Don’t save passwords to your browser or phone
Locally stored browser passwords were designed for ease and efficiency, but now are making it equally easy for criminals to take over your computer, files and network. New forms of malware steal passwords stored in web browsers and fraudsters can take over and lock you out of your accounts. If you have banking information stored withing an app for monthly payments (Netflix, bills, Amazon etc.) once a fraudster has access to your account, they also have access to your credit card or banking information.
Action steps:
Do not save passwords to browsers. Weak websites can grant access to your browser cookies and your passwords and allow fraudsters to steal all your passwords.
- Routinely update your browsers to the latest version.
- Use VPN when surfing the web, banking and any app with any banking or personal information (whether you are on your PC, laptop, tablet or phone).
- Use Multifactor Authentication (MFA) for all applications including social media. Don’t store passwords in phone wallets unless you are using MFA (like biometric access) to access the applications or fraudsters can take over access to your phone.
- Use unique, long and strong passwords for all applications (12+ characters with a mix of letters, numbers and punctuation) and never share the same or similar passwords across social media, banking and work accounts.
- Try not to connect multiple social media accounts together, or register using your Google, Facebook or other accounts. If one is compromised, then the others are also at risk.
- Be careful of smart devices like Echo, Alexa, cameras, thermostats etc. which may not be secure. Put these on a separate Wi-Fi network at home from the network where you work or do online banking.
- It is not enough just to delete an app. You need to unregister so that your account information is also deleted. Otherwise, it remains indefinitely on the app server and can be compromised.
See our updated CTR Cyber page with guidance and tools for assessing your cybersecurity internal controls and additional Ransomware Preparedness and Mitigation resources. Departments should contact [email protected] with any incidents or suspected incidents of fraud or cyber threats.