Cybersecurity Book Review. PHOTO: Cybercrime Magazine.

14 Cybersecurity Tips From A Former Supervisory Special Agent, FBI Cyber Division

How to avoid becoming a victim of cybercrime

Steve Morgan

Northport, N.Y. — Feb. 5, 2019

Scott E. Augenbaum, a thirty-year FBI veteran, has authored a book that can save your digital life. He offers an ingeniously simple plan to protect yourself from cybercrime – which is predicted to cost the world $6 trillion annually by 2021.

Let’s face the facts … you, your family, or your business have been — or will be — hacked. Cybercrime is an inevitable reality that will touch all of us at one point or another.

Augenbaum’s book — The Secret To Cybersecurity: A Simple Plan To Protect Your Family And Business From Cybercrime — opens with what he calls ‘The Four Truths’:

Truth One: Nobody expects to become a victim.

Truth Two: You’re probably not getting your money back.

Truth Three: The bad guys probably aren’t getting arrested.

Truth Four: A majority of cybercrime can be prevented.

Yup, you read that last one correctly and it’s worth repeating: A majority of cybercrime can in fact be prevented.

How exactly do you protect your family and business from cybercrime? Augenbaum’s book answers that question, and it does so in plain English that anyone from a complete technical novice to an experienced cybersecurity pro can understand.

The book pulls no punches. Augenbaum asserts “Don’t use Yahoo! For email.” (here’s why cybersecurity experts agree with him)

The editors at Cybercrime Magazine urge you to buy The Secret To Cybersecurity.  At $17.70, it’s the best money you can spend on cybersecurity. Meanwhile, we’ve pulled out fourteen tips from the book – which you can immediately benefit from:

Think Before You Click. Become a human firewall and examine every email you receive. Understand that bad guys desperately want you to click a link or open an attachment in an email. Unless you’ve thoroughly validated its authenticity, don’t click on it.

Mobile Device Security. Use strong passwords or fingerprint / biometric features to secure your cell phone. Doing so will protect your phone if it’s lost or stolen. Remember that clicking a link in a text message can cause ransomware or a virus to be installed on your smartphone.

Password Safety. Do not use the same username and password for mission-critical accounts. This includes email, social media, cell phones, banking, and e-commerce. Never disclose your username and passwords to someone else, even if it’s a family member. While a family member won’t want to do you harm, someone who steals from them might gain access to your credentials.

Strong Passwords. Your passwords should be at least 12 characters, and preferably longer (15, 20, 25 characters) — and include upper and lower case letters, numbers, and at least one special character. Don’t enter your passwords on devices you don’t own (i.e. computers connected to public Internet / Wi-Fi at libraries, hotels, cafes, etc.) because the networks aren’t safe (and your credentials can be stolen).

Two-Factor Authentication. Realize that the bad guys want to use your email account as a weapon to attack your family, friends, work colleagues, and others. Only use email providers (except Yahoo!) that offer two-factor authentication (2FA), such as Gmail, Outlook, and iCloud. (what’s 2FA and how to turn it on in less than 5 minutes)

Social Media Safety. Install 2FA on social media platforms such as  Facebook, Twitter, Instagram, and LinkedIn. Only open links such as friend requests on Facebook and connection requests on LinkedIn through the actual apps. Don’t click on the links that are sent through emails or messages on your phone.

Cloud Security. Implement 2FA for any wire transfer. Utilize 2FA for company email — most BEC (Business Email Compromise) scams are successful because cybercriminals gain access to employers’ email accounts. Never send a wire transfer based on the contents of an email; call someone directly or meet face-to-face with the person initiating or invoicing the wire transfer to verify the payment details.

Real Estate Rip-Offs. Carefully scrutinize all emails related to real estate transactions, paying special attention to the sender’s email address. Make certain it’s not a spoofed email account and compare it to other emails you’ve received from that person in the past. If you’re a buyer or seller, never rely on information about a wire transfer that’s included in emails or text messages. Call the sender or meet them in person if you’re being asked to execute a wire transfer.

Work-From-Home Nightmares. Avoid stay-at-home job descriptions that include reshipping, accounts receivable, and billing clerk. They’re usually scams. Never accept a position that requires depositing money into your bank account and then wiring it to different accounts. In nearly every case, you’ll be laundering stolen money for the bad guys. Never provide credentials of any kind, such as bank account information, Social Security number, or any other personally identifiable information in response to a recruiting email.

Finding Mr. or Mrs. Wrong. Beware if an individual seems too perfect or knows too much about you. Beware if an individual is attempting to isolate you from family or friends. Beware if someone requests inappropriate photographs or financial information that could later be used to extort you.

Ransomware. Identify your most important data and regularly back it up, always verifying the integrity of those backups. Backups are critical in ransomware attacks. If you are infected, your backups might be the only way to recover your critical data. Most importantly, as always, think before you click or open an attachment. Ransomware is usually installed when the victim clicks a link or opens an attachment.

Better Online Banking. Purchase a separate computer for online banking and don’t use it for any other purpose — period. Never access bank websites or mobile apps through public Wi-Fi, in places like coffee shops, airports, or hotels. Those networks aren’t secure and are extremely vulnerable to cybercrime. Make sure your mobile devices require a password or biometric authentication. That will make it more difficult for criminals to access your phone (and banking app) if it’s lost or stolen.

Elder Scams. Do not give remote control of your computer to a salesperson or technicians who calls you unannounced. If you receive an urgent or unscheduled call from someone who claims to be tech support, hang up the phone. Ninety-nine out of one hundred times, it’s going to be a scammer. If you receive a call from someone offering you a refund on an antivirus (or other) software subscription, hang up the phone. Do not, under any circumstances, provide them with a credit card number or bank account and routing numbers. It’s a scam, and they’re going to steal your money.

Keeping Kids Safe. Always be aware of what your children are doing online, including what they’re searching for and which websites they’re visiting. Children should be educated about never providing their name, address, date of birth, or telephone numbers to anyone on the Internet. Teach your kids that anything they write and post on the Internet, including tweets, comments, photographs, and videos, is probably going to stay online forever.

These tips barely scratch the surface of Augenbaum’s advice on each topic — but they’re a good starting point until your copy of The Secret To Cybersecurity arrives in the mail.

Our advice? Follow Augenbaum’s advice and you won’t have BEC on your face.

Steve Morgan is founder and Editor-in-Chief at Cybersecurity Ventures.

Go here to read all of my blogs and articles covering cybersecurity. Go here to send me story tips, feedback and suggestions.