Cybersecurity Essentials

Cybersecurity Essentials for the Everyday World (Part 1)

4.3.19

Scaring yourself about, or worse ignoring all the dangers online won’t do you any good.  Instead start weaving security into your life in both big and small ways to help make a difference in your security. In this two-part series, I will present a few practical security measures that can help prevent fraud in your everyday world.

Checking Your Bank and Credit Card Accounts Regularly

Maybe I’m just too much of a CPA, but I check each of my bank and credit card accounts everyday for unusual activity. I brew up the morning coffee and go through them one by one as I’m looking through the morning news. After both my wife and I experienced fraudulent activity on both our bank and credit card accounts, she’s asked me to look through hers as well, which I gladly do for the protection of our overall family finances. Being regular on-line purchasers, it’s sad, but we find something happens at least once each year that has to be reported.

In fact, a few years back someone somehow obtained my debit card number and bought about $600 worth of prepaid phone cards before I detected it. I got everything back, but it took almost a month. It’s nice to have the money back but it can be difficult to explain to those who bounced your checks because your balance happened to be running too low during the period of time you were waiting for the bank to recover the stolen funds!

What you want to watch for are charges that are less than a dollar or two from unfamiliar companies or individuals. Thieves who are planning to purchase a block of stolen credit card numbers often test to check that the accounts haven’t already been canceled by aware customers, by sending a small charge through, sometimes for only a few pennies. If the first charge succeeds, they’ll buy the stolen data and make a much larger charge or purchase. They’re guessing, often correctly, that most cardholders won’t notice such a tiny charge.

In general, you have about 60 days to report fraud on your credit card account to exercise your limited liability. If you wait longer than 60 days to report a stolen or lost credit card, you can be held liable for the purchases according to federal law. However, credit card issuers have the discretion to go above and beyond the federal legislation, and many will agree to waive charges even if you are late in reporting. Often banks and card issuers have a zero-liability policy, so you may not owe anything at all. You should check with them to be sure, just in case it happens to you.

Changing Your Passwords Regularly

Everything you read tells you to do it, and many of us just don’t: regularly changing passwords. It’s an essential at least every 60 days or so, especially on websites which protect your financial data.

Most of us drag our feet when it comes to changing our passwords.  That’s generally because creating random, unbreakable passwords simply becomes hard to remember. However, there are tricks you can employ that will allow you to remember your passwords more easily.

One of my favorites is to create a password by taking the first letter of every word in a memorable sentence or lyric and then adding upper and lower case letters, numbers and a few symbols. The sentence can be anything that is personal and memorable for you. For instance, as a cat lover, I may choose the phrase I love to play with my two cats after work. Now I’ll simply reduce the sentence to the first letter of each word only which is Iltpwmtcaw.

While Iltpwmtcaw is a random password, I can improve security by replacing some of the letters with numbers, special characters, and upper and lower case spelling. In doing this, the base password that I have chosen is Il2pwm2C@w, which is considered strong and it’s easy for me to remember.

Let’s take this a step further.  We have all been told that we need a unique password for each of our accounts. How do we do this and still remember all of them? I have a trick for that as well.  Starting again with my base password, Il2pwm2C@w, I add to the end the first three letters of the name of the account.  For instance, for my Gmail account I would use Il2pwm2C@wGma. For Amazon it would be Il2pwm2C@wAma. And so on and so on. Simple, right?

Now when the time comes to change my password, I prefer to keep the memorable base password I created and add on to it a number (or the symbol above the number) to alter it, progressing across the keyboard with each change. For example, my password would change to Il2pwm2C@w2 and followed later by Il2pwm2C@w3, or using symbols it would become Il2pwm2C@w!, to be followed by Il2pwm2C@w@. Anyway, I think you see the point is to pick a password that you won’t forget, and if for some reason you forget the last digit, within a few keystrokes one way or the other you’ll remember it pretty easily.

You might find it interesting that there is an unofficial way to test the “strength” of your password that is built into Adobe Acrobat. The program has a graph that indicates the relative “strength” of your password’s complexity when you choose to use a password to restrict printing, for example. It’s your choice of course as to how “hard” you want your security to be, but if you follow your chosen “algorithm” format consistently, you still won’t forget your password!

Next time in Part 2:  Security pitfalls concerning your computer and smartphone…

Authored by Audit Partner and Certified Fraud Examiner, Brian W. Johnson, CPA, CFE, CCIFP