. These are bugs in computer systems that are not (yet) known to their owners, developers or anyone else capable of mitigating them. Zero-day exploits underpinned the successful campaign by the U.S. and Israel to set back Iran’s nuclear program by several years, using a computer worm called Stuxnet.
Perlroth’s book pierces the veil that zero-day marketplace participants have built. These participants include governments, contractors, notorious hackers and mercenaries. Perlroth’s romp through secrets and stories clarifies the market forces that, among other things, have driven up the prices that governments and companies of all sizes and intentions are willing to pay for zero-day exploits.
On one side is Google with its Project Zero, a program that hires security analysts to find zero-day vulnerabilities in popular software, disclose the vulnerabilities to the software manufacturer, then publicly documents the vulnerability after the manufacturer fixes the bug (or after 90 days, if the manufacturer drags its feet).
On another side is the National Security Agency. Perlroth describes in the book how, around 2010, the agency discovered a vulnerability in Microsoft Windows. Rather than tell Microsoft or anyone else about it, the NSA exploited that vulnerability for espionage. Only in 2017 did the vulnerability become public, when someone stole or leaked the agency’s actions, allowing North Koreans and Russians to deploy it against a variety of companies and states, particularly in Ukraine.
One important upshot of the stories Perlroth tells is that companies — banks and other firms that make up the nation’s critical infrastructure — have frequently been casualties and bystanders of the global cyberwar described in the book. The most glaring example of that is the NSA’s attempt to exploit the Windows bug, which later backfired when it was leaked. Honda, FedEx, Merck and others in attacks dubbed WannaCry and NotPetya were all affected.
Alas, for all the value Perlroth offers readers in the storytelling — whether by holding the NSA’s feet to the fire for poor judgment or negligence, shedding light on the important inefficiencies in the zero-day exploit market or lionizing heroes of the zero-day marketplace for selfless acts — the book has its cringeworthy moments.
For one, the book is chock-full of truisms. “Digital vulnerabilities that affect one affect us all,” and “the world is on the precipice of a cyber catastrophe” are two examples. Most of these are innocuous enough; some border on misleading and hyperbolic. To her credit, Perlroth is aware of these moments. She discusses the acronym FUD, which stands for fear, uncertainty and doubt — something she calls “a scourge in the cybersecurity industry” — and acknowledges that the more technically minded readers “will argue I have overgeneralized and oversimplified,” and she admits some subjects are better left to them.
“But,” Perlroth goes on, “I would also argue that many are not technical at all, that we each have a role to play, and that the longer we keep everyday people in the dark, the more we relinquish control of the problem to those with the least incentive to actually solve it.”
She writes this in her epilogue, which offers some of her opinions on policy prescriptions meant to address the negative externalities of the zero-day exploit market and the insecurities inherent in the many computer systems that reach into every corner of life. Naturally, opinions differ on the ideas she pushes in this section.
But there is also some sound advice targeted at the “everyday people” for whom she wrote the book — the people who know enough and care enough to pick up the book, but who can’t effect change from the top of the corporate food chain.
To sum it up: Use strong passwords, and turn on multifactor authentication whenever available. As scary as zero-day exploits are, the vast majority of cyberattacks — 98%, according to Perlroth — start with a phishing attack that contains no zero-day, no malware. Strong passwords and multifactor authentication are excellent antidotes to these common attacks.
As for the remaining 2%: Those are the most interesting attacks, and if you want to better understand them, pick up “This Is How They Tell Me the World Ends.”
GREAT BARRINGTON, Mass. (NEWS10) — A small business in the Berkshires was the victim of the growing cyber-crime known as social engineering. The business lost a significant amount of money that cannot be recouped.
“We can’t function without the fabric and without the money we can’t buy the fabric,” said Molly De St Andre.
Aurelien and Molly De St Andre own a children’s clothing store and they told NEWS10 the pandemic put supply chain issues in the spotlight which made them search far and wide for fabric. Online communication struck most of the trouble during this time.
“I was corresponding with my rep as I always do, and we have a good relationship. I did not realize that over time another person had hacked into their system and was posing as my rep,” said De St Andre.
She tells NEWS10 after several conversations she was given an official invoice, totaling nearly $40,000, from the person she thought was her rep. “The invoice that we took to the bank had fraudulent details on it and it went straight to the scammer. And we didn’t even know that for a month and a half,” said De St Andre.
They thought they were covered by insurance. “He told us we’re covered for cyber-crimes; we’re looking into this tiny clause in our insurance that basically made it impossible, it made them unwilling to cover this,” said De St Andre.
But help came from another source. On Railroad Street in Great Barrington the small businesses are coming together to support one of their own. “We’re watching out for each other and truly the expression of the rising tide lifts all boats, if one of us goes down, it only hurts our town in general,” said Mary Daire, owner Daire Bottle Shop and Provisions.
The business owner says she wants to let as many other business owners, as she can, know what to look out for . “Honestly you know, like if this could happen to us and we are so careful, this literally could happen to anyone,” said De St Andre.
One of those businesses helping De St Andre learned a few things as well when it comes to safe business practices. “We talked with our insurance agent to get more robust cyber insurance. We didn’t even realize that was something that would affect a small business such as ours. We’re not even doing sales over the internet but the sophistication level of these scams these days you can never be too safe,” said Alex Cosgrove, Co-founder Greenhouse Yoga.
The 2023 FBI internet crime report says cyber-crime victims’ losses exceed $12.5 billion, a 22% increase from 2022.
A GoFundMe has been set up to help offset the costs of the scam.
With 2023 in the rearview mirror, we can look back on the year with 20/20 clarity. This year saw banks confronting multiple risks, some foreseeable and others less so. If the year has taught us anything, it’s that banks can do more to guard against the risk they can predict, and risk they may not see coming.
In 2024, risk will remain one of banking’s greatest challenges. With rising residential and commercial real estate prices, mortgage payments are outpacing wage increases, resulting in default risk. Global economic uncertainty continues to loom large, while cyberattacks continue to pose a significant threat. The rise of gen AI has handed hackers a whole new set of tools, enabling deep fakes, viruses and sophisticated phishing scams.
How do banking CEOs view cyber risk? A recent survey to understand banking CEOs’ perspectives on cyber resilience produced some noteworthy results.
Our research, “The Cyber-Resilient CEO,” explores the role of C-suite leaders in handling cybersecurity threats to their organizations. The survey involved 1,000 CEOs of large organizations (those with more than $1 billion revenues) in 15 countries and 19 industries. 53 banking CEOs were represented in our sample.
The Cyber-Resilient CEO: How confident CEOs are taking charge of cybersecurity
When we asked banking CEOs about the biggest issue they are currently facing, 41% of them identified an ability to maintain digital trust with end consumer and business clients with the growing risk of fraud. And nearly half of respondents cited modernizing technology (26%) and regulatory compliance (21%) as the key issue. It suggests that banks simply cannot afford to loosen their grip on digital risk and compliance.
And the rewards of being more cyber resilient are worth having. Our research finds that CEOs who adopt a more cyber-resilient approach than the rest achieve 16% higher incremental revenue growth, 21% more cost reduction improvements and 19% healthier balance sheets. What’s more they detect, contain and remediate threats faster and their breach costs are 2X and 3X lower than others.
Challenging the status quo
Unfortunately, the path to gaining such benefits is not always easy. The cyber threat landscape is complex and influenced by increasingly high levels of disruption. The Accenture Global Disruption Index—a composite measure that covers economic, social, geopolitical, climate, consumer and technology disruption—shows that levels of disruption increased by 200% from 2017 to 2022. It may not be banking industry-specific disruption, but the ripple effect is being felt wherever it lands.
Banking respondents are more aware than the global average of the three key forces creating cyber vulnerabilities:
Technology innovation: 62% of banking CEOs ranked the accelerated pace of technology innovation as one of the top risks for cyberattacks, 10% more than the global sample—with 89% rating cyber trust and resilience as highly relevant for emerging technologies, like generative AI and quantum computing.
Supply chain disruption: 36% of banking CEOs rank supply chain as the second highest external risk, far less than the global sample at 51%.
Environmental vulnerabilities: 92% of banking CEOs acknowledge the link to and vulnerability from environmental changes and initiatives, vs 90% of the global sample.
It’s not as if banking executives are unaware of the important role of cyber defense: 98% of banking CEOs acknowledge cybersecurity is a key business enabler but only one-third (36%) strongly agree they have deep knowledge of the evolving cyber threat landscape. And two-thirds (66%) are concerned about their organization’s ability to avert or minimize damage to the business from a cyberattack.
What banking CEOs say
There are some key characteristics that define the cyber-resilient CEO and it’s good to see that CEOs in the banking industry appear to be making better progress in cyber resilience than the global average.
Here’s how it plays out:
Click to view larger
These findings are supported by our conversations with C-suite banking executives across the world and it’s reassuring to see that banking is slightly better than the global average in terms of including cybersecurity on the agenda; 26% of banking CEOs have dedicated board meetings for discussing cybersecurity issues, against just 15% of global average respondents.
Five steps to the cyber-resilient banking CEO
Banking CEOs can watch and learn from the core group of cyber-resilient CEOs who assess cybersecurity across their organizations from a broader perspective, including talent, innovation, sustainability and customers; they proactively take the following five actions:
Embed cyber resilience in the business strategy from the start.
Establish shared cybersecurity accountability across the organization.
Secure the digital core at the heart of the organization.
Extend cyber resilience beyond organizational boundaries and silos.
Embrace ongoing cyber resilience to stay ahead of the curve.
Mitigating risk is a huge part of any bank’s remit and will continue to play an important role in the year ahead. Greater cyber resilience will be a high priority for the banking C-suite, especially in the AI era.
If you’d like to know more about the practical steps of how to become a cyber-resilient CEO, we encourage you to read our report today or get in touch to continue the conversation. What role will risk play in the next year? Watch for our Top 10 Trends for 2024, Banking on AI in January.
Healthplex, a Uniondale-based dental insurance provider, has agreed to pay $400,000 for a 2021 data breach, according to a statement from the New York Attorney General’s office.
The AG’s office said Healthplex had inadequate data security practices that made it susceptible to the data breach that compromised the personal information of 89,955 people, which included 63,922 New York residents.
After a Healthplex employee fell victim to a phishing email in Nov. 2021, a hacker gained access to the employee’s account which contained over 12 years of emails, according to the AG’s office. Some of the emails contained sensitive customer enrollment information, including names, member identification numbers, insurance group names and numbers, addresses, dates of birth, credit card numbers, banking information, Social Security numbers, and member portal usernames and passwords, according to the statement.
“Visiting a dentist’s office can be a stressful experience without having the added concern that personal and medical data could be stolen by bad actors,” Attorney General Letita James said in the statement. “Insurers, like all companies charged with holding on to sensitive information, have an obligation to ensure that data is safeguarded and doesn’t fall into the wrong hands. New Yorkers can rest assured that when my office is made aware of data breaches, we will drill down and get to the root of the problem.”
As a result of the agreement with the AG’s office, Healthplex, which is headquartered at 333 Earle Ovington Blvd., has agreed to pay a $400,000 penalty and adopt a series of procedures designed to strengthen their cybersecurity practices going forward. The company agreed to maintain a comprehensive information security program designed to protect the security, confidentiality, and integrity of private information; encrypt all personal information; implement a reasonable email retention schedule for all employees’ email accounts; maintain reasonable password policies and procedures that require the use of complex passwords; require the use of multifactor authentication for all accounts; and maintain a reasonable penetrating testing program designed to identify, assess, and remediate security vulnerabilities, according to the AG’s office.
Digital banking functions at approximately 60 credit unions have been interrupted by a ransomware attack on a third-party service provider, but there is no evidence that consumer data has been misused, according to the company whose system was compromised.
Ongoing Operations, a credit union information-technology firm, says it experienced a cybersecurity incident on Nov. 26. Ongoing Operations added that it has “no evidence of any misuse of information,” although it is “reviewing the impacted data to determine exactly what information was impacted and to whom that information belonged.”
Neither Ongoing Operations nor its parent company, Trellance, responded to requests for comment.
A spokesman for the National Credit Union Administration confirmed the number of affected entities in a statement Tuesday, adding that the regulatory agency is “in close contact with affected credit unions.” He also said member deposits at affected federally insured credit unions are covered up to $250,000.
The incident was a ransomware attack, according to a Nov. 30 statement from Maggie Pope, the CEO of Mountain Valley Federal Credit Union in Peru, New York. Pope said the next day that online banking and bill-pay services had been interrupted by the attack, but members could still use their debit cards and get cash from ATMs or in a branch. Online banking remains down for the credit union.
The core-banking software provider FedComp notified Mountain Valley of the attack against Trellance, according to Pope. FedComp did not respond to a request for comment.
FedComp’s own services appear to have been disrupted by the attack. Its data center was “experiencing technical difficulties and is under a country wide outage,” according to a notice on the company’s website Nov. 30 that was later removed but is still visible as a Google cached file.
FedComp said at the time that “Trellance is still working on resolving the issue.” FedComp has not clarified whether its data center is still disrupted, but one credit union said Tuesday it expected to regain access to its own FedComp server “soon.”
The credit union, NY Bravest Federal Credit Union, serves New York firefighters and is based in Albany. It uses FedComp’s core-banking services and has been affected by the attack against Trellance. NY Bravest was anticipating an estimate on Tuesday regarding when its services would return, according to a notice on its website.
NY Bravest told members it “went above and beyond” in responding to the outage to ensure members “felt as little disruption as possible,” claiming the credit union built its own database after the disruption to give staff and members who reached out to the credit union up-to-date balances.
“While the other credit unions that were affected by this outage sat and waited, NY Bravest FCU went above and beyond and ensured members felt as little disruption as possible,” the credit union’s notice said.
Before the ransomware attack, Ongoing Operations had failed to patch a vulnerability in the cloud-networking software NetScaler, according to Kevin Beaumont, a cybersecurity researcher who until October served as head of cybersecurity operations at the telecommunications company Vodafone.
Cloud Software Group, the company that owns NetScaler, warned users on Oct. 10 about the NetScaler vulnerability, later dubbed Citrix Bleed, saying it could result in “unauthorized data disclosure.” Cloud Software Group provided information about how to patch the vulnerability with the announcement.
On a 0 to 10 scale used to rate the severity of cybersecurity vulnerabilities, Citrix rated the NetScaler vulnerability a 9.4, which is at the high end of the scale.
On Oct. 23, Cloud Software Group followed up by saying it had reports of “targeted attacks” exploiting the Citrix Bleed vulnerability. A month later, on Nov. 21, federal agencies including the FBI warned that the ransomware group LockBit and its affiliates had been exploiting Citrix Bleed, emphasizing that the move could allow bad actors to “bypass password requirements and multifactor authentication.”
Ongoing Operations is not the only firm that appears to have neglected these warnings about Citrix Bleed. An attack last month against the U.S. arm of the Industrial and Commercial Bank of China (ICBC), which prevented some U.S. debt brokers from conveying trade contracts, also stemmed from the Citrix Bleed vulnerability, according to a report by The Wall Street Journal.
For his part, Beaumont pointed out multiple pathways for preventing vulnerabilities like Citrix Bleed and the fallout they can produce, including having software vendors better secure their products and outlawing ransom payments. At the moment, he said, ransomware actors — often teenagers receiving huge sums of money in ransom payments — are far more powerful than they ought to be thanks to companies accepting ransomware attacks as somewhat normal.
“We shouldn’t have normalized ransomware like we have, especially given the escalating nature of the problem,” Beaumont said.
CYRIN and RIT Create an Enterprise-level Exercise in a Virtual Training Environment
EDEN PRAIRIE, Minn., August 16, 2023 (Newswire.com)
– CYRIN and the Rochester Institute of Technology (RIT) have created a Level 2 Exercise that resides on CYRIN’s virtual cybersecurity training platform. In this exercise, called “Configure an Enterprise Network,” students must configure the firewalls and routers in accordance with the security policies of the organization. The firewalls and routers must be configured to implement policies related to how traffic to and from the internet and between different subnets is handled.
CYRIN has three levels of training – Labs, Exercises and Attacks – on its virtual, cloud-based platform. Level 2 Exercises are robust training exercises that challenge the student to work in a virtual environment to demonstrate proficiency with different scenarios with multiple cybersecurity tools that enhance training and mimic real-world scenarios. In this exercise, which looks at an enterprise network, students use pfSense, an open-source firewall and router used by thousands of enterprises and officially supported by Netgate. Students must be familiar with the pfSense console and web interfaces. Those unfamiliar with pfSense are encouraged to complete the CYRIN “Firewall Configuration with pfSense” lab before attempting this exercise.
This exercise was developed in conjunction with the Rochester Institute of Technology and their Global Cyber Institute. RIT used CYRIN’s patented Exercise Builder tool to create several labs that CYRIN has licensed for use on the CYRIN platform. This exercise is also mapped to NIST NICE Specialty Areas or NIST NICE Work Roles listed below.
Specialty Areas:
Work Roles:
CYRIN is designed for the seasoned cybersecurity professional or the student new to the field. Inexpensive and tailored for a 24/7 schedule, CYRIN labs, exercises and attack scenarios allow for training in a virtual cloud-based environment 365 days a year. CYRIN is also an excellent way for entrepreneurs, small businesses, and others to test their software products. Nearly any operating system that runs on the Intel/AMD x86 or x86_64 architecture can be uploaded to CYRIN as an OVA file or installed directly within CYRIN using the Exercise Builder. To learn more about our labs and content, visit the CYRIN catalog page.
The Team
ATC-NY, based in Ithaca, NY, is the Cybersecurity division of Architecture Technology Corporation, and is responsible for CYRIN development. They work with numerous commercial, educational and government agencies, including the Department of Defense, who helped support the effort to develop CYRIN.
About Architecture Technology Corporation
Architecture Technology Corporation (ATCorp) is headquartered in Eden Prairie, MN. ATCorp specializes in advanced research and software-intensive solutions for complex problems in Information Security, Cybersecurity, Enterprise-Scale Network Computing, AI, and Machine Learning. To read more about their products and services, visit ATCorp at https://www.atcorp.com.
EDEN PRAIRIE, Minn., May 23, 2023 (Newswire.com)
– CYRIN, a virtual cybersecurity training platform from Architecture Technology Corporation, now has certification available on three courses taught by world-renowned cyber expert Kevin Cardwell.
CYRIN’s Fundamentals of Cybersecurity Series takes you from beginning to advanced cyber defense techniques over the course of three, 40-hour, self-paced courses. Each course includes over a dozen interactive labs and activities.
CYRIN Certification is available for each course in this series.
Courses start with Cyber Security Skills Foundation and move to Essential Defense Tactics – a solid core program that enhances and advances your skills gained in the Foundation course. Certification finishes with Advanced Defense, where you learn advanced methods of defense that bring you closer to establishing security best practices and methodologies that can be applied in any environment.
Full courses include videos, background materials, quizzes, and multiple interactive CYRIN labs to enhance your learning experience. Courses are self-paced and taught by Kevin Cardwell. The CYRIN platform allows you to pause and come back to the course at any time within your subscription period.
WHAT DO I GET WHEN I AM CERTIFIED?
A digital badge that can be exported to Badgr for use on LinkedIn and other sites.
A printable certificate of successful completion, including the number of CPEs earned.
A badge icon you can include in your e-mail signature, resume, and social media pages.
HOW DO I EARN A CYRIN CERTIFICATION?
Complete all the prerequisites for the certification course.
Successfully complete the certification course; successful completion requires a passing score in all labs and quizzes that are part of the course.
WHY CYRIN CERTIFICATION?
CYRIN certifications validate your skills, enhance your credentials, and increase your marketability. These courses allow you to expand or refresh your cybersecurity skills or begin a new career in cybersecurity.
CYRIN provides a number of benefits
CYRIN improves upon existing cyber range systems with four central innovations:
(1) It provides a fully interactive, independent online exercise interface for each student.
(2) It’s always available and accessible from anywhere with no special software required.
(3) It’s able to monitor student progress against learning objectives within practical exercises and
(4) It’s virtual “hands-on” training, so students learn by doing. It resides in the cloud and requires no physical classroom, which saves time and money.
For more information, visit CYRIN, try a free lab, sign up for a demonstration, or call (800) 850-2170.
The Team
ATC-NY, based in Ithaca, NY, is the Cybersecurity division of Architecture Technology Corporation, and is responsible for CYRIN development. They work with numerous commercial, educational and government agencies, including the Department of Defense, who helped support the effort to develop CYRIN.
About Architecture Technology Corporation
Architecture Technology Corporation (ATCorp) is headquartered in Eden Prairie, MN. ATCorp specializes in advanced research and software-intensive solutions for complex problems in Information Security, Cybersecurity, Enterprise-Scale Network Computing, AI, and Machine Learning. To read more about their products and services, visit ATCorp at https://www.atcorp.com.
A cybersecurity researcher says he discovered a public, unencrypted database earlier this year associated with a business banking fintech that contained more than 1 million names, physical addresses and phone numbers of consumers and business owners who used a certain invoice-creator app.
The database is said to have been secured in January, and where the fault for any vulnerability lies is murky. But the incident highlights the widespread problem of unprotected online databases — which sometimes are linked with seemingly innocuous, free apps — that present risk management challenges for players from digital startups to large banks.
The security researcher, Jeremiah Fowler, announced the disclosure Wednesday and said the database belonged to NorthOne, a Toronto-based fintech offering mobile-first banking to small businesses, because the invoices he found in the database say “powered by NorthOne.”
NorthOne CEO Eytan Bensoussan told American Banker that, despite appearances, the vulnerability actually stems from an app called InvoiceMaker that is not connected to NorthOne. He acknowledged that some of the people who helped build the app now work for NorthOne and that the company marketed itself with the app, but the app has “no product, technology or corporate connection” to his fintech.
“NorthOne is a completely separate entity from InvoiceMaker,” Bensoussan said.
Yet NorthOne launched a free invoice creation tool in 2018, according to multiple news reports. The app, which prominently featured NorthOne’s old logo and branding, used both the names Invoice Maker and Free Invoice. As of June 2022, the app had 4,900 ratings on the Apple app store.
Invoices in the database, which was not password-protected, included names, physical addresses, email addresses, phone numbers and details about the services provided.
Jeremiah Fowler
Despite the invoice app using NorthOne’s old logo, “there is no crossover between databases,” Bensoussan said in an email. In explaining why NorthOne’s old logo appeared in the app, he said NorthOne once “leveraged Invoice Maker for awareness purposes, but as you can see from the outdated logo, that was a long time ago.”
Bensoussan said his team terminated the invoice creation service after Fowler told them about the vulnerability in January, and NorthOne’s invoice creation app is no longer available on the app store. Fowler said the database he found is also now secured, thanks to his disclosure.
In his comments, Bensoussan played down the importance of the vulnerability, saying the invoicing app had “no payment capabilities and did not involve any payment data.” Rather, the app was “a free PDF generator for invoices,” he said, adding it had “as many as 20,000 users at its most popular but was due to be sunsetted later this year because it had run its course.”
Security researcher Brett Callow said he could not comment on the specifics of this invoice data vulnerability but noted that it is often difficult to determine the significance of exposed databases. Often, it is not necessarily clear even to the company that manages the data whether anybody other than the researcher who discovered it accessed the data, he said.
Invoices found in the database also feature NorthOne branding. The fintech’s CEO maintains the company affected a now-defunct invoice creation tool, not NorthOne.
Jeremiam Fowler
“Still, even if it was only a researcher who accessed a database, that means an unauthorized third party had access to information — and that’s a data breach,” Callow said.
Ali Allage, CEO at Bluesteel Cybersecurity, offered a different take, saying a data breach occurs when data is taken without the knowledge or authorization of the system’s owner. That does not appear to be the case here, she said, for which NorthOne should consider itself lucky.
“This organization got extremely lucky that this didn’t snowball into something worse and having to deal with much larger consequences,” Allage said.
Bensoussan said “no breach or leak occurred,” adding “we have confirmed no data was ever compromised or made public.”
As of Friday, no state attorneys general had reported any data breaches from NorthOne, Free Invoice or Invoice Maker, suggesting the responsible party has not reported the breach pursuant to any of the state laws governing data breach disclosures.
According to Fowler, his interaction with Bensoussan — an email in which the CEO let the researcher know the vulnerability had been taken care of — provided no indication that he had misidentified the responsible party. Had he messaged the wrong company saying he found their exposed database, “they would have been very eager to tell me that it does not belong to them,” he said.
Bensoussan said he is “thankful that the issue has been addressed” and said Fowler called his team’s attention to the vulnerability before it escalated into a breach.
“In this case, the system worked as intended with a security researcher helping to address a problem before it became an issue,” Bensoussan said.
Invoices are a “goldmine for criminals,” according to Fowler, because they can target victims using both the contact information they glean from the documents and the details of private transactions.
“The criminal could reference the real invoice number and transaction details, making it difficult for the victim to doubt the scammer’s legitimacy as a representative of the company or service provider,” Fowler said.
The database was so easy enough to find, Fowler said, that it would have required little expertise for a criminal to get to it — and no password to decrypt the files once found.
Fowler monitors multiple IoT search engines to find the data, including the exposed database of invoices. IoT search engines scour the web for internet-connected devices like webcams and smart home appliances. Shodan is a popular example; others include Censys, GreyNoise and ZoomEye.
According to Fowler, the incident is an example of why companies need to establish good processes for and relationships with security researchers, since the analysts work to protect data and plug security vulnerabilities. In many cases, including this one, they do so free of charge.
“The biggest thing is that companies need to take that extra step and realize that, if you collect data, it’s valuable to somebody other than you,” Fowler said.
TMX Financial, which operates title loan brand TitleMax and other services, publicly disclosed on Thursday that it suffered a data breach exposing the personal information of 4.8 million people, including their Social Security numbers.
The company said in a letter to affected consumers that it detected suspicious activity on Feb. 13 and concluded on March 1 that there had been a breach starting in December. Hackers stole the data between Feb. 3 and Feb. 14, according to the letter.
The specific information involved in the breach, according to TMX, “may have” included names, dates of birth, passport numbers, driver’s license numbers, federal or state identification card numbers, tax identification numbers, Social Security numbers, financial account information, phone numbers, street addresses and email addresses.
One measure financial companies can take to protect personally identifiable information (PII) on consumers is to collect less of it, according to James McQuiggan, a security awareness advocate for cybersecurity awareness training platform KnowBe4.
“One of the most critical steps companies can take to protect PII is collecting only the data necessary to conduct business and storing it securely so unauthorized parties cannot access it,” said McQuiggan. “Organizations should also ensure that any third-party vendors or partners they work with are implementing strong cybersecurity measures.”
Among financial companies, the breach is the largest so far this year to be reported to the Maine attorney general’s office, which publishes reports about data breaches affecting any Maine resident.
The data breach is not the only trouble TMX has faced this year. The Consumer Financial Protection Bureau announced on February 23 that it would fine TitleMax $10 million for violating the Military Lending Act. TitleMax allegedly provided title loans to military families illegally and, oftentimes, by charging nearly three times the 36% annual interest rate cap, according to the CFPB — a practice that it has allegedly engaged in since 2016.
Debt collector NCB Management Services also reported a large data breach earlier this month. On March 24, the company told the Maine attorney general that hackers stole data from 490,000 consumers, specifically information about their ID cards and Bank of America credit card accounts. That breach did not impact Bank of America’s systems, NCB emphasized in a letter to affected consumers.
So far this year, 10 other financial companies have reported data breaches affecting more than 500 people. The bank or credit union with the largest breach so far this year is Hatch Bank, which had 140,000 consumers’ data stolen. In that case, hackers exploited a zero-day vulnerability in file-transfer software known as GoAnywhere, according to a letter the bank sent to affected customers.
ATLANTA, July 28, 2022 (Newswire.com)
– Rausch Advisory Services LLC, a leading veteran-led & owned Business Advisory firm headquartered in Georgia, announced today that it has been awarded a General Services Administration (GSA) Multiple Award Schedule (MAS) Contract (CONTRACT #47QRAA22D00BC). This award provides all Federal Civilian Agencies (FCA), Department of Defense (DOD) agencies, and state and local governments the ability to purchase professional services in Internal Auditing, Highly Adaptive Cybersecurity, and Accounting & Finance from Rausch Advisory Services through the approved GSA Schedule Contract.
“We are incredibly proud of this achievement. This contract is further validation of the unmatched value we bring to our clients and the trust that they have placed in us,” said Michael Lisenby, CEO of Rausch Advisory Services LLC. “Through our delivery model we have successfully performed services for clients nationally in every business sector across 23 countries to date. Our expertise and our customer oriented results coupled with a transparent pricing model and the strength of our team, ensured our credibility with the GSA and the award of the contract.”
One of Rausch Advisory Services’ differentiators is the Rausch Assessment Platform, which delivers assessments in up to 46 languages to help our clients manage their regulatory compliance concerns. This, together with an experienced hiring model, has been instrumental in Rausch Advisory Services’ growth in the areas of Finance & Accounting, Internal Audit, Information Security, and Professional Personnel Placement.
“This is an ideal opportunity for Rausch Advisory Services to enhance and grow their service offerings in the government sector,” said Marie Mouchet, Rausch Advisory Board Member and former CIO. “Rausch is a uniquely positioned company to deliver excellence in this new partnership.”
ABOUT RAUSCH ADVISORY SERVICES LLC:
Founded in 2013, Rausch Advisory Services is headquartered in Atlanta, GA, with a west coast office in San Francisco. Rausch serves clients in the areas of Finance & Accounting, Internal Audit, Information Security, and Professional Placement. Rausch delivers innovative solutions that address compliance, enterprise risk, information technology, and human resource capital. Rausch delivers globally through project lead solutions, co-sourcing, staff augmentation, professional placement services, and customized technology deployment. For more information, visit https://rauschadvisory.com
Press Contact Information Name: Michael Lisenby Email: mlisenby@rauschadvisory.com
NEW YORK, December 8, 2021 (Newswire.com)
– Cobwebs Technologies announced today that The Globee® Awards, organizers of the world’s premier business awards programs and business ranking lists, has named Cobwebs’ Web Investigation Platform, a winner in the Annual 2021 Disruptor Company Awards. These prestigious global awards recognize disruptive technologies and innovative solutions that are transforming consumer experiences everywhere.
Cobwebs’ powerful web intelligence solution monitors online activity, collecting and analyzing data of endless digital channels – from the open, deep, and dark web, to mobile and social. Our exclusive deep and dark web monitoring technology extracts targeted intelligence from the web’s big data using the latest machine learning algorithms, automatically generating critical insights.
“We are proud to be recognized as an industry player whose Web Investigation Platform has been named a winner by the Globee Awards,” said Udi Levy, CEO, Cobwebs Technologies. “Behind this distinguished success is our product innovations and relentless drive to stay customer-focused. We believe this recognition from Globee Awards further validates our commitment to our customers.”
Judges from around the world representing a wide spectrum of industry experts participated in the judging process.
“Disruptive technologies and solutions are transforming consumer experiences everywhere while consumer and end-user needs are continuously evolving,” said San Madan, co-President of Globee Awards. “Legacy systems are not always fast enough to accept and respond to such needs.”
Disruptors are companies that have the potential and competence to displace existing solutions, companies, and even entire industries.
To be eligible to participate, a business must be a privately owned company that’s operating for profit, must be independently owned and not a subsidiary, and can be located anywhere in the world.
Disruptors are highly persistent, mostly beginning from scratch without the constraints of traditionally accepted processes or business models. They use technology and modern tools to achieve end results. Disruptors do things differently and are not hindered by existing ways of industry stalwarts. They are ready to take on an enormous challenge and find solutions for the biggest pain points customers experience.
About Cobwebs Technologies
Cobwebs Technologies is a worldwide leader in web intelligence. Our innovative solutions are tailored to the operational needs of national security agencies and the private sector, identifying threats with just one click.
Cobwebs solutions were designed by our intelligence and security experts as vital tools for the collection and analysis of data from all web layers: social media, open, deep, and dark web. Our web intelligence platform monitors these vast sources of data to reveal hidden leads and generate insights. Our exclusive technology extracts targeted intelligence from big data using the latest machine learning algorithms, automatically generating intelligent insights.
For further details contact us @: info@cobwebs.com
A recent survey unveils some harrowing stats regarding the highly-risky online behavior of travelers.
Press Release –
updated: Sep 29, 2019
HONG KONG, September 29, 2019 (Newswire.com)
– 70% of travelers frequently engage in risky internet activities while traveling, reported in a survey sponsored by IBM. The survey was conducted by Morning Consult on behalf of the company and provided a holistic report on the ever-growing digital threats in the travel industry.
The travel industry is booming at an exponential rate. According to the US Travel Association, the US travel industry alone enjoys an economic output of $2.5 trillion in 2018. Moreover, during the same period, travelers spent $1.1 trillion.
Travelers may be spending a hefty cost on their international trips, but they don’t seem to be putting much effort on their cybersecurity. According to the IBM sponsored survey, only 38% of the survey respondents say that they put efforts in securing their online data while traveling, while 12% of the respondents put minimal efforts, 7% put no effort at all and 11% said that they are either not sure or they just don’t know.
The same report continues with further harrowing insights into the risky behaviors of travelers. The report found that over 70% of the respondents (leisure and business travelers) connected to a public Wi-Fi while traveling or enabled auto-connect for immediate connectivity. Both of the practices tend to put those travelers at serious risk of identity theft, data theft, and other similar cyber threats.
In fact, 1 in 7 survey respondents claimed that they were a victim of personal data theft once or multiple times.
PureVPN believes that such security risks can be overcome by considering cautionary practices while on the road. For instance:
Travelers should be cautious while connecting to a public internet hotspot. For better security, a VPN should be launched before connecting to the Wi-Fi. Its features like military-grade encryption, Kill switch, or IP leak protection keeps users’ security as well as privacy protected.
Unneeded auto connectivity feature should be turned off such as Wi-Fi, Bluetooth, etc.
Use the point-of-sale systems at restaurants or stores that are secure.
Avoid using ATMs outside malls or on streets because they are more prone to skimming.
