Cybersecurity Best Practices To Keep You Safe Online

While the internet has made shopping, banking, socializing and traveling easier than ever, it’s left the public open to new types of security risks. According to the Identity Theft Resource Center (ITRC)’s data breach analysis, there have been 2,116 data compromises in the first three quarters of 2023. Of those, the most reported cause is cyberattacks, followed by ransomware attacks and malware attacks. These data breaches affect millions of Americans each year who may have their financial information or identity stolen.

It's almost impossible to not share your information online. So, how can you stay safe from cyber threats? Using some of the best cybersecurity practices is a good first step.

Cybersecurity is the practice of preventing unauthorized access into your electronic devices, operating systems, networks, online accounts and profiles. It helps protect you from having your identity and other personal information stolen and used for criminal activity. It also helps businesses store your information safely, locked away from cybercriminals or hackers.

You’ve heard of an alarm or security system for the home. Think of a cybersecurity plan as one for your devices instead. To ensure a heavily guarded online presence, add the following security measures to your plan.

1. Use A Strong Password

Your password is one of the first and most obvious guards against unauthorized access to your accounts, so it’s imperative to create a strong one. The number one rule when it comes to creating a strong password is to avoid easily guessed words and number sequences (like a spouse or pet’s name, a birthday or an anniversary). There are other tricks, too.

• Avoid anything a hacker may be able to guess based on perusing your office or social media accounts (your college, favorite color, sports team or place of work).
• Include upper-case and lower-case letters as well as numbers and characters if you can.
• Make your password long – at least eight characters – and make it a phrase or several words strung together.
• Change your password frequently, every 90 days or so.
• Use different passwords for different accounts.
• Use a password manager, which stores all your passwords, so you don’t need to remember all the different ones.

2. Use Multifactor Authentication

Multifactor authentication adds an extra layer of security. It requires you to use at least two pieces of evidence to verify that it is you who is requesting access or a service. One common example is having a code sent to your mobile device that you must verify after you successfully enter your password.

3. Don’t Get Tangled In A Phishing Net

Phishing scams involve sending emails, social media messages and other forms of communication that claim to be from a familiar person or trusted company. The scam gets you to click a link that installs malware on your device or gets you to give up your personal data, banking information or passwords. Smishing scams do the same thing through text messaging, or a Short Message Service (SMS).

To avoid these scams, check for the following red flags:

• You don’t know the email address, or the email address is coming from a personal account (like Gmail) instead of the business it’s claiming to be.
• The language used doesn’t sound like the trusted, familiar person they are claiming to be.
• The message is very generic, often with no personality.
• The message is poorly written, with bad grammar, typos and misspellings.
• The message plays on your emotions, offers an incentive to respond or click a link or creates a sense of urgency.
• The email includes an attachment to download or tells you to click a suspicious link. Always hover over links to see where the address takes you. Do not click the link! If the address that pops up when you hover over the link looks suspicious or is not a site you know, do not click.

4. Consider Your Wi-Fi Network

Public Wi-Fi is usually unsecured because you don’t often need a password to use it. This type of network makes it much more vulnerable to hackers and other cybercriminals. From public Wi-Fi, a hacker can see your location data and search log-in data saved on your browsers, find entry points and access control over your device.

When connecting to public Wi-Fi:

• Use a virtual private network (VPN) to encrypt your data and hide your information.
• Check to see that you have multifactor authentication and antivirus software on.
• Quit all apps you aren’t using and avoid providing personal information while on public Wi-Fi. For example, save your banking for when you’re on a trusted, password-protected network.

5. Build Your Defense

Along with passwords, multifactor authentication and VPNs, there are other tools that help you build a defense against cybersecurity threats. A firewall works almost like a Customs and Border Protection for your network. It takes the security rules set by you or your company and applies them to all incoming and outgoing traffic it’s monitoring. Based on these rules, it will allow or deny such traffic from coming into your network.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages vulnerability assessments throughout the year, cybersecurity update newsletters, antivirus protection systems and controlled folder access.

There are many companies that offer these tools, including Microsoft, CISA and Google.

6. Lock Your Device

Whether in your office, a coffee shop or in the comfort of your own home, you should always lock your computer, tablet, mobile phone or other electronic device when you step away from the screen. Leaving your computer signed in with the screen on is like leaving the door of your home wide open while your family goes on vacation for a week. Even if you don’t have any browser windows or documents open, you could still be providing access to sensitive files and other information. If you’re in the office, you may have a disgruntled team member or someone who doesn’t have the same security access as you. And even in your own home, curious children could accidentally click a suspicious link. With or without kids, if you do work from home and your work includes handling private data, others in your household – whether a significant other or roommate – should not be able to view it.

7. Know Your Vulnerabilities

Part of cybersecurity awareness is knowing what your vulnerabilities are. What makes you a cybersecurity risk?

• Is your password strong? Are you using different ones for each account?
• Do you leave your computer open when you walk away for a moment?
• Do you often use public networks? Do you work from public places, like coffee shops?
• Are you questioning emails and text messages from unknown senders and reviewing them for red flags?
• Do you handle other people’s personal information?
• Have you or your business organization reviewed CISA’s Known Exploited Vulnerabilities Catalog?

Cybercrimes can put your finances and your identity at risk. They can even spread to victimize your loved ones, too. It’s important to know how to stay safe online and know how other businesses are being safe with your information, too. Following best practices and asking the right questions helps.

What can be taken by cybercriminals?

Cybercriminals can take information such as your name, address, phone number, Social Security number, bank accounts, credit card information, emails, location, reputation and other sensitive information. If they attack your business, they can take your clients’ personal information and any insider, sensitive data on the company itself.

What is information security?

Information security, also called InfoSec, is the practice of protecting people and systems against the unauthorized access and use of information.

Where can I find more information on cybersecurity?

There are several trainings and exercise offerings from reputable companies and government agencies, including Microsoft, CISA and the SANS Institute. If you work for an organization that uses computers and internet, they likely have an IT or tech team with plenty of knowledge in cybersecurity. Ask for a training or some time to meet with them one-on-one to hear their best tips and tricks. They may even be happy to conduct a cybersecurity audit of your work or personal computer. 

What should I do if I’m a victim of cybercrime?

If you are the victim of cybercrime, there are a few steps to take to help you avoid future damage. First, you’ll want to document everything that has happened and file a report to local authorities. You can also file a complaint to various government agencies, including the Federal Trade Commission (FTC) or the Internet Crime Complaint Center (IC3). If your Social Security number is stolen, report it to the Social Security Administration (SSA) by calling the hotline at 1 (800) 269-0271 or online at OIG.SSA.gov.

Along with reporting the crime, take these critical steps:

• Freeze or close the compromised account.
• Change all your passwords.
• Continuously monitor your bank accounts, credits cards and online shopping accounts for any suspicious activity.
• Review your credit report monthly to spot any red flags and new accounts you did not open.

How is Rocket Mortgage^® keeping my information safe?

The process of getting a mortgage or refinancing the one you have involves verifying certain information, including your identity, employment and finances. To do this, we collect information such as your name, Social Security number, contact information, property location, income, assets, net worth and bank information. It can be scary providing all this information online – but know that we work hard to keep your information safe. Here are just some of the ways we do that:

• We use bank-level encryption to keep your data secure.
• We constantly monitor our site for potential threats.
• Every team member is required to go through annual cybersecurity training and puts it into practice through various training exercises throughout the year.
• We do not sell any data or use it for any other purpose not outlined in our Security and Privacy Policy.

Keeping personal and business information private is essential. Doing any kind of business over the internet makes it even harder to keep such data secure. Employing these best practices and working with businesses who make your online safety a top priority can help keep you safe and provide peace of mind. Rocket Mortgage always keeps your security top of mind and we put strict security measures into practice in all our day-to-day operations. Feel secure throughout the mortgage process – start your application with us today.