Whether you hear about it or not, Cybercrimes and data leaks happen every day. In fact, just this week it came to light that the nearly catastrophic 2013 security breach over at Yahoo impacted ALL 3 Billion (yes, with a B) user accounts “including email, Tumblr, Fantasy and Flickr”. Lump that onto the Equifax debacle and the little-publicized exposure of 14 million Verizon subscribers earlier this year—and you might wonder how you HAVEN’T been the victim of a cybercrime yet.
It’s true—data breaches—hacks—or cybercrime can happen to almost anyone. Fortunately, like with any sort of crime, half the battle is being aware of what the threats are, how you can protect yourself, and what to do if it happens to you. In this three part series, I’m going to outline some of the types of security breaches that can happen to you, touch on a few simple things you can do to protect yourself, and steps you can take should a security breach occur.
Why is this particularly important for investors? Often times, we tend to look for shortcuts in our lives—including things like online passwords. I’ll get into details later, but consider the example that people sometimes use the same password across tools (like email) AND their other accounts (like online investment platforms). If you were one of those people who had their email accounts hacked, and used the exact same email/password combination for other online accounts, you may have had greater exposure than not.
NOTE about Granite Investments Cybersecurity posture/position here?
Types of Cybercrime
Cybercrime can take a number of different forms. From individual attacks to organization-wide ransomware, hackers and cyber terrorists have a variety of tools and tactics to get access to information and data that isn’t there—and use it to get money from their victims—or worse. Knowing what the threats are is half the battle, and—as an investor—you’ll want to familiarize yourself with the following to better protect your investments.
So, when we talk about cybercrime, what exactly are we talking about? According to the Encyclopedia Brittanica, cybercrime is defined as “the use of a computer as an instrument to further illegal ends, such as committing fraud, trafficking in child pornography and intellectual property, stealing identities, or violating privacy.” It’s important to note that while cybercrime primarily focuses on activities that used a computer, much of the activity can happen off-line (like stealing someone’s identity or violating their privacy).
In the context of investing, the following 4 types of cybercrime might have the potential to directly impact you.
According to Investopedia, “Identity theft is the crime of obtaining the personal or financial information of another person for the sole purpose of assuming that person’s name or identity to make transactions or purchases.” In the days before computers and the internet, criminals would riffle through garbage looking for financial documents and credit card bank statements. Today, technology has made it possible for criminals to:
- Tap into corporate databases and steal customer information. This includes the breaches mentioned above.
- Gain access to old or stolen computer hard drives. It’s estimated that worldwide, we dispose of approximately 65 million tons of electronic waste per year, including old computers and mobile devices that include our personal data.
- Leverage online public records and social media networks. We often don’t think about social networks being a tool for identity theft, but consider the fact that you might input your full name, date of birth, home town, schools attended, and all manner of information that can be used to reconstruct your identity.
- Hack directly into networks or computers. This is typically what people think of when they think of when talking about cybercrime.
- Utilize deceptive and misrepresentative email messages. This can be done in a number of ways—first, to misrepresent you to someone else in hopes of tricking them to take action on your behalf, or second, to trick you into divulging some sort of information (like account numbers or passwords) to them.
Spam and Phishing
Spam—which we’re all pretty much familiar with—includes bulk messages that are irrelevant—or inappropriate—typically delivered by email, but could also be via instant message, text or now—chatbots in social networks. Phishing can be an extension of spam, and typically is when the attacker pretends to be a trusted company or person, and tricks the recipient into opening the message in hope of revealing login details, user data or credit card info.
Wikipedia defines Malvertising as “Malvertising involves injecting malicious or malware-laden advertisements into legitimate online advertising networks and webpages.” Essentially, this is the practice of a cybercriminal placing ads on websites that contain links or code that runs either when you load the page, click a link, or download content. Malvertising is so nefarious because it typically leverages running ads on legitimate websites, and then replaces those ads with Malvertising—making it difficult for both the website and the visitor (and the visitor’s security tools), to protect the user.
One additional thing to consider is that these aren’t just limited to your computer. The prevalence of mobile devices over the last ten years has provided cybercriminals new channels in which to operate. According to CNN, “What makes these portable devices such juicy targets for criminals is that they are rife with personal and financial information. For example, many phones have banking features baked in, and criminals can use “Trojan horse” viruses to milk them dry using SMS services that charge per text.”
Have you or someone you know been a victim of cybercrime? If so, how did you handle it? Did it impact just one aspect of your life, or did it affect other areas?
Past performance is no guarantee of future results. Returns are presented net of management fees. There can be no assurance that any of the securities referred to herein were produced for or remain in portfolios managed by Granite Investment Advisors. A complete list of all Granite Investment Advisors’ recommendations within the preceding year is available upon request. It should not be assumed that recommendations made in the future will be profitable or will equal the performance of the securities described herein.