Staying Cyber Secure in a Digital World

As the season of family gathering and giving approaches, and this year more shopping and philanthropy will be conducted online than ever before. Now is the ideal time to empower yourself and your family, with information that can help to protect against digital threats and make security a top priority.
The discussion will highlight key action steps that everyone should take:
- Enable Multi-Factor Authentication
- Use Strong Passwords
- Recognize and Report Phishing
- Update Your Software
LYNN MARTIN: Hello and welcome. October is Cybersecurity Awareness Month and we are here to share some information with you about how to stay cyber secure in the digital world. I'm Lynn Martin, a cybercrime senior specialist with Bank of America, and I'm here with Rob Ringelspaugh, who is also with Bank of America. Rob, would you like to introduce yourself?
ROB RINGELSPAUGH: Sure, Lynn. Thank you so much. My name is Rob. I'm a senior resolution specialist here at Bank of America, working in our cyber security department. I specialize in fraud detection and mitigation strategies with an emphasis on payments fraud. I've been with Bank of America for about seven years, and prior to my tenure at Bank of America, I spent 15 years in the United States Coast Guard.
LYNN MARTIN: Great. Great. Thanks, Rob. And thanks everyone for joining us today. We really hope to be able to share some insights with you around cybersecurity, things that you can do to keep yourself and your family safe from cyber threats around the world. Just to give you a little bit of the understanding of what we're dealing with when it comes to cyber today, more than 51,000 reports of identity theft were reported to the FBI in 2021. We see more than 15 billion spam emails make their way across the internet every single day, and we saw around 1.3 billion in losses due to deceptive charitable fundraising calls last year. So cyber is real and it is something we all need to be aware. None of this is to frighten you or make you leery of the digital world, but rather to raise your awareness and give you the tools you need to protect yourself in this ever changing digital environment. So let's start with one of the most common things that we talk about on a regular basis, and that is your passwords. Your passwords are your first liner defense. They are the first thing that protect you from cyber criminals. And yet, all too often we take those for granted. When a survey was done last year, we found that around 28% of adults in the US used the same password across all of their online accounts, that about 75% of the people don't really know how to create a cyber secure password. So Rob, let's talk to them a little bit about how to create a secure password and what they can do to make sure that their first line of defense is the best line of defense is the best line of defense possible.
ROB RINGELSPAUGH: Absolutely Lynn. And so if you're like me, passwords can be a challenge. We're always challenged with passwords because we're required to create a complex password. Now, a complex password at the bare minimum, should be eight characters. Optimal strong passwords are between 10 and 12 characters. Now, you may be thinking to yourself, gosh, I can create a 10 to 12 character password just by using maybe an anniversary or a birthday or your home address. And those things are some of the worst ways to create a password for the simple fact that those are all searchable topics. So if we think about social media, a lot of times we post our birthdays, we post our children's birthdays. Maybe we post our home address out there. Maybe we post our anniversary. And then I'll take it one step further. When we think about home address, think about you're now getting ready to purchase a home. You're excited, you're in front of that house and you're ready to close and you take a picture in front of the house with your family. That address is in the background. And if a cybercriminal really wanted to, they are able to go in and they're able to manipulate that data and create some very, very challenging password pieces. So we always recommend never home addresses, never anniversaries, never anything that's publicly available or easy to guess. So when I think about creating a complex password, I think about an organization that I like to support, and I know Lynn supports this organization as well, and it's the ASPCA. Both Lynn and I are both animal lovers and when we think about the ASPCA, now I don't want to use the ASPCA as my password. But if we think about the ASPCA, the American Society for the Prevention of Cruelty to Animals, so now we have a phrase that we can work with. So what I do is I take the first letter of the first word, so American would be A. Society, I take the second letter of the second word, so O or the third letter. So now we have A-O-R. Think about your favorite special character. That could be a dollar sign. It could be an exclamation point. Mine personally is the hashtag. I like the hashtag. So then I will do A-O-R hashtag, and then I just continue that through, for the American Society of Prevention of the Cruelty to Animals. So you continue that through. So first letter, second letter, third letter, hashtag first letter, second letter, third letter, hashtag. Now, if you're still thinking, gosh, that is still way too complicated for me, and I'll tell you, sometimes it's too complicated for me, this is a great time to consider a password manager. Now, a password manager for those that don't know, is simply an application, a software application that remembers your credentials and it encrypts your credentials. So in the event that you have a data breach, that password manager resets your passwords. It creates a new, strong password. And I'll give you a couple other keys about a password manager that are really important. So first and foremost, with a password manager, you have to remember your master password. So just as we created that strong password, you need to do the same thing for a password manager. The beautiful thing about a password manager though is you only have to remember one password. That password manager then holds your credentials and it holds your passwords. Most password managers also can create a strong password on your behalf and some are even linked to your accounts so they can change those passwords for you on the fly at a fixed interval that you decide on. I also think that it’s really important when we think about password managers, a lot of password managers now are allowing you to create a proxy. And in the event that you are incapacitated, you're in the hospital, or the event of an untimely death, your attorney or your estate proxy can then have access to that password manager. Again, this is something you would work through your attorney for and only in the event that you're incapacitated, but that's a really large problem when you think about all the different accounts and your family members, your friends, the person that is managing your will, the administrator that's managing your will or your estate, having to find out and to call all the different organizations to try to reset those passwords and provide certificates and all of the legal documentation. It's a lot easier to have a proxy set up in your password manager. So if you're considering a password manager, I highly recommend it. There are many, many, many password managers out there. I'm not going to give a particular recommendation on one because they're very, very unique and special to your individual needs. But do yourself a favor. Do an application search out there on the internet, whether you're using your phone or your computer, and download a couple. A lot of them will give you sometimes a week free trial, sometimes a couple day free trial. See if you like it, see how it works, see if the functionality is right. And if it's not right for you, move on to a different password manager. Find the one that is exactly perfect for you and I promise you it will create a much simpler password management process, as opposed to what I went over for that strong password authentication. Additionally, Lynn's going to talk a little bit more about multifactor authentication. Multifactor authentication is really, really important, as well as biometrics, and I think it's the exciting part and the evolution of password management.
LYNN MARTIN: Yes, indeed. And Rob, one thing that I do just to share this with the audience, one thing I do is there's songs that I remember. My friends would tell you there's not a song from my childhood that I can't sing all the lyrics. I wish I could have remembered my school lessons that well. But I take a song that I remember from high school and the first verse of the song, take the first letter of each word, add a few special characters, a few special numbers, I've now got this really long, really complex password. It doesn't have any words from Webster Dictionary or any other dictionary for that matter, and it's not something that could be easily guessed by anyone else. And trust me, those are lyrics I'll probably remember when I can't remember my name. If we move on to multifactor authentication. Multifactor authentication, or as many people like to say, MFA, is simply and put in the simplest terms is something you have and something you know. The something you know is your log on and password, your first line of defense. And the something you have is that 6 or 8 or 10 digit code that is sent to you via text, through an authenticator app, through an email, through a phone call, any other means that it may be sent to you. It's a second layer to validate you are indeed who you say you are. So even if someone manages to somehow steal your log on and password and they try to get into your account, if you're using multifactor authentication, they won't have that second layer of identification. They will not have that second ID or 6, 8, 10 digit code that's been sent to you because it will come to your phone or to your personal email address or to an authenticator app if you're using that. So we highly recommend you use multifactor authentication. I believe it was around four years ago that the FBI said that they – their study showed that account takeovers, where someone would actually break into your account and take it over, was reduced by around 97% if you use multifactor authentication. Now, I don't know about you, but if someone told me it reduced it by 50%, it would be more than worth it to me to wait those few seconds to have that code sent to me on a text or in an email. The other thing is biometrics. Now, I'll leave it up to you as to whether this is a good thing or a bad thing. No one else has your face and no one else has your fingerprint. So when you use biometrics, you're using something that is genuinely unique to you and that no one else has. So biometrics are something you really should consider. You don't just open your phone with them anymore. You can open applications and other things of that nature. So biometrics are a really good thing and something that you know is uniquely yours. Now, I will say that someone told me once that she had an identical twin and her twin could open her phone with her face. I said, then use your fingerprint because you do not have the same fingerprint. So there are options if you happen to be an identical twin. So let's talk about something else that's really important right now, and that's phishing. We have found that there are over 3.4 billion phishing emails sent every. And cyber criminals realize that while we've talked about phishing for a really long time, it's still very effective and it's very cheap. It's very inexpensive for them to do, and it's something they have really perfected. They've become much more sophisticated with phishing these days, it's no longer as easy to detect. But I'm going to give it back to Rob for just a moment. And Rob, talk to people about some ways they can identify phishing emails so they don't become a victim.
ROB RINGELSPAUGH: Yeah, really great point, Lynn. And phishing emails, my goodness. Yes. Over the last few years we have seen such an uptick in the sophistication of the phishing emails. So again, just as we talked about when we were thinking about passwords, what we put out there on the internet, whether it's through social media or any other blog post, cyber criminals can utilize that information, sometimes against you. And it's for nefarious purposes a lot of times. So when I think about phishing, phishing in the most simplistic terms is just that, right? It starts with a P but if you think about fishing, it's like throwing a line out into the water and seeing what you catch. And that's exactly what cyber criminals are doing. So we see that cyber criminals will actually go out and they will create emails that not only speak to you, speak to your sometimes your business, sometimes your personal finances, something that's very special and meaningful to you that you believe is a legitimate email. Now, a lot of times those legitimate emails will contain phone numbers, they'll contain email addresses, and sometimes they'll ask you to change instructions. They'll ask you to wire money. Be very, very, very careful. I always like to say if it doesn't seem right, feel right, look right, just pause. Stop what you're doing. I think that's the biggest thing when we're thinking about a phishing email. If it doesn't look right and you just get that second nature of something's not quite right, pause what you're doing, take a step back from your computer, go get a glass of water. And then come back, take a look at it, reread the email, make sure it's actually something that you're looking at. Furthermore, if you see an email, and let's say this email's coming from someone that you know, maybe it's coming from your attorney, maybe it's coming from a title company, maybe it's actually coming, and we've seen this unfortunately, where a family member will actually – a cybercriminal will pretend that they're a family member and they're in need of finances. They'll come up with every story you can possibly imagine. I'm out of the country. This is the only way I can communicate with you. My cell phone's not working. I need X amount of dollars because I'm in a situation. Make sure you pick up the phone and actually call and verify. That is the most important piece of the equation is to pick up the phone, call and verify. In addition to that, I think, when we think about these different types of phishing scams and these different schemes, when we think about the finance piece, I touched on the fact that I specialize in payment fraud. One of the areas of payment fraud is actually title company and attorney fraud. So again, let's go back to that example where you posted on social media that you're getting ready to close on your house. You and your family are in front of that house. You have your address out there, right? It's not that difficult to figure out where that house is. It's not that difficult to find out what title company that particular comp that particular person uses. Remember, a lot of times realtors will utilize the same title company over and over again. Maybe you'll utilize the same title company over and over again. So if a fraudster is looking to do ne nefarious work towards you, or they're trying to take an actionable piece and try to spoof you or fool you, they could easily send an email that looks like it's either coming from your attorney or your title company, telling you to change the payment instructions for the wire that you're sending into escrow. So it's very, very important anytime you're sending any type of dollar amount to an attorney, to a title company, pick up the phone, call the attorney, call the title company, verify the instructions, and take it a step further. Your attorney, your title company, will know key information that a cybercriminal may not know. They may not know your children's name. They may not know key critical information. Maybe it's your home address that you're living in now. Ask the title company that. Ask your attorney that. It's another layer of protection that just gives you that check mark that says, I feel comfortable and confident that this is who I'm talking to. Now, one word of warning on that. Never call the numbers that are associated with the emails or utilize the email address in that email. Pick up your phone, utilize the attorney's phone number that you have saved ahead of time, the title company's number that you have saved ahead of time, or simply, if you don't know it, do a Google search or a web search on that and find out the name and the telephone number of that title company. Never, ever rely on the email. I think that's probably one of the key, key areas, especially from phishing, how you can really help protect yourself. Now, there's also a couple of other ways and a couple other phishing techniques that are out there. Lynn, do you want to talk about some of those because I think some of those are pretty interesting.
LYNN MARTIN: Sure. Yeah. And I want to reemphasize something that Rob said and that is, always use a known source to verify. Never trust what is sent to you. Go back to a known source. Use another method of confirmation from the one that you received. And that would be the same with the other, we call them ishings, or I call them the ishings. We're not always terribly creative here, but there's smishing and vishing. And essentially where fishing is sending you an email that usually sends some sense of urgency that you take action quickly. It may have a malicious link in it. It may be changing payment instructions, as Rob talked about, or it may be telling you that there's been fraud on an account and you need to call the number in the email and verify, whatever it may be. Well, phishing uses email. Smishing uses SMS text? They send you a text. I doubt anyone who is listening to this today has not received some strange text with this link that you were told to click. I don't think any of us have not seen those. Now, those types of things, when it has this really arbitrary, odd link, you're probably not going to click on that link. Most people won't. They don't trust things. We've become a little bit skeptical as a society of those types of things, and that's a good thing. A little skepticism goes a long way. You may also get one that says, this is your credit card company and we've detected fraud on your credit card. Call this number. Instead of calling the number that comes to you through that SMS text, pull your credit card out of your wallet, turn it over. Call the number on the back of the card. Go to a known source. Even for smishing, if that happens, go to a known source and verify. They may send you something that says, this is FedEx, UPS, or whoever the carrier may be for some services and goods that are coming to you. Click this link to track your package. It may be a valid link, but rather than taking that chance, copy down the link, go to their webpage, go to the track package tab on their webpage, type in the code. Type in that number they sent you and see if indeed that is a valid number and it is your package. You can still track your package, but you're not putting yourself at risk by clicking a link that is in a text. And the other is vishing. Vishing is becoming more and more popular, and that's where you may get a call. And cyber criminals take advantage of every season. We're going into the giving season right now, giving both gifts to our family and friends, as well as giving to charitable contributions. We're all wanting to make those charitable contributions right here at the year end of the year so we can take them off our taxes. We have this giving season coming up and cyber criminals take advantage of that. They may call you and say, this is your local, whatever that charity may be that you're particularly partial to, and we're really running behind on collecting funds this year. Could you make a donation? I'm not saying don't donate to your favorite charity. I'm saying don't do it because someone just calls you Reach out, use a number, contact someone at that favorite charity. Look them up online, find that phone number, reach out to them. Make your contribution in a way that you know you are initiating and that you have control over where you're making that contribution. So those are just some of the other ishings, as I call them, that are out there. Rob, let's talk a little bit about home networks. Now, all of my coworkers will tell you this is something I'm quite passionate about, so I will try to contain my energy a bit here. Your home network is so vital. Think about all the things you do on your home network. You make purchases. You communicate with friends and family through your email. Your kids are on this home network. Your internet of things devices are on this home network. You've got all of these things that you rely on, on a daily basis on your home network. And yet, people make a lot of very common mistakes when it comes to securing their home network and making sure that it stays secure. Also, think about the fact maybe you have a family office and your family office uses the same network that you use in your home, that you use yourself. Or perhaps you're working from home more than you used to and you're using that to do work. So your home network is so important and securing that home network is absolutely critical. So I'm going to toss it to Rob first to give you a few pointers of things you can do and then I'll come back and give you some of my passionate ideas in a moment.
ROB RINGELSPAUGH: I love it, Lynn. And I'm also passionate about home networking because home networking, you don't think about it as – we don't think about it as much as we probably should. And I think that's probably one of the keys. You have your internet. Your internet comes, let's say your provider comes out, they install your internet and it works. And sometimes that's the last thing we think about. And the reality is we have to take that a step further. There's a couple pieces, and I'm not going to bore you with the terminology on it, but it basically it's called WPA 2 WPA 3. You'll hear that terminology. All that is, is wifi protected access, simply put. There's a two and a three because the first one, 2, was debuted in 2004. WPA 3 was debuted in 2018. There's a slight upgrade to WPA 3 and that's in the event that someone nefarious accesses your network, figures out your password, and hacks into your network. If you have WPA 3, they don't have the ability to access information prior to initially stealing your password and getting into your network. WPA 2, they have the ability to do that. All I'm saying there is make sure that you either have WPA 2 or WPA 3. You'll be able to find out about this if you simply turn your router, and that's the thing that you plug all those cords into and it makes your internet work. If you flip that over, it will tell you specifically on that router, what system you're running. If you're in the market for a new router, highly recommend WPA 3. If you're not in the market for it, you have to make sure your film wear is up to date. You can simply do that by plugging that router into your computer. It will also have an internet password on there. Excuse me, not an internet password, a website that you can go to. And that website will take you and it will allow you to do what we're going to talk about here in just a second, is changing your default password on that router. So most of the routers that are out there, a lot of times they use a standard password across. It is very simple to do a web search on your router brand and the model of your router and type in default password. And a lot of times you will be able to find out what that default password is for that router. It's no different than a cybercriminal. So now you're sitting at home, you have a great router, right? So your router's brand new. You're sending out this wonderful signal that you get across your entire property. What about your neighbor that's sitting next door? Or what about someone that's driving by and they want to find out about you? You have a great security system. You have the fence up. You have motion detectors all over your property. But if you don't have a good password protection on your router, you're opening yourself up to vulnerability. So just as we talked about how to create those strong passwords before, you want to also create that strong password for that router. Now, if you're using your password manager, it's very easy to do. You can simply put in your router's credentials, it will generate a strong password, and then that will save that in that master password vault. It's incredibly important to do that because a lot of fraudsters can go in and they can get into your network and they can actually watch email traffic, web traffic, what sites you're going to, what sites your children are going to, how you're accessing your bank documents, and they can see all of that. And that sounds really alarming and quite honestly it is. But it's a very easy fix, by changing that passwords, that default password, and making sure you're consistent with that. If someone, let's say your child gives out that password to a friend or to someone else, maybe it's time to change that password. Maybe if you've given out that password to a lot of people, maybe you had a group of people at your house, and again, nothing that you would have to worry about from your friends. Typically you wouldn't have to worry about your friends, but it might be a good time to change that password. What I personally do, because also we think about, as Lynn mentioned, all of our Internet of Things devices also access that internet. They also access that gateway to then access the internet. Everything you could possibly imagine that's now connected to the internet, which is everything. My refrigerator sends me a text message when I need to buy milk. That's a little kind of crazy, I know. That’s the life that we live in now. So what I need to get milk. But remember, the only reason that my refrigerator's able to do that is because it's connected to the internet. So what I do as a best practice just for myself, again, passwords are up to you. What you feel is the best course of action to change your password and the best time interval, it's a personal decision. I like to do it in that spring and fall session. I do spring cleaning and I also do fall cleaning because I like to do both. When I do spring and fall cleaning, I change my passwords and I change my smoke detector batteries. It just triggers in my head that it's time to actually do that. Now I'm going to take it one step further before I pass it over to Lynn. If you're like me, and I actually really like to work in a coffee house. I get a lot done in a coffee house. I feed on the environment in a coffee house. I also travel a lot. So I travel, I use the internet sometimes in the airports. Now, you're better off using your own personal internet. So if you have the ability to buy a hotspot or utilize a hotspot, that's yours personally, that's a much better course of action. But let's just say you're using that coffee shop, wifi or you're using that internet that's in the airport lounge. It's essential to use a virtual private network, also referred to as a VPN. You'll hear it constantly brought up as a VPN, and probably if you're using a password manager, it's going to have a link to a VPN site. It'll be an extra an extra cost to have VPN, but I highly recommend using VPN, to be honest with you, at all times. It's just a best practice. Anytime you're dealing with bank documentation, you're sending critical information, even across your home network, log into your VPN because all that VPN does is if someone comes in and intercepts an email or intercepts email traffic or internet traffic, it just scrambles it. So they're going to get a bunch of letters and symbols that make absolutely no sense to them, and they're not going to be able to use that for nefarious purposes. It is absolutely essential though, if you're utilizing public wifi, so public wifi be the coffee house, the airport lounge, the park, sometimes parks have wifi now, you must, must, must use a virtual private network. It is just absolutely essential. With that, Lynn, I know you're going to go and talk about network segregation and then I know it's your favorite topic, so I'm not going to steal any more of your thunder because I know that this is your baby.
LYNN MARTIN: I think about the fact that not everyone is in the same situation. Some of us have teenagers or young people in your home. Others may have an elderly parent who's living with you. You're a caregiver, you're taking care of an elderly parent. I've had more people than I would like to admit who come up and say it's actually my spouse and he or she has no cyber hygiene. They do all sorts of things on the internet. They go to sites they shouldn't go to. They do all these thing they shouldn't do. And so I'm afraid they've made my home wifi susceptible to cyber criminals. That's a legitimate concern and that's something you want to really focus on. So my recommendation is that you segment or segregate your network. Now, that probably sounds much more complicated than it actually is. Rob talked about your manufacturer of your router and being able to go in and call or go to their website and find information. If you have an older version of a router, that you're still running the older versions, you may need to go to the website of the manufacturer to find out how to do this. Your newer versions, your newer routers, they have great applications that go with them. You run it from your phone or from your iPad or from your mobile device. So to segregate those networks is as simple as saying, clicking the button that says Add a Network. So you can segregate it and set up multiple digital or virtual networks on your home network. I'm not talking about buying multiple routers. I'm talking about doing virtual segregation of your network. Now, I recommend you have at least three segregations of your network, possibly four, depending on your home environment. Again, it's different for all of us. We have different people living in our homes. We have different worlds and different needs. But from my perspective, I recommend you have at least three. The first one is a segment that will have its own log on and its own password. And that segment you'll use for confidential transactions, whether it be banking, whether it be purchases, or whatever. Maybe you and your spouse or significant other are the only ones in your household who had that log on in that password. And you keep that confidential and you keep that secure. Now, again, like Rob said, you can update that password as frequently as you feel comfortable but it's not something you'll ever give out to anyone else. Again, keep in mind, we talked about passwords. You want to make these complex and you want to make them something that no one can guess. And so the second segment is a segment for a guest. Guests don't come to my house – it's inevitable they're going to ask me, what's your wifi password? They want to get on my wifi. They want the speed. If they're streaming data, they want the speed of using the wifi. Whatever it may be, they want to get on the wifi. It's just more convenient. That's fine. But I have no control over their personal cyber practices online. So I have a segment of my network that is for guests. It has its own log on, its own password that is different from my confidential segment of the network. And they can log onto my network and they're contained. Whatever they do, it's contained in that segment of the network and I don't have to worry about them causing me problems on my confidential segment. And then the last segment that I would recommend is the Internet of Things. It's not the Internet of things anymore. It's the internet of everything. And Rob, I can't believe you have your refrigerator hooked up to your internet. We'll talk about that afterwards.
ROB RINGELSPAUGH: I know. I knew I was going to get some trouble with that one.
LYNN MARTIN: But we put everything on it, whether it be our doorbells, our security cameras, our lights in our home, our personal assistants, Alexa, Google Home, whatever it may be. Our personal assistants, our wireless printers, our thermostats, we put everything on our network these days. And about 57% of all Internet of Things devices are susceptible to cyber hacks. So you put those on your network but put them on their own little segment. Again, keep it as segregated as you can so that confidential portion, you keep as secure as possible. You want to make sure that when you're doing confidential things, things that you don't want anyone else to know about, that you're keeping that secure and separate from everything else. So put your Internet of Things devices on their own separate segment of the network. Now, let me point out one other thing that you should be aware of, but that you want to be sure you're doing with Internet of Things devices, and that is using multifactor authentication and changing the default password. Again, do not keep default passwords. It is so easy for cyber criminals to find out what they are. It wasn't that long ago that we were seeing on the news where someone said some jerk was talking to their baby in the nursery because they had left the default password on the baby monitor, or someone talking to you through your security cameras while you're standing in your driveway, all sorts of things like that. Again, I am not saying do not have Internet of Things devices in your homes. That would be extremely hypocritical. I've got a house full of them. Not my refrigerator, but a house full of them. And so what you want to do is you want to put them on their own segment of the network. You want to make sure you're using multifactor authentication on all of them where it is available, which is most of the Internet of Things devices these days has multifactor authentication. So again, it has a second layer of defense. Should a cybercriminal get past your log on and password, they still don't get past that multifactor authentication. Make sure you're using a separate segment of your network for those devices, you've changed the default password, and you're using multifactor authentication. You want to do everything in your power to make those devices as secure as possible. So the last thing I will mention is keeping your software up to date. All too often people say they don't bother to update their software. Oh, it's just too much trouble. I don't want to deal with it. Let me make a recommendation to you. Set it on your devices, your mobile devices. Set it up so that it automatically updates. So that when you have your device plugged in to charge and it's on a secure network, it will automatically update and download your software. You want to do that with your internet devices, you want to do that with your routers and things in your home, you want to do that with your with your Internet of Things, devices, you want to do that with all of your devices. You always want to make sure you're keeping your software up to date and current. The reason software companies send you these updates are typically one of two things. They found something defective in the software that's not running properly and they want to fix it, so they send you this update, or they found a vulnerability. In other words, they have discovered that cyber criminals have a way in the back door or a way to access that device. And so they want to send you the update to protect you against that. I highly recommend you make it a habit and a pattern to always update your software whenever it's sent out. Make sure you're keeping the latest and the greatest versions of your software. So again, some basic pointers. Passwords, passwords, passwords. Keep them secure, make them complex, and make sure it is something that will help truly protect your accounts, your devices, and other things from cyber criminals. Use a password manager. I will tell you that I didn't start using a password manager until about six years ago, and now that I use one, I'm like, what was I thinking? It makes my life so much easier. It allows me to have incredibly complex, long passwords. I don't have to remember them. The password manager remembers it for me. There are also other things you can put in there. For example, your frequent flyer number for the airline or your TSA number, or whatever it may be, passport number, other things that are important to you that you can put in that password manager so that you can get to them, but where they're encrypted and they're secured and there are multiple layers of protection built around that password manager to keep that information safe. The other is look out for phishing. Stop and think, does this really sound like something that my friend or family member would send me? Is there a sense of urgency? Take a look at the return address or the email address. Is there a one where it was an L? Is there something that just doesn't feel right? Be aware of phishing. Be aware of smishing. Be aware of vishing. Again, we're not always creative, but we love the ishing. And make sure you're taking every step possible to keep your home network as secure as you possibly can. Rob and I have really enjoyed sharing these ideas with you today. We're so glad you gave us a few minutes of your time, and we hope you found these ideas very beneficial and things that you can actually implement. They're actionable, things that you can do today in your own home or on your own devices, or when it comes to your passwords. Keep in mind, October is Cybersecurity Awareness Month. And we want you to continue to come back to Bank of America, come to our websites, look at our tips and tricks and information that we have to share with you around how to keep yourself and your family safe in this ever changing digital world. Thanks again.
Featured experts:

Lynn Martin
Senior Cyber Crime Specialist
Bank of America

Rob Ringelspaugh
Senior Cyber Crime Resolution Specialist
Bank of America
Neither Bank of America nor its affiliates provide information security or information technology (IT) consulting services. This material is provided “as is,” with no guarantee of completeness, accuracy, timeliness or of the results obtained from the use of this material, and without warranty of any kind, express or implied, including, but not limited to warranties of performance, quality and fitness for a particular purpose. This material should be regarded as general information on information security and IT considerations and is not intended to provide specific information security or IT advice nor is it any substitute for your own independent investigations. If you have questions regarding your particular IT system or information security concerns, please contact your IT or information security advisor.