It is no secret that the Covid-19 disease is hurting both people and economies alike. Many analysts forecast economic problems and a recession for the upcoming months, and many countries are already experiencing the consequences of the forced freezing of normal economic activities. Peru’s lock-down and curfew measures, for example, caused a huge 40-percent reduction of its Gross Domestic Product in April, while in the United States over 40 million people had already filed for unemployment benefits. You do not need a degree in economics to tell that things are going to be harder than usual in the following months.
The main financial risk no one is talking about these days, however, is cybercrime. As companies are moving its operations online and people start working and buying from home, cybercrime has been soaring. It is important to understand what the risks are and how to protect your finances, so I wrote this article to easily get you started.
First, let’s identify the risks. Cybercriminals want either money or valuable information that may lead them to get money. In both cases, they need access to your accounts. As they see it, it is faster to steal working passwords than to try to break into secured Internet servers.
They have two ways to achieve that: They may either try to trick you to give them your credentials, or they may try to copy them when you type them in your computer or mobile phone. The first way is called “phishing”, and the second one uses a type of spying software called a “key logger”.
How to protect yourself
Now that you know what they are after, protecting yourself becomes easier. Start with these five steps:
Use separate web browsers
Use a different web browser exclusively for your money matters. Yes, as simple as that: a browser for your normal browsing and another one to log in to your online banking accounts. That way, if you ever visited an infected website and unknowingly download some kind of spyware, the thief will never be able to learn about your money matters. They will simply be somewhere else.
This also applies to your work URLs. Use yet another browser to work online, as possible. Just as hacking a tax attorney while trying to log in to his favourite tax resolution software could be disastrous for his clients’ data, hacking you could be disastrous for your business (or boss!). Think ahead. Even if your job does not contain such level of sensitive information, it is better to be safe than sorry.
Now, some of you could raise an eyebrow before the idea of using a web browser for each kind of online activity, so there is an alternative: Firefox Containers. Containers isolate some web pages from the others, just as you would do while working with different browsers.
Clean your browser often
It is a healthy habit I do at least once a week. Do not clean your browsing or downloads history if you do not want, but do clean cookies and cached files often. That will wipe any naughty files you may have downloaded over the last few days.
Use a separate email address too
Because of the same reason as before, if you use an email address for your everyday messaging, then open another one exclusively for your money matters. Keep it a secret. If your main email account ever gets hacked, there will be no financial information about you to extract there. Bad luck, thieves.
Type and bookmark the important URLs
Most “phishing” attacks (the ones that try to steal your credentials) will arrive as links from emails, instant messaging, SMS or social media updates. Never access your financial institution through those links. Open your browser and type them yourself, or load them from your bookmarks. Most of the times the difference in the URL will be just one character, and you may fail to notice it. Not clicking by habit is the best defence against that attack.
Install good software
Although the main risk for key loggers is in counterfeit software, truth is there are many mobile phone apps that are often not as unreliable as they look. For example, some time ago I downloaded a nice alternative mobile phone keyboard only to find a few days later that it was transmitting data to the Internet. Why? I did not know. What data? What did I type? I did not know either, so I removed it. Most likely, I will never know what it was transmitting or to whom.
Just like that one, there are many apps asking for permissions they do not really need to work. Take a deep look at those permissions settings. You may discover some surprises, like apps that want to know your location or access your camera for no specific reason. Block those unnecessary permissions clicking on their respective icons. Why is it important? Because mobile phone permissions are open permissions. If you allow an app to access your microphone, it will be able to access it whenever it wants, and not necessarily when you are using that app. At the time of this writing, there is no way to restrict it! Always treat unnecessary permissions as always a potential security risk. Do not grant them lightly.