These days, nearly all of us are consumers of applications and APIs.
We interact regularly with websites and/or applications, whether they are financial, retail, insurance, travel, food, or otherwise in nature.
What we may not realise when we go about our daily business, however, is the extent to which attackers and fraudsters are motivated to profit at our expense. Malicious actors are always on the lookout for opportunities to turn our interactions with the applications and APIs we depend on into a profitable transaction. That’s why it is no surprise that one of this years’ key Cybersecurity Awareness month themes is “recognising and combatting cybercrime”.
In many jurisdictions, locales, and regions around the world, businesses bear the brunt of responsibility and liability for security and fraud issues. That being said, we as consumers are not immune to damage and losses. On top of that, any security and/or fraud issue we personally experience can quickly turn our lives upside down and lead to us to spending considerable time and money picking up the pieces.
While we should always expect the businesses we transact with and consume from to secure and safeguard our accounts and our data, we also need to take an active role in that endeavour. Securing and safeguarding our accounts and data is a joint effort for both consumers and businesses.
While businesses have their own set of responsibilities, here are five steps consumers can take to be active partners in safeguarding and securing their own data:
1. Be alert. When businesses have mature security measures in place, customers often become the target of attackers and fraudsters. This is because, as humans, emotions can often cloud our judgment. Attackers and fraudsters appeal to our empathy in order to trick us into providing them access to, and control over our accounts, data, and even our financial assets. These social engineering techniques are so effective that they are one of the primary attack vectors used against businesses. In other words, it is often easier to get in by compromising the customer than by compromising the business itself. Because of this, we as customers need to be extra vigilant against social engineering attacks.
2. Use MFA. One of the ways in which we can be vigilant against social engineering attacks is by enabling multi-factor authentication (MFA). This is where we use our username, password, and another factor, most often provided out-of-band (via a key generator, text message, email, or otherwise). Using MFA means that if attackers and fraudsters are able to steal our usernames and passwords, there will be an added layer of protection that they will need to go through. Of course, MFA does not make our accounts and data impervious to compromise, but it does reduce the risk significantly.
3. Verify out-of-band. When we think we may have encountered social engineering, it is important to verify out-of-band before proceeding. For example, if a friend or family member sends a text, email, or social media chat asking for money, personal information, help accessing an account, or
similar, it is best to verify with that friend or family member directly. Calling to ask them if they sent that message can be an effective way to do so, and there are other methods as well. The important thing to note here is that attackers and fraudsters are very skilled at appearing legitimate, even though their intentions are anything but.
4. Stay up to date. Scams and tricks abound, unfortunately. To be vigilant consumers, we need to read the technology news to stay abreast of the latest developments in the world of cybercrime. Not everyone needs to become an expert of course but, just as we are aware of the different threats we face as consumers in the analogue world, we should also be aware of different threats we face as consumers in cyberspace.
5. Change platform. One topic that doesn’t get enough attention, in my opinion, is the topic of moving to less intensive and less powerful platforms. Most of us need only the functionality provided by a tablet (e.g. streaming media, web browsers, email, etc.). Yet, most of us conduct our most sensitive financial and purchasing transactions via powerful hardware that attackers and fraudsters are salivating over and waiting to control. Many lighter-weight systems (e.g. tablets and the like) are less targeted by attackers and fraudsters, while providing all the functionality that most of us need. As an added bonus, they are often easier to use and configure.
Although most businesses do their best to secure and safeguard our accounts and data, attackers and fraudsters are determined to exploit the human element to find ways around those defences. As consumers we need to be active partners in our own security. Only through this partnership between businesses and consumers can we effectively recognise and combat cybercrime.
About the Author
Josh Goldfarb is Field CISO at F5. F5 is a multi-cloud application services and security company committed to bringing a better digital world to life. F5 partners with the world’s largest, most advanced organizations to optimize and secure every app and API anywhere, including on-premises, in the cloud, or at the edge. F5 enables organizations to provide exceptional, secure digital experiences for their customers and continuously stay ahead of threats. For more information, go to f5.com.
