How to avoid being a victim of cybercrime

This past holiday season confirmed that consumers are increasingly shopping online instead of at brick and mortar retail stores – a trend that will most likely continue into 2017 and beyond. This trend, combined with the fact that more and more retailers are falling victim to cybercrime, underscores the need for companies and consumers to commit to taking action to stay safer and more secure online.

Securing key accounts should be the number one cybersecurity self-improvement effort on one’s list of resolutions. And with 24/7 connectivity, it is important to invest in more cybersecurity protection.

Cybercriminals evolve methods of attack

A recent study conducted by the National Cyber Security Alliance (NCSA) revealed that close to three quarters of Americans (72 percent) believe their accounts are secure with just usernames and passwords. The reality, however, is that usernames and passwords simply aren’t enough. Why? According to NCSA, hackers and cybercriminals continue to evolve their methods of attack, so users must improve their security to better protect their accounts.

More retailers falling victim to cybercrime

Retailers experience the most cyber-attacks of any industry sector after financial services, according to the 2016 KPMG Consumer Loss Barometer study, which surveyed 750 consumers and 403 CIO, CISO, CTO and CIOs in the automotive, banking, technology and retail sectors.

Consumers are wary of the increased frequency of cyber-attacks against retailers and many are ready to walk away from their favorite retailers if a breach occurs. For example, the KPMG survey found that:

• 19 percent of U.S. shoppers say they will stop going to a retailer that has been cyber hacked.
• In addition to those who would abandon the retailer entirely, 33 percent of the consumers indicated that fears of further exposure of their personal information would prevent them from shopping at a breached retailer for at least three months.

Critical business challenge

Cybersecurity remains a critical business challenge and a growing concern with a potentially devastating impact on company brands and bottom lines. Despite these damaging ramifications, many cybersecurity executives indicate that information protection may not be the strategic corporate imperative that it should be, according to the KPMG study.

Companies also need to take the necessary steps to invest in more cybersecurity protection. The KPMG study found that many are not doing enough to protect themselves from cyber-attacks or react to them when they occur, so the effects of their inaction can end up harming them in the long run.

Questions to determine cyber readiness

How can your company – whether you are a retailer or other business – be as prepared as possible to address a cyber threat in 2017 and beyond? Following are key questions to determine your readiness:

• What sensitive information and system assets do we have and how do we categorize them?
• How do we identify threats, determine our risk appetite, and prioritize our security investments?
• What plans/contingencies do we have in place to protect sensitive information and systems?
• What are the information risk profiles of organizations we do business with?
• Do our security teams and executives have effective strategies in place to operate safely?

Tips for safe online shopping

What can consumers do to stay safe when shopping online? Following are KPMG’s top nine tips:

Practice good PC “hygiene” – make sure your anti-virus, anti-malware browser, and operating system (OS) are up to date. Many security vulnerabilities are addressed by updates and patches. Staying current can reduce the likelihood of being compromised by known attacks.

Only do business with legitimate “e-tailers.” If a deal looks too good to be true it probably is.

Don't save your credit card with online retailers. While it’s a little more work to enter your information each time you make a purchase, you are less likely to be compromised if a website is hacked.

Don't give out your Social Security Number (SSN) or other Personally Identifiable Information (PII) when shopping – legitimate e-tailers will not ask for this information.

Be wary of links embedded in emails. These links can lead to fraudulent websites. Type the name of the website you are trying to reach directly in to your browser.

Use strong passwords and unique passwords at different websites. This reduces the likelihood of your password being guessed, and if it is guessed, limits the websites where it can be used by an attacker.

Be careful when using public Wi-Fi and limit sensitive tasks like shopping and banking.

Verify you are using a secure connection for when handling sensitive tasks by looking for 'https' in front of your websites address. Many browsers can also help with this by color coding and showing security risk icons.

Check your credit.

Michael Hatjiyannis is a Director, KPMG Cybersecurity Services Denver and can be reached at [email protected].