Heather Lukaszewski, Systems Administrator and Supervisor

October is National Cybersecurity Awareness Month, an annual campaign to raise awareness about cybersecurity.

At FEI, our IT department prepares several staff awareness presentations to bring cybersecurity to the front of everyone’s minds. As part of my presentation, I shared the following information and tips on protecting your personal data.

Think about the profile information you share with the world through social media. Profiles often include personal details like your hometown, family members, pets’ names, places you’ve worked, where you go on vacation, movies, music and brands you like as well as your email address and mobile phone number.

With all the information that’s being shared, consider the following scenario:

“Your bank” calls to ask about a fraudulent charge on your credit card. Along with the fraudulent transaction, they also show you made a valid transaction at Bob’s Taco Hut last Thursday. They provide your home address, last four digits of your debit card number and last four digits of your social security number. This lowers your guard, as it’s all information you would expect the bank to know about you. Then, the caller asks you to change your PIN via an automated touchtone system. You enter your current PIN number, a new PIN number and end the call.

The next morning, your account has been emptied through ATM transactions using an identical card to yours and your actual PIN number!

This type of attack can be performed using the following string of data:

  • On Facebook, you “liked” your personal bank.
  • You checked in last Thursday at Bob’s Taco Hut on Instagram and left a public review
    on Yelp.
  • The last four digits of your debit card could be available from another large data breach.
  • Home addresses and social security numbers were compromised in 2017’s Equifax breach.
  • You provided a PIN number when you typed it into the touchtone system.

To protect yourself, be suspicious. If you receive a call that appears to be from your financial institution but you’re not sure about it, hang up and call back using the number on the back of your card.

Be careful of what you share on social media. Privacy controls are there to make you feel warm and fuzzy, but always assume that everything you share on social media is public.

Review your account settings regularly and revoke access for websites and services you no longer use or don’t want to have access to your personal information.

Answer account security questions for your bank and other personal accounts using secure passphrases, not information that may be available through social media. Check your existing account security questions and update them with secure answers.

Use two-factor authentication (2FA) whenever available. While not foolproof, 2FA requires
you to enter an additional piece of information, usually sent by text message, to access
your account.

Cybersecurity is something we must be vigilant about all year, not just during the month of October. Think about what you post on social media and be suspicious of any interactions that seem out of the ordinary. Share what you’ve learned with others so that, together, we can do our part to reduce cybercrime and its impact on people.