Loading
At Wilmington Trust and M&T Bank, we take protecting you, your family and your business from potential risks very seriously. We make every effort to protect your sensitive information by maintaining an Enterprise Information Security Program. However, we can’t be everywhere you are. Explore this site to learn how to identify and manage cyber risks at home, in the office, or on the go.
Have you discussed how to stay safe online with your children?
Here are five easy tips on how to guide the conversation.
Learn more
Cyber risk is just one piece of the puzzle . . .
Our experts offer advice on how to help protect all of your assets.
Learn more
A few simple steps can help prevent cyberattacks at home.
Learn more
Concerned that your account has been compromised? Call us.
Wilmington Trust: 1.800.982.4620
M&T: 1.800.724.2440
Business owners are a primary target for cybercriminals.
Help protect your digital and physical assets by speaking with our advisors.
Contact us
* Personal information
* Privacy
* Access to you
Threats: There are risks for all members of the family who use devices connected to the internet. Children are particularly prone to malware risks from “free media” sites, and all family members could be victims of Cyberstalking or Social Engineering attacks if they share too much information about themselves online. Criminals can use simple personal information on social media as clues to answer common security questions and hack into your account.
How to mitigate: Educate your family on safe cyber practices, including limiting the information they share on social networks. Update your privacy settings on social network accounts to the most private options, especially for public facing accounts. Encourage family members to be weary of sites promising “free” access to movies and other media, as these sites could be trying to access their devices.
Connected devices
* Privacy
* Network activity
* Audio and video recordings
Threats: Connected devices can make life more convenient, but they also increase risk. Every non-computer device that accesses a network using Internet of Things (IoT) technology, such as cameras or smart speakers, creates an entry point a hacker can use to access your network. Furthermore, these devices can collect and store data, even creating audio recordings of your home.
How to mitigate: Keep devices connected to your network up-to-date and reset their default passwords. Change the settings in your devices to automatically delete recordings on a regular cycle. Enable or install a Virtual Private Network (VPN) on your router to encrypt data shared between IoT devices.
Mail and trash
* Personal information
* Contacts
* Payment history
Threats: Criminals can also access your information in low-tech ways. They can retrieve documents, such as credit card bills, bank statements, and insurance statements, through Dumpster Diving or Mail Theft. These documents could tell criminals about your account information, but also travel and payment history, personal information, and contacts who could be used for Impersonation tactics.
How to mitigate: Never leave outgoing mail in your mailbox—instead take it directly to the post office. Consider reserving a PO Box for incoming mail to protect your privacy and to limit a criminal’s ability to associate your name with your personal residence. Shred all sensitive documents before disposing. Do not throw away packaging from expensive purchases, such as jewelry or technology, in your trash. Instead, dispose of it off premises so criminals can't assess your wealth or buying patterns by sifting through your garbage.
Computer
* Personal information
* Passwords
* Device security
Threats: Your computer is your gateway to the internet, but it also retains a plethora of sensitive information and documents that cybercriminals want to get their hands on. They may try to steal your passwords with Phishing or Whaling attempts, take control of your computer with Ransomware or Remote Access, or acquire your sensitive information when they hack your accounts.
How to mitigate: Do not respond to urgent emails requesting personal information and proceed with caution before opening emails with provocative subject lines. Do not click embedded hyperlinks or open attachments if you do not trust the sender. Never share passwords, login credentials, or any authentication information with others. Do not save personal or financial information in browsers, websites, or social networks. Back up all important files to cloud storage or an external drive on a regular basis. Update your computer with the latest security patches and install antivirus/anti-spam software.
Phone calls
* Personal information
* Account information
* Personal assets
Threats: Criminals are increasingly calling targets directly, pretending to be well known institutions such as the IRS or a wireless carrier, to gain access to accounts and personal information. Impersonation tactics tend to target vulnerable individuals with high urgency situations, such as false claims of account access, unauthorized charges, and even hostage scenarios.
How to mitigate: If you have doubts regarding the source of the call, hang-up immediately and call the company from a known number to confirm their authenticity. Never provide account information, credit card numbers, or other forms of payment such as gift-card numbers to satisfy the demands of the scammer. Do not agree to meet with the individual in person.
Home Networks and Wi-Fi
* Personal information
* Privacy
* Network activity
Threats: Home networks are a necessity in today’s always-connected world, but it can be a prime entry point for cyber criminals to directly monitor your digital activity. Criminals who to take over your network may monitor or manipulate your online activity via a Man in the Middle (MITM) attack.
How to mitigate: Update the administrative password to your router and ensure that your firewall is enabled. Give your Wi-Fi network name, or Service Set Identifier (SSID), a unique identifier and hide its broadcast. Set up a unique password with WPA2 encryption. For an extra layer of encryption, consider installing a Virtual Private Network (VPN) on your router, which will hide your true IP address and protect the connected devices on your home network. Never share your network password with individuals you do not trust.
* Customer information
* Credentials
* Systems access
Threats: Every employee in your organization represents an entry point for a cybercriminal to gain access to your business data. Non-technological issues, such as hiring practices and employee education, as well as technological issues, such as Bring Your Own Device (BYOD) Policies and Shadow IT, all make your employees vulnerable to outside actors.
How to mitigate: Conduct background checks during the hiring process. Establish a clear, regular education program for employees on cyber risks, how to identify an attack, and mitigation strategies. Consider eliminating BYOD policies to limit exposure to employee devices and potential negligence. Limit your employees’ installation capabilities to approved applications and create an IT oversight process to oversee downloads and file sharing.
Vendors
* Customer information
* Business assets
* Reputation
Threats: Vendors are under attack as businesses increasingly grow relationships with third parties to expand their capabilities. If the vendor does not have a robust security program in place, businesses may find themselves at risk of experiencing Vendor Impersonation or Vendor Compromise.
How to mitigate: Complete a thorough cybersecurity review of a new vendor during onboarding, ensuring that they have mitigation and response plans, protections for your customers' data, as well as cyber insurance. Remain vigilant with vendor communications and requests for payment by confirming email addresses, phone numbers, and billing information.
Mail and trash
* Customer information
* Account information
* Vendor information
Threats: Criminals don’t always need to use technology to get sensitive information. They can pull documents containing internal or confidential information through Dumpster Diving, Mail Theft, or by breaking into your business.
How to mitigate: Provide shredding bins for your employees to destroy sensitive documents and provide locked drawers for documents required overnight. Create a mail intake, distribution, and output process that ensures physical letters and documents are not left unmonitored.
Infrastructure
* Customer information
* Business continuity
* Reputation
> Threats: Whether it’s an external or internal agent, some cyber criminals may directly attack your systems to access sensitive information or disrupt your business. Distributed Denial of Service (DDoS) attacks and SQL Injections are two common attacks that put your data and business continuity at risk.
How to mitigate: Consider implementing real-time monitoring tools to help identify and combat a live DDoS. Establish a comprehensive business continuity and incident response plan. Ensure that your business has input validation controls to sanitize unauthorized user inputs aimed at your data.
Employee processes
* Customer information
* Business assets
* Reputation
Threats: An organization’s processes can mitigate or add risk, especially where money and personal information are concerned. Organizations without well documented authentication and verification procedures may be at risk to cyber criminals requesting unauthorized payments or information.
How to mitigate: Establish clear controls for confirming vendor or executive payment requests, such as Dual Approval, to ensure that any requests are authentic and directed to the correct accounts. Educate employees on ways to identify fraudulent requests and implement regular testing to reinforce learnings.
Credentials
* Customer information
* Employee information
* Files and documents
Threats: Just like at home, cyber criminals are looking for ways to steal your and your employees' credentials to access critical systems. Phishing and Ransomware are common attack methods to gain access to your data, and once criminals are in, they may try to initiate unauthorized payments via an HR Portal Compromise.
How to mitigate: Do not respond to emails requesting personal information and proceed with caution before opening emails. Do not click embedded hyperlinks or open attachments if you do not trust the sender. Never share passwords, login credentials, or any authentication information with others. Back up all important files to cloud storage or an external drive on a regular basis. Update your business's devices and systems with the latest security patches and install antivirus/anti-spam software. Limit access to critical systems to only those that need it for their role and responsibilities.
* Personal Information
* Passwords
* Device security
Threats: Phones, just like computers, can also be prone to threats from cyber criminals. Rogue Apps and application permissions can give criminals access to your phone and surroundings, while new threats like SIM Swapping can enable criminals to activate a duplicate of your phone anywhere in the world.
How to mitigate: Only download apps from trusted sources, such as the Google Play or Apple App store. Be careful when downloading apps from companies you don't know and be selective when granting permissions to new apps. Regularly delete apps you no longer use and review the permissions of the apps that you retain. Install a mobile anti-virus application for your phone. Maintain a strong password and passcode with your wireless carrier and consider the option of limiting your account's ability to add a new device in a brick-and-mortar store, in which identification is required.
Open networks
* Personal information
* Network activity
* Passwords
Threats: It's important to be cautious about what activities you engage in while connected to an unprotected and open Wi-Fi network, like those without passwords found in airports and coffee shops. Criminals may hijack an existing network or trick users into connecting to an Evil Twin Network to skim data as a Man in the Middle (MITM). They may even manipulate your traffic to access your personal information, such as data from online shopping and banking.
How to mitigate: Never input personal details or other sensitive information when browsing the internet on an unsecured Wi-Fi network. Consider subscribing to a reputable Virtual Private Network (VPN) service accessible to your phone, which will encrypt data passed through public Wi-Fi and mitigate the risk of having your information stolen.
USB devices
* Passwords
* Device security
* Files and documents
Threats: It’s important to be cautious about what you plug into your devices, especially in public settings. Cybercriminals may try to Bait an unsuspecting individual into plugging an unfamiliar, malware-spreading USB drive into a computer.
How to mitigate: Never insert an unfamiliar USB device or drive or hard drive into any of your devices. Limit or eliminate the use of thumb drives to store documents or other sensitive information, avoiding any potential confusion with unattended devices.
Charging your devices
* Passwords
* Device security
* Files and documents
Threats: Public USB charging stations are a convenient way to charge your mobile device, but cyber criminals may use this shared resource to transfer malware into your phone and other devices in an attack called Juice Jacking.
How to mitigate: Always carry and use your own charging adapter and USB cable to ensure you have a mobile charging option. Consider purchasing a high-capacity portable power bank that can charge your devices without relying on an available outlet.
Your surroundings
* Personal information
* Passwords
* Financial data
Threats: Criminals may also try to steal your information in-person when you least expect it. While you work on your laptop or phone or access an ATM terminal, criminals may try to Shoulder Surf to get a glimpse at your data.
How to mitigate: Consider purchasing a privacy screen filter that limits the field of view of your screens. Always maintain a password on your devices and lock them when you are finished. Occasionally look to your sides and behind you to ensure that nobody is glimpsing over your shoulder.
Sharing your trip
* Personal information
* Contacts
* Location
Threats: Your family and friends can't wait to hear about your travel adventures, but cyber criminals also what to know what you're up to. Information that you share online is valuable to criminals interested in Social Engineering their way into your accounts or Cyberstalking you to know when your home is unoccupied.
How to mitigate: Be mindful of what you share online, limiting information around travel dates, destinations, and who you are traveling with. Provide detailed travel information with your advisors and family before you leave. Share travel photos and stories only after you return from your trip.
Cyberstalking. The use of information available on the internet, including social media sites, to monitor, harass, or attack a victim.
Distributed Denial of Service (DDoS) Attack. When multiple compromised computer systems attack a target, such as a server or website, and cause a denial of service for its users. Customers of victims may be unable to communicate or interface with the victim during the duration of the attack.
Dual Approval Control. A process control in which two independent parties must separately confirm the validity and accuracy of a request before final execution. One example is a wire verification callback, in which one service associate receives the request and another service associate confirms the details with the client before execution.
Dumpster Diving. When an individual sifts through the contents of a residential, commercial, or other source of garbage or recycling to find items of value.
HR Portal Takeover. When attackers steal employees' credentials and reroute direct deposit paychecks to the scammers' own accounts.
Impersonation Attack. An attack in which a scammer pretends to be a trusted individual, business, or entity to manipulate a victim into sharing personal information or make an illegitimate payment.
Internet of Things (IoT). A networking capability that enables devices in your home, such as speakers, cameras, or televisions, to send and receive data.
Juice Jacking. An attack in which a scammer passes malware to or steals information from a victim's device by modifying the USB port in public charging stations.
Mail Theft. When an individual opens, interferes with, or steals mail intended for another. Criminals often try to access mail left unattended in unsecured mailboxes.
.
Man in the Middle (MITM) Attack. An attack in which an individual gains access to a network and monitors or manipulates traffic passing between a server and an endpoint.
Phishing. An attack that uses social engineering tactics to manipulate victims into divulging sensitive information. Typically occurring through fraudulent emails, texts, or messaging services, the attack may encourage victims to open malicious links and attachments or access a fake website to collect personal or financial data.
Ransomware. The use of malicious software (also known as malware) that, when downloaded to a computer, encrypts files, so they can no longer be accessed - or locks down the operating system entirely. Once the machine has been infected, users receive a message that instructs them to pay a ransom or risk losing their files permanently.
Remote Access. An attack in which a victim is manipulated into downloading software that enables the attacker to take control of the victim's computer. With full control, the attacker may install malware, steal files and information, or incapacitate the victim's computer.
Rogue Apps. Mobile apps that appear safe or official but actually function as malware. Once installed, these apps may corrupt or steal the information stored on your phone and may use your phone permissions to track your activity.
Shadow IT. The growing number of solutions or systems that employees are purchasing or using at work without the permission or knowledge of the IT department.
Shoulder Surfing. The practice of looking over someone's shoulder while they are using an ATM, writing a check, or using a personal device.
SIM Swap Attack. When a scammer uses social engineering to trick a phone carrier into activating the victim's phone number on a device in the scammer's possession. This is typically done to gain access to devices used in two-factor authentication.
Social Engineering. Attacks that focus on user behaviors and habits to manipulate victims into providing access to computers, devices, or accounts. Popular tactics include phishing, clickbait, social media, fake software updates, and geo-targeting.
SQL Injection. A common code injection attack that enables criminals to execute SQL statements on databases through a web application interface, enabling them to access and sometimes modify sensitive data.
Baiting. A passive attack in which a criminal leaves a USB device unattended in public, hoping a victim will plug it into a personal device. Upon injection, the USB device may inject malicious code, such as Ransomware, or execute hidden commands to send personal information and files to the criminal.
Vendor Compromise. An event in which a vendor's accounts or systems have been compromised via a cyberattack. Businesses working with the vendor may have customer or other sensitive information taken in the attack.
Vendor Impersonation. When an attacker solicits unsuspecting businesses for fake invoice payments or client information using compromised vendor systems or fraudulent email accounts.
Virtual Private Network (VPN). An encrypted connection to a network that masks data sent to and from a device. Information such as IP address and location are also hidden, increasing anonymity as you browse online.
Whaling. A form of phishing that targets corporate leaders and wealthy or high-profile individuals. The fraudster has invested time to learn about their target to appear as legitimate as possible.
Evil Twin Network. An open wireless network created by an attacker to monitor or manipulate unsuspecting users' traffic or to install malware. These networks are often given names that copy or imitate networks you would expect to see in that location (Airport Wi-Fi, Coffee Shop Wi-Fi, etc.).
Option 1. 5%
Option 2. 12%
Option 3. 28%
Option 4. 36%
The correct answer is Option 4: Cyberattacks cost companies $8.2MM per data breach in 2019, 36% of which was attributable to customers avoiding a business’s services after a cyberattack. A cyber insurance policy can help defray those costs.
Which of the following is NOT a best practice for keeping your business and employees safe from cyberattacks while working from home?
Option 1. Multi-factor authentication
Option 2. Minimizing use of personal devices
Option 3. Using a Virtualized Personal Network (VPN)
Option 4. Using your personal meeting ID for virtual meetings
The correct answer is Option 4: As workers moved to online meetings, so did hackers who used phishing attacks to capture personal meeting IDs and account numbers. To help keep out unwanted visitors, it’s best to create a unique meeting ID for each meeting.
What percentage of security breaches in 2019 took advantage of a vulnerability that could have been but was not patched by software updates?
Option 1. 15%
Option 2. 34%
Option 3. 60%
Option 4. 80%
The correct answer is Option 3: Many attacks take advantage of vulnerabilities in out-of-date software. In 2019, 60% of attacks took advantage of a vulnerability that could have been patched. Help protect yourself by regularly updating your devices and software.
Have you discussed how to stay safe online with your children?
Here are five easy tips on how to guide the conversation.
Learn more
Cyber risk is just one piece of the puzzle . . .
Our experts offer advice on how to help protect all of your assets.
Learn more
A few simple steps can help prevent cyberattacks at home.
Learn more
Concerned that your account has been compromised? Call us.
Wilmington Trust: 1.800.982.4620
M&T: 1.800.724.2440
Business owners are a primary target for cybercriminals.
Help protect your digital and physical assets by speaking with our advisors.
Contact us
At home
Family, children, and elderly* Personal information
* Privacy
* Access to you
Threats: There are risks for all members of the family who use devices connected to the internet. Children are particularly prone to malware risks from “free media” sites, and all family members could be victims of Cyberstalking or Social Engineering attacks if they share too much information about themselves online. Criminals can use simple personal information on social media as clues to answer common security questions and hack into your account.
How to mitigate: Educate your family on safe cyber practices, including limiting the information they share on social networks. Update your privacy settings on social network accounts to the most private options, especially for public facing accounts. Encourage family members to be weary of sites promising “free” access to movies and other media, as these sites could be trying to access their devices.
Connected devices
* Privacy
* Network activity
* Audio and video recordings
Threats: Connected devices can make life more convenient, but they also increase risk. Every non-computer device that accesses a network using Internet of Things (IoT) technology, such as cameras or smart speakers, creates an entry point a hacker can use to access your network. Furthermore, these devices can collect and store data, even creating audio recordings of your home.
How to mitigate: Keep devices connected to your network up-to-date and reset their default passwords. Change the settings in your devices to automatically delete recordings on a regular cycle. Enable or install a Virtual Private Network (VPN) on your router to encrypt data shared between IoT devices.
Mail and trash
* Personal information
* Contacts
* Payment history
Threats: Criminals can also access your information in low-tech ways. They can retrieve documents, such as credit card bills, bank statements, and insurance statements, through Dumpster Diving or Mail Theft. These documents could tell criminals about your account information, but also travel and payment history, personal information, and contacts who could be used for Impersonation tactics.
How to mitigate: Never leave outgoing mail in your mailbox—instead take it directly to the post office. Consider reserving a PO Box for incoming mail to protect your privacy and to limit a criminal’s ability to associate your name with your personal residence. Shred all sensitive documents before disposing. Do not throw away packaging from expensive purchases, such as jewelry or technology, in your trash. Instead, dispose of it off premises so criminals can't assess your wealth or buying patterns by sifting through your garbage.
Computer
* Personal information
* Passwords
* Device security
Threats: Your computer is your gateway to the internet, but it also retains a plethora of sensitive information and documents that cybercriminals want to get their hands on. They may try to steal your passwords with Phishing or Whaling attempts, take control of your computer with Ransomware or Remote Access, or acquire your sensitive information when they hack your accounts.
How to mitigate: Do not respond to urgent emails requesting personal information and proceed with caution before opening emails with provocative subject lines. Do not click embedded hyperlinks or open attachments if you do not trust the sender. Never share passwords, login credentials, or any authentication information with others. Do not save personal or financial information in browsers, websites, or social networks. Back up all important files to cloud storage or an external drive on a regular basis. Update your computer with the latest security patches and install antivirus/anti-spam software.
Phone calls
* Personal information
* Account information
* Personal assets
Threats: Criminals are increasingly calling targets directly, pretending to be well known institutions such as the IRS or a wireless carrier, to gain access to accounts and personal information. Impersonation tactics tend to target vulnerable individuals with high urgency situations, such as false claims of account access, unauthorized charges, and even hostage scenarios.
How to mitigate: If you have doubts regarding the source of the call, hang-up immediately and call the company from a known number to confirm their authenticity. Never provide account information, credit card numbers, or other forms of payment such as gift-card numbers to satisfy the demands of the scammer. Do not agree to meet with the individual in person.
Home Networks and Wi-Fi
* Personal information
* Privacy
* Network activity
Threats: Home networks are a necessity in today’s always-connected world, but it can be a prime entry point for cyber criminals to directly monitor your digital activity. Criminals who to take over your network may monitor or manipulate your online activity via a Man in the Middle (MITM) attack.
How to mitigate: Update the administrative password to your router and ensure that your firewall is enabled. Give your Wi-Fi network name, or Service Set Identifier (SSID), a unique identifier and hide its broadcast. Set up a unique password with WPA2 encryption. For an extra layer of encryption, consider installing a Virtual Private Network (VPN) on your router, which will hide your true IP address and protect the connected devices on your home network. Never share your network password with individuals you do not trust.
In the office
Employees* Customer information
* Credentials
* Systems access
Threats: Every employee in your organization represents an entry point for a cybercriminal to gain access to your business data. Non-technological issues, such as hiring practices and employee education, as well as technological issues, such as Bring Your Own Device (BYOD) Policies and Shadow IT, all make your employees vulnerable to outside actors.
How to mitigate: Conduct background checks during the hiring process. Establish a clear, regular education program for employees on cyber risks, how to identify an attack, and mitigation strategies. Consider eliminating BYOD policies to limit exposure to employee devices and potential negligence. Limit your employees’ installation capabilities to approved applications and create an IT oversight process to oversee downloads and file sharing.
Vendors
* Customer information
* Business assets
* Reputation
Threats: Vendors are under attack as businesses increasingly grow relationships with third parties to expand their capabilities. If the vendor does not have a robust security program in place, businesses may find themselves at risk of experiencing Vendor Impersonation or Vendor Compromise.
How to mitigate: Complete a thorough cybersecurity review of a new vendor during onboarding, ensuring that they have mitigation and response plans, protections for your customers' data, as well as cyber insurance. Remain vigilant with vendor communications and requests for payment by confirming email addresses, phone numbers, and billing information.
Mail and trash
* Customer information
* Account information
* Vendor information
Threats: Criminals don’t always need to use technology to get sensitive information. They can pull documents containing internal or confidential information through Dumpster Diving, Mail Theft, or by breaking into your business.
How to mitigate: Provide shredding bins for your employees to destroy sensitive documents and provide locked drawers for documents required overnight. Create a mail intake, distribution, and output process that ensures physical letters and documents are not left unmonitored.
Infrastructure
* Customer information
* Business continuity
* Reputation
> Threats: Whether it’s an external or internal agent, some cyber criminals may directly attack your systems to access sensitive information or disrupt your business. Distributed Denial of Service (DDoS) attacks and SQL Injections are two common attacks that put your data and business continuity at risk.
How to mitigate: Consider implementing real-time monitoring tools to help identify and combat a live DDoS. Establish a comprehensive business continuity and incident response plan. Ensure that your business has input validation controls to sanitize unauthorized user inputs aimed at your data.
Employee processes
* Customer information
* Business assets
* Reputation
Threats: An organization’s processes can mitigate or add risk, especially where money and personal information are concerned. Organizations without well documented authentication and verification procedures may be at risk to cyber criminals requesting unauthorized payments or information.
How to mitigate: Establish clear controls for confirming vendor or executive payment requests, such as Dual Approval, to ensure that any requests are authentic and directed to the correct accounts. Educate employees on ways to identify fraudulent requests and implement regular testing to reinforce learnings.
Credentials
* Customer information
* Employee information
* Files and documents
Threats: Just like at home, cyber criminals are looking for ways to steal your and your employees' credentials to access critical systems. Phishing and Ransomware are common attack methods to gain access to your data, and once criminals are in, they may try to initiate unauthorized payments via an HR Portal Compromise.
How to mitigate: Do not respond to emails requesting personal information and proceed with caution before opening emails. Do not click embedded hyperlinks or open attachments if you do not trust the sender. Never share passwords, login credentials, or any authentication information with others. Back up all important files to cloud storage or an external drive on a regular basis. Update your business's devices and systems with the latest security patches and install antivirus/anti-spam software. Limit access to critical systems to only those that need it for their role and responsibilities.
On the go
Phone* Personal Information
* Passwords
* Device security
Threats: Phones, just like computers, can also be prone to threats from cyber criminals. Rogue Apps and application permissions can give criminals access to your phone and surroundings, while new threats like SIM Swapping can enable criminals to activate a duplicate of your phone anywhere in the world.
How to mitigate: Only download apps from trusted sources, such as the Google Play or Apple App store. Be careful when downloading apps from companies you don't know and be selective when granting permissions to new apps. Regularly delete apps you no longer use and review the permissions of the apps that you retain. Install a mobile anti-virus application for your phone. Maintain a strong password and passcode with your wireless carrier and consider the option of limiting your account's ability to add a new device in a brick-and-mortar store, in which identification is required.
Open networks
* Personal information
* Network activity
* Passwords
Threats: It's important to be cautious about what activities you engage in while connected to an unprotected and open Wi-Fi network, like those without passwords found in airports and coffee shops. Criminals may hijack an existing network or trick users into connecting to an Evil Twin Network to skim data as a Man in the Middle (MITM). They may even manipulate your traffic to access your personal information, such as data from online shopping and banking.
How to mitigate: Never input personal details or other sensitive information when browsing the internet on an unsecured Wi-Fi network. Consider subscribing to a reputable Virtual Private Network (VPN) service accessible to your phone, which will encrypt data passed through public Wi-Fi and mitigate the risk of having your information stolen.
USB devices
* Passwords
* Device security
* Files and documents
Threats: It’s important to be cautious about what you plug into your devices, especially in public settings. Cybercriminals may try to Bait an unsuspecting individual into plugging an unfamiliar, malware-spreading USB drive into a computer.
How to mitigate: Never insert an unfamiliar USB device or drive or hard drive into any of your devices. Limit or eliminate the use of thumb drives to store documents or other sensitive information, avoiding any potential confusion with unattended devices.
Charging your devices
* Passwords
* Device security
* Files and documents
Threats: Public USB charging stations are a convenient way to charge your mobile device, but cyber criminals may use this shared resource to transfer malware into your phone and other devices in an attack called Juice Jacking.
How to mitigate: Always carry and use your own charging adapter and USB cable to ensure you have a mobile charging option. Consider purchasing a high-capacity portable power bank that can charge your devices without relying on an available outlet.
Your surroundings
* Personal information
* Passwords
* Financial data
Threats: Criminals may also try to steal your information in-person when you least expect it. While you work on your laptop or phone or access an ATM terminal, criminals may try to Shoulder Surf to get a glimpse at your data.
How to mitigate: Consider purchasing a privacy screen filter that limits the field of view of your screens. Always maintain a password on your devices and lock them when you are finished. Occasionally look to your sides and behind you to ensure that nobody is glimpsing over your shoulder.
Sharing your trip
* Personal information
* Contacts
* Location
Threats: Your family and friends can't wait to hear about your travel adventures, but cyber criminals also what to know what you're up to. Information that you share online is valuable to criminals interested in Social Engineering their way into your accounts or Cyberstalking you to know when your home is unoccupied.
How to mitigate: Be mindful of what you share online, limiting information around travel dates, destinations, and who you are traveling with. Provide detailed travel information with your advisors and family before you leave. Share travel photos and stories only after you return from your trip.
Definitions
Bring Your Own Device (BYOD) Policy. Corporate policy that allows employees to use personal devices for business use. Business emails, documents, and systems may be accessible using employees' personal computers, laptops, or phones.Cyberstalking. The use of information available on the internet, including social media sites, to monitor, harass, or attack a victim.
Distributed Denial of Service (DDoS) Attack. When multiple compromised computer systems attack a target, such as a server or website, and cause a denial of service for its users. Customers of victims may be unable to communicate or interface with the victim during the duration of the attack.
Dual Approval Control. A process control in which two independent parties must separately confirm the validity and accuracy of a request before final execution. One example is a wire verification callback, in which one service associate receives the request and another service associate confirms the details with the client before execution.
Dumpster Diving. When an individual sifts through the contents of a residential, commercial, or other source of garbage or recycling to find items of value.
HR Portal Takeover. When attackers steal employees' credentials and reroute direct deposit paychecks to the scammers' own accounts.
Impersonation Attack. An attack in which a scammer pretends to be a trusted individual, business, or entity to manipulate a victim into sharing personal information or make an illegitimate payment.
Internet of Things (IoT). A networking capability that enables devices in your home, such as speakers, cameras, or televisions, to send and receive data.
Juice Jacking. An attack in which a scammer passes malware to or steals information from a victim's device by modifying the USB port in public charging stations.
Mail Theft. When an individual opens, interferes with, or steals mail intended for another. Criminals often try to access mail left unattended in unsecured mailboxes.
.
Man in the Middle (MITM) Attack. An attack in which an individual gains access to a network and monitors or manipulates traffic passing between a server and an endpoint.
Phishing. An attack that uses social engineering tactics to manipulate victims into divulging sensitive information. Typically occurring through fraudulent emails, texts, or messaging services, the attack may encourage victims to open malicious links and attachments or access a fake website to collect personal or financial data.
Ransomware. The use of malicious software (also known as malware) that, when downloaded to a computer, encrypts files, so they can no longer be accessed - or locks down the operating system entirely. Once the machine has been infected, users receive a message that instructs them to pay a ransom or risk losing their files permanently.
Remote Access. An attack in which a victim is manipulated into downloading software that enables the attacker to take control of the victim's computer. With full control, the attacker may install malware, steal files and information, or incapacitate the victim's computer.
Rogue Apps. Mobile apps that appear safe or official but actually function as malware. Once installed, these apps may corrupt or steal the information stored on your phone and may use your phone permissions to track your activity.
Shadow IT. The growing number of solutions or systems that employees are purchasing or using at work without the permission or knowledge of the IT department.
Shoulder Surfing. The practice of looking over someone's shoulder while they are using an ATM, writing a check, or using a personal device.
SIM Swap Attack. When a scammer uses social engineering to trick a phone carrier into activating the victim's phone number on a device in the scammer's possession. This is typically done to gain access to devices used in two-factor authentication.
Social Engineering. Attacks that focus on user behaviors and habits to manipulate victims into providing access to computers, devices, or accounts. Popular tactics include phishing, clickbait, social media, fake software updates, and geo-targeting.
SQL Injection. A common code injection attack that enables criminals to execute SQL statements on databases through a web application interface, enabling them to access and sometimes modify sensitive data.
Baiting. A passive attack in which a criminal leaves a USB device unattended in public, hoping a victim will plug it into a personal device. Upon injection, the USB device may inject malicious code, such as Ransomware, or execute hidden commands to send personal information and files to the criminal.
Vendor Compromise. An event in which a vendor's accounts or systems have been compromised via a cyberattack. Businesses working with the vendor may have customer or other sensitive information taken in the attack.
Vendor Impersonation. When an attacker solicits unsuspecting businesses for fake invoice payments or client information using compromised vendor systems or fraudulent email accounts.
Virtual Private Network (VPN). An encrypted connection to a network that masks data sent to and from a device. Information such as IP address and location are also hidden, increasing anonymity as you browse online.
Whaling. A form of phishing that targets corporate leaders and wealthy or high-profile individuals. The fraudster has invested time to learn about their target to appear as legitimate as possible.
Evil Twin Network. An open wireless network created by an attacker to monitor or manipulate unsuspecting users' traffic or to install malware. These networks are often given names that copy or imitate networks you would expect to see in that location (Airport Wi-Fi, Coffee Shop Wi-Fi, etc.).
Quiz
A data breach can cost a company millions. What percentage of that cost is attributable to future lost business and customers?Option 1. 5%
Option 2. 12%
Option 3. 28%
Option 4. 36%
The correct answer is Option 4: Cyberattacks cost companies $8.2MM per data breach in 2019, 36% of which was attributable to customers avoiding a business’s services after a cyberattack. A cyber insurance policy can help defray those costs.
Which of the following is NOT a best practice for keeping your business and employees safe from cyberattacks while working from home?
Option 1. Multi-factor authentication
Option 2. Minimizing use of personal devices
Option 3. Using a Virtualized Personal Network (VPN)
Option 4. Using your personal meeting ID for virtual meetings
The correct answer is Option 4: As workers moved to online meetings, so did hackers who used phishing attacks to capture personal meeting IDs and account numbers. To help keep out unwanted visitors, it’s best to create a unique meeting ID for each meeting.
What percentage of security breaches in 2019 took advantage of a vulnerability that could have been but was not patched by software updates?
Option 1. 15%
Option 2. 34%
Option 3. 60%
Option 4. 80%
The correct answer is Option 3: Many attacks take advantage of vulnerabilities in out-of-date software. In 2019, 60% of attacks took advantage of a vulnerability that could have been patched. Help protect yourself by regularly updating your devices and software.
As a valued client, we take protecting you, your family and your business from potential risks very seriously. We make every effort to protect your sensitive information by maintaining an Enterprise Information Security Program. However, we can’t be everywhere you are. Explore this site to learn how to identify and manage cyber risks at home, in the office, or on the go.
Protecting your information is one of our top priorities.
At M&T Bank and Wilmington Trust, we maintain a comprehensive Enterprise Information Security Program, which includes:
• Multiple Layers of Security and Defense
• Strict Policies and Standards
• Information Security Awareness Program
If you are ever concerned that your account has been compromised, please contact your Wealth Advisor or call us:
M&T: 1.800.724.2440
Wilmington Trust: 1.800.982.4620
The wealthy: A target for cyberattacks
28% of ultra-high net worth families, family offices, and family businesses have suffered a cyberattack in the past.
Businesses beware of data breaches
76% of small and medium U.S. businesses experienced a cyberattack in 2018-2019.
Cyberattacks hurt the bottom line
It cost U.S. companies an average of $8.2 million per data breach in 2019.
Customers are taking their business elsewhere
36% of data breach expenses are from lost business – the largest contributor to the overall cost that companies must pay.
Email is the main channel for phishing and malware delivery
50% of people check email on their phones first, thinking it’s safe. Not so. You are exposed to the risks of phishing and malware, regardless of the device you use.
* Personal information
* Privacy
* Access to you
Threats: There are risks for all members of the family who use devices connected to the internet. Children are particularly prone to malware risks from “free media” sites, and all family members could be victims of Cyberstalking or Social Engineering attacks if they share too much information about themselves online. Criminals can use simple personal information on social media as clues to answer common security questions and hack into your account.
How to mitigate: Educate your family on safe cyber practices, including limiting the information they share on social networks. Update your privacy settings on social network accounts to the most private options, especially for public facing accounts. Encourage family members to be weary of sites promising “free” access to movies and other media, as these sites could be trying to access their devices.
Connected devices
* Privacy
* Network activity
* Audio and video recordings
Threats: Connected devices can make life more convenient, but they also increase risk. Every non-computer device that accesses a network using Internet of Things (IoT) technology, such as cameras or smart speakers, creates an entry point a hacker can use to access your network. Furthermore, these devices can collect and store data, even creating audio recordings of your home.
How to mitigate: Keep devices connected to your network up-to-date and reset their default passwords. Change the settings in your devices to automatically delete recordings on a regular cycle. Enable or install a Virtual Private Network (VPN) on your router to encrypt data shared between IoT devices.
Mail and trash
* Personal information
* Contacts
* Payment history
Threats: Criminals can also access your information in low-tech ways. They can retrieve documents, such as credit card bills, bank statements, and insurance statements, through Dumpster Diving or Mail Theft. These documents could tell criminals about your account information, but also travel and payment history, personal information, and contacts who could be used for Impersonation tactics.
How to mitigate: Shred all sensitive documents before disposing. Never leave outgoing mail in your mailbox - instead take it directly to the post office.
Computer
* Personal information
* Passwords
* Device security
Threats: Your computer is your gateway to the internet, but it also retains a plethora of sensitive information and documents that cybercriminals want to get their hands on. They may try to steal your passwords with Phishing or Whaling attempts, take control of your computer with Ransomware or Remote Access, or acquire your sensitive information when they hack your accounts.
How to mitigate: Do not respond to urgent emails requesting personal information and proceed with caution before opening emails with provocative subject lines. Do not click embedded hyperlinks or open attachments if you do not trust the sender. Never share passwords, login credentials, or any authentication information with others. Do not save personal or financial information in browsers, websites, or social networks. Back up all important files to cloud storage or an external drive on a regular basis. Update your computer with the latest security patches and install antivirus/anti-spam software.
Phone calls
* Personal information
* Account information
* Personal assets
Threats: Criminals are increasingly calling targets directly, pretending to be well known institutions such as the IRS or a wireless carrier, to gain access to accounts and personal information. Impersonation tactics tend to target vulnerable individuals with high urgency situations, such as false claims of account access, unauthorized charges, and even hostage scenarios.
How to mitigate: If you have doubts regarding the source of the call, hang-up immediately and call the company from a known number to confirm their authenticity. Never provide account information, credit card numbers, or other forms of payment such as gift-card numbers to satisfy the demands of the scammer. Do not agree to meet with the individual in person.
Home Networks and Wi-Fi
* Personal information
* Privacy
* Network activity
Threats: Home networks are a necessity in today’s always-connected world, but it can be a prime entry point for cyber criminals to directly monitor your digital activity. Criminals who to take over your network may monitor or manipulate your online activity via a Man in the Middle (MITM) attack.
How to mitigate: Update the administrative password to your router and ensure that your firewall is enabled. Give your Wi-Fi network name, or Service Set Identifier (SSID), a unique identifier and hide its broadcast. Set up a unique password with WPA2 encryption. For an extra layer of encryption, consider installing a Virtual Private Network (VPN) on your router, which will hide your true IP address and protect the connected devices on your home network. Never share your network password with individuals you do not trust.
* Customer information
* Credentials
* Systems access
Threats: Every employee in your organization represents an entry point for a cybercriminal to gain access to your business data. Non-technological issues, such as hiring practices and employee education, as well as technological issues, such as Bring Your Own Device (BYOD) Policies and Shadow IT, all make your employees vulnerable to outside actors.
How to mitigate: Conduct background checks during the hiring process. Establish a clear, regular education program for employees on cyber risks, how to identify an attack, and mitigation strategies. Consider eliminating BYOD policies to limit exposure to employee devices and potential negligence. Limit your employees’ installation capabilities to approved applications and create an IT oversight process to oversee downloads and file sharing.
Vendors
* Customer information
* Business assets
* Reputation
Threats: Vendors are under attack as businesses increasingly grow relationships with third parties to expand their capabilities. If the vendor does not have a robust security program in place, businesses may find themselves at risk of experiencing Vendor Impersonation or Vendor Compromise.
How to mitigate: Complete a thorough cybersecurity review of a new vendor during onboarding, ensuring that they have mitigation and response plans, protections for your customers' data, as well as cyber insurance. Remain vigilant with vendor communications and requests for payment by confirming email addresses, phone numbers, and billing information.
Mail and trash
* Customer information
* Account information
* Vendor information
Threats: Criminals don’t always need to use technology to get sensitive information. They can pull documents containing internal or confidential information through Dumpster Diving, Mail Theft, or by breaking into your business.
How to mitigate: Provide shredding bins for your employees to destroy sensitive documents and provide locked drawers for documents required overnight. Create a mail intake, distribution, and output process that ensures physical letters and documents are not left unmonitored.
Infrastructure
* Customer information
* Business continuity
* Reputation
> Threats: Whether it’s an external or internal agent, some cyber criminals may directly attack your systems to access sensitive information or disrupt your business. Distributed Denial of Service (DDoS) attacks and SQL Injections are two common attacks that put your data and business continuity at risk.
How to mitigate: Consider implementing real-time monitoring tools to help identify and combat a live DDoS. Establish a comprehensive business continuity and incident response plan. Ensure that your business has input validation controls to sanitize unauthorized user inputs aimed at your data.
Employee processes
* Customer information
* Business assets
* Reputation
Threats: An organization’s processes can mitigate or add risk, especially where money and personal information are concerned. Organizations without well documented authentication and verification procedures may be at risk to cyber criminals requesting unauthorized payments or information.
How to mitigate: Establish clear controls for confirming vendor or executive payment requests, such as Dual Approval, to ensure that any requests are authentic and directed to the correct accounts. Educate employees on ways to identify fraudulent requests and implement regular testing to reinforce learnings.
Credentials
* Customer information
* Employee information
* Files and documents
Threats: Just like at home, cyber criminals are looking for ways to steal your and your employees' credentials to access critical systems. Phishing and Ransomware are common attack methods to gain access to your data, and once criminals are in, they may try to initiate unauthorized payments via an HR Portal Compromise.
How to mitigate: Do not respond to emails requesting personal information and proceed with caution before opening emails. Do not click embedded hyperlinks or open attachments if you do not trust the sender. Never share passwords, login credentials, or any authentication information with others. Back up all important files to cloud storage or an external drive on a regular basis. Update your business's devices and systems with the latest security patches and install antivirus/anti-spam software. Limit access to critical systems to only those that need it for their role and responsibilities.
* Personal Information
* Passwords
* Device security
Threats: Phones, just like computers, can also be prone to threats from cyber criminals. Rogue Apps and application permissions can give criminals access to your phone and surroundings, while new threats like SIM Swapping can enable criminals to activate a duplicate of your phone anywhere in the world.
How to mitigate: Only download apps from trusted sources, such as the Google Play or Apple App store. Be careful when downloading apps from companies you don't know and be selective when granting permissions to new apps. Regularly delete apps you no longer use and review the permissions of the apps that you retain. Install a mobile anti-virus application for your phone. Maintain a strong password and passcode with your wireless carrier and consider the option of limiting your account's ability to add a new device in a brick-and-mortar store, in which identification is required.
Open networks
* Personal information
* Network activity
* Passwords
Threats: It's important to be cautious about what activities you engage in while connected to an unprotected and open Wi-Fi network, like those without passwords found in airports and coffee shops. Criminals may hijack an existing network or trick users into connecting to an Evil Twin Network to skim data as a Man in the Middle (MITM). They may even manipulate your traffic to access your personal information, such as data from online shopping and banking.
How to mitigate: Never input personal details or other sensitive information when browsing the internet on an unsecured Wi-Fi network. Consider subscribing to a reputable Virtual Private Network (VPN) service accessible to your phone, which will encrypt data passed through public Wi-Fi and mitigate the risk of having your information stolen.
USB devices
* Passwords
* Device security
* Files and documents
Threats: It’s important to be cautious about what you plug into your devices, especially in public settings. Cybercriminals may try to Bait an unsuspecting individual into plugging an unfamiliar, malware-spreading USB drive into a computer.
How to mitigate: Never insert an unfamiliar USB device or drive or hard drive into any of your devices. Limit or eliminate the use of thumb drives to store documents or other sensitive information, avoiding any potential confusion with unattended devices.
Charging your devices
* Passwords
* Device security
* Files and documents
Threats: Public USB charging stations are a convenient way to charge your mobile device, but cyber criminals may use this shared resource to transfer malware into your phone and other devices in an attack called Juice Jacking.
How to mitigate: Always carry and use your own charging adapter and USB cable to ensure you have a mobile charging option. Consider purchasing a high-capacity portable power bank that can charge your devices without relying on an available outlet.
Your surroundings
* Personal information
* Passwords
* Financial data
Threats: Criminals may also try to steal your information in-person when you least expect it. While you work on your laptop or phone or access an ATM terminal, criminals may try to Shoulder Surf to get a glimpse at your data.
How to mitigate: Consider purchasing a privacy screen filter that limits the field of view of your screens. Always maintain a password on your devices and lock them when you are finished. Occasionally look to your sides and behind you to ensure that nobody is glimpsing over your shoulder.
Sharing your trip
* Personal information
* Contacts
* Location
Threats: Your family and friends can't wait to hear about your travel adventures, but cyber criminals also what to know what you're up to. Information that you share online is valuable to criminals interested in Social Engineering their way into your accounts or Cyberstalking you to know when your home is unoccupied.
How to mitigate: Be mindful of what you share online, limiting information around travel dates, destinations, and who you are traveling with. Provide detailed travel information with your advisors and family before you leave. Share travel photos and stories only after you return from your trip.
Cyberstalking. The use of information available on the internet, including social media sites, to monitor, harass, or attack a victim.
Distributed Denial of Service (DDoS) Attack. When multiple compromised computer systems attack a target, such as a server or website, and cause a denial of service for its users. Customers of victims may be unable to communicate or interface with the victim during the duration of the attack.
Dual Approval Control. A process control in which two independent parties must separately confirm the validity and accuracy of a request before final execution. One example is a wire verification callback, in which one service associate receives the request and another service associate confirms the details with the client before execution.
Dumpster Diving. When an individual sifts through the contents of a residential, commercial, or other source of garbage or recycling to find items of value.
HR Portal Takeover. When attackers steal employees' credentials and reroute direct deposit paychecks to the scammers' own accounts.
Impersonation Attack. An attack in which a scammer pretends to be a trusted individual, business, or entity to manipulate a victim into sharing personal information or make an illegitimate payment.
Internet of Things (IoT). A networking capability that enables devices in your home, such as speakers, cameras, or televisions, to send and receive data.
Juice Jacking. An attack in which a scammer passes malware to or steals information from a victim's device by modifying the USB port in public charging stations.
Mail Theft. When an individual opens, interferes with, or steals mail intended for another. Criminals often try to access mail left unattended in unsecured mailboxes.
.
Man in the Middle (MITM) Attack. An attack in which an individual gains access to a network and monitors or manipulates traffic passing between a server and an endpoint.
Phishing. An attack that uses social engineering tactics to manipulate victims into divulging sensitive information. Typically occurring through fraudulent emails, texts, or messaging services, the attack may encourage victims to open malicious links and attachments or access a fake website to collect personal or financial data.
Ransomware. The use of malicious software (also known as malware) that, when downloaded to a computer, encrypts files, so they can no longer be accessed - or locks down the operating system entirely. Once the machine has been infected, users receive a message that instructs them to pay a ransom or risk losing their files permanently.
Remote Access. An attack in which a victim is manipulated into downloading software that enables the attacker to take control of the victim's computer. With full control, the attacker may install malware, steal files and information, or incapacitate the victim's computer.
Rogue Apps. Mobile apps that appear safe or official but actually function as malware. Once installed, these apps may corrupt or steal the information stored on your phone and may use your phone permissions to track your activity.
Shadow IT. The growing number of solutions or systems that employees are purchasing or using at work without the permission or knowledge of the IT department.
Shoulder Surfing. The practice of looking over someone's shoulder while they are using an ATM, writing a check, or using a personal device.
SIM Swap Attack. When a scammer uses social engineering to trick a phone carrier into activating the victim's phone number on a device in the scammer's possession. This is typically done to gain access to devices used in two-factor authentication.
Social Engineering. Attacks that focus on user behaviors and habits to manipulate victims into providing access to computers, devices, or accounts. Popular tactics include phishing, clickbait, social media, fake software updates, and geo-targeting.
SQL Injection. A common code injection attack that enables criminals to execute SQL statements on databases through a web application interface, enabling them to access and sometimes modify sensitive data.
Baiting. A passive attack in which a criminal leaves a USB device unattended in public, hoping a victim will plug it into a personal device. Upon injection, the USB device may inject malicious code, such as Ransomware, or execute hidden commands to send personal information and files to the criminal.
Vendor Compromise. An event in which a vendor's accounts or systems have been compromised via a cyberattack. Businesses working with the vendor may have customer or other sensitive information taken in the attack.
Vendor Impersonation. When an attacker solicits unsuspecting businesses for fake invoice payments or client information using compromised vendor systems or fraudulent email accounts.
Virtual Private Network (VPN). An encrypted connection to a network that masks data sent to and from a device. Information such as IP address and location are also hidden, increasing anonymity as you browse online.
Whaling. A form of phishing that targets corporate leaders and wealthy or high-profile individuals. The fraudster has invested time to learn about their target to appear as legitimate as possible.
Evil Twin Network. An open wireless network created by an attacker to monitor or manipulate unsuspecting users' traffic or to install malware. These networks are often given names that copy or imitate networks you would expect to see in that location (Airport Wi-Fi, Coffee Shop Wi-Fi, etc.).
Option 1. Give the caller your information immediately so they can help.
Option 2. Hang up and call the company’s known number to confirm the authenticity of the call.
Option 3. Ask for identification, like employee ID, to confirm the authenticity of the call.
Option 4. Give the caller your credit card number - it’s safer than your SSN.
The correct answer is Option 2: If you have any suspicions, hang up right away. If original call is legitimate, the company can help you when you call back.
You receive an email at work with an urgent subject line from an unfamiliar address. What should you do?.
Option 1. Open the attachment to investigate. Your device is protected with the latest anti-virus software.
Option 2. Look for obvious phishing giveaways, like an alphanumeric-named attachment. If there are none, it’s safe.
Option 3. Report the suspicious email as phishing or spam.
Option 4. Ignore the email. You don’t want to get a legitimate sender into trouble.
The correct answer is Option 3: It is always better to be safe, even if you have anti-virus software. Do not open suspicious emails. Instead, report the email to your Internet Service Provider or your employer’s IT or Information Security Department.
Which is not an effective way to mitigate risks associated with your home network or Wi-Fi?.
Option 1. Set up a unique password with WPA2 encryption.
Option 2. Install a Virtual Private Network (VPN).
Option 3. Update the administrative password to your router.
Option 4. Keep the default Wi-Fi network name to protect anonymity.
The correct answer is Option 4: Default Wi-Fi network names can tell scammers the brand of router you’re using, highlighting potential exploits that could enable unauthorized access to your network and your data.
Protecting your information is one of our top priorities.
At M&T Bank and Wilmington Trust, we maintain a comprehensive Enterprise Information Security Program, which includes:
• Multiple Layers of Security and Defense
• Strict Policies and Standards
• Information Security Awareness Program
If you are ever concerned that your account has been compromised, please contact your Wealth Advisor or call us:
M&T: 1.800.724.2440
Wilmington Trust: 1.800.982.4620
The wealthy: A target for cyberattacks
28% of ultra-high net worth families, family offices, and family businesses have suffered a cyberattack in the past.
Businesses beware of data breaches
76% of small and medium U.S. businesses experienced a cyberattack in 2018-2019.
Cyberattacks hurt the bottom line
It cost U.S. companies an average of $8.2 million per data breach in 2019.
Customers are taking their business elsewhere
36% of data breach expenses are from lost business – the largest contributor to the overall cost that companies must pay.
Email is the main channel for phishing and malware delivery
50% of people check email on their phones first, thinking it’s safe. Not so. You are exposed to the risks of phishing and malware, regardless of the device you use.
At home
Family, children, and elderly* Personal information
* Privacy
* Access to you
Threats: There are risks for all members of the family who use devices connected to the internet. Children are particularly prone to malware risks from “free media” sites, and all family members could be victims of Cyberstalking or Social Engineering attacks if they share too much information about themselves online. Criminals can use simple personal information on social media as clues to answer common security questions and hack into your account.
How to mitigate: Educate your family on safe cyber practices, including limiting the information they share on social networks. Update your privacy settings on social network accounts to the most private options, especially for public facing accounts. Encourage family members to be weary of sites promising “free” access to movies and other media, as these sites could be trying to access their devices.
Connected devices
* Privacy
* Network activity
* Audio and video recordings
Threats: Connected devices can make life more convenient, but they also increase risk. Every non-computer device that accesses a network using Internet of Things (IoT) technology, such as cameras or smart speakers, creates an entry point a hacker can use to access your network. Furthermore, these devices can collect and store data, even creating audio recordings of your home.
How to mitigate: Keep devices connected to your network up-to-date and reset their default passwords. Change the settings in your devices to automatically delete recordings on a regular cycle. Enable or install a Virtual Private Network (VPN) on your router to encrypt data shared between IoT devices.
Mail and trash
* Personal information
* Contacts
* Payment history
Threats: Criminals can also access your information in low-tech ways. They can retrieve documents, such as credit card bills, bank statements, and insurance statements, through Dumpster Diving or Mail Theft. These documents could tell criminals about your account information, but also travel and payment history, personal information, and contacts who could be used for Impersonation tactics.
How to mitigate: Shred all sensitive documents before disposing. Never leave outgoing mail in your mailbox - instead take it directly to the post office.
Computer
* Personal information
* Passwords
* Device security
Threats: Your computer is your gateway to the internet, but it also retains a plethora of sensitive information and documents that cybercriminals want to get their hands on. They may try to steal your passwords with Phishing or Whaling attempts, take control of your computer with Ransomware or Remote Access, or acquire your sensitive information when they hack your accounts.
How to mitigate: Do not respond to urgent emails requesting personal information and proceed with caution before opening emails with provocative subject lines. Do not click embedded hyperlinks or open attachments if you do not trust the sender. Never share passwords, login credentials, or any authentication information with others. Do not save personal or financial information in browsers, websites, or social networks. Back up all important files to cloud storage or an external drive on a regular basis. Update your computer with the latest security patches and install antivirus/anti-spam software.
Phone calls
* Personal information
* Account information
* Personal assets
Threats: Criminals are increasingly calling targets directly, pretending to be well known institutions such as the IRS or a wireless carrier, to gain access to accounts and personal information. Impersonation tactics tend to target vulnerable individuals with high urgency situations, such as false claims of account access, unauthorized charges, and even hostage scenarios.
How to mitigate: If you have doubts regarding the source of the call, hang-up immediately and call the company from a known number to confirm their authenticity. Never provide account information, credit card numbers, or other forms of payment such as gift-card numbers to satisfy the demands of the scammer. Do not agree to meet with the individual in person.
Home Networks and Wi-Fi
* Personal information
* Privacy
* Network activity
Threats: Home networks are a necessity in today’s always-connected world, but it can be a prime entry point for cyber criminals to directly monitor your digital activity. Criminals who to take over your network may monitor or manipulate your online activity via a Man in the Middle (MITM) attack.
How to mitigate: Update the administrative password to your router and ensure that your firewall is enabled. Give your Wi-Fi network name, or Service Set Identifier (SSID), a unique identifier and hide its broadcast. Set up a unique password with WPA2 encryption. For an extra layer of encryption, consider installing a Virtual Private Network (VPN) on your router, which will hide your true IP address and protect the connected devices on your home network. Never share your network password with individuals you do not trust.
In the office
Employees* Customer information
* Credentials
* Systems access
Threats: Every employee in your organization represents an entry point for a cybercriminal to gain access to your business data. Non-technological issues, such as hiring practices and employee education, as well as technological issues, such as Bring Your Own Device (BYOD) Policies and Shadow IT, all make your employees vulnerable to outside actors.
How to mitigate: Conduct background checks during the hiring process. Establish a clear, regular education program for employees on cyber risks, how to identify an attack, and mitigation strategies. Consider eliminating BYOD policies to limit exposure to employee devices and potential negligence. Limit your employees’ installation capabilities to approved applications and create an IT oversight process to oversee downloads and file sharing.
Vendors
* Customer information
* Business assets
* Reputation
Threats: Vendors are under attack as businesses increasingly grow relationships with third parties to expand their capabilities. If the vendor does not have a robust security program in place, businesses may find themselves at risk of experiencing Vendor Impersonation or Vendor Compromise.
How to mitigate: Complete a thorough cybersecurity review of a new vendor during onboarding, ensuring that they have mitigation and response plans, protections for your customers' data, as well as cyber insurance. Remain vigilant with vendor communications and requests for payment by confirming email addresses, phone numbers, and billing information.
Mail and trash
* Customer information
* Account information
* Vendor information
Threats: Criminals don’t always need to use technology to get sensitive information. They can pull documents containing internal or confidential information through Dumpster Diving, Mail Theft, or by breaking into your business.
How to mitigate: Provide shredding bins for your employees to destroy sensitive documents and provide locked drawers for documents required overnight. Create a mail intake, distribution, and output process that ensures physical letters and documents are not left unmonitored.
Infrastructure
* Customer information
* Business continuity
* Reputation
> Threats: Whether it’s an external or internal agent, some cyber criminals may directly attack your systems to access sensitive information or disrupt your business. Distributed Denial of Service (DDoS) attacks and SQL Injections are two common attacks that put your data and business continuity at risk.
How to mitigate: Consider implementing real-time monitoring tools to help identify and combat a live DDoS. Establish a comprehensive business continuity and incident response plan. Ensure that your business has input validation controls to sanitize unauthorized user inputs aimed at your data.
Employee processes
* Customer information
* Business assets
* Reputation
Threats: An organization’s processes can mitigate or add risk, especially where money and personal information are concerned. Organizations without well documented authentication and verification procedures may be at risk to cyber criminals requesting unauthorized payments or information.
How to mitigate: Establish clear controls for confirming vendor or executive payment requests, such as Dual Approval, to ensure that any requests are authentic and directed to the correct accounts. Educate employees on ways to identify fraudulent requests and implement regular testing to reinforce learnings.
Credentials
* Customer information
* Employee information
* Files and documents
Threats: Just like at home, cyber criminals are looking for ways to steal your and your employees' credentials to access critical systems. Phishing and Ransomware are common attack methods to gain access to your data, and once criminals are in, they may try to initiate unauthorized payments via an HR Portal Compromise.
How to mitigate: Do not respond to emails requesting personal information and proceed with caution before opening emails. Do not click embedded hyperlinks or open attachments if you do not trust the sender. Never share passwords, login credentials, or any authentication information with others. Back up all important files to cloud storage or an external drive on a regular basis. Update your business's devices and systems with the latest security patches and install antivirus/anti-spam software. Limit access to critical systems to only those that need it for their role and responsibilities.
On the go
Phone* Personal Information
* Passwords
* Device security
Threats: Phones, just like computers, can also be prone to threats from cyber criminals. Rogue Apps and application permissions can give criminals access to your phone and surroundings, while new threats like SIM Swapping can enable criminals to activate a duplicate of your phone anywhere in the world.
How to mitigate: Only download apps from trusted sources, such as the Google Play or Apple App store. Be careful when downloading apps from companies you don't know and be selective when granting permissions to new apps. Regularly delete apps you no longer use and review the permissions of the apps that you retain. Install a mobile anti-virus application for your phone. Maintain a strong password and passcode with your wireless carrier and consider the option of limiting your account's ability to add a new device in a brick-and-mortar store, in which identification is required.
Open networks
* Personal information
* Network activity
* Passwords
Threats: It's important to be cautious about what activities you engage in while connected to an unprotected and open Wi-Fi network, like those without passwords found in airports and coffee shops. Criminals may hijack an existing network or trick users into connecting to an Evil Twin Network to skim data as a Man in the Middle (MITM). They may even manipulate your traffic to access your personal information, such as data from online shopping and banking.
How to mitigate: Never input personal details or other sensitive information when browsing the internet on an unsecured Wi-Fi network. Consider subscribing to a reputable Virtual Private Network (VPN) service accessible to your phone, which will encrypt data passed through public Wi-Fi and mitigate the risk of having your information stolen.
USB devices
* Passwords
* Device security
* Files and documents
Threats: It’s important to be cautious about what you plug into your devices, especially in public settings. Cybercriminals may try to Bait an unsuspecting individual into plugging an unfamiliar, malware-spreading USB drive into a computer.
How to mitigate: Never insert an unfamiliar USB device or drive or hard drive into any of your devices. Limit or eliminate the use of thumb drives to store documents or other sensitive information, avoiding any potential confusion with unattended devices.
Charging your devices
* Passwords
* Device security
* Files and documents
Threats: Public USB charging stations are a convenient way to charge your mobile device, but cyber criminals may use this shared resource to transfer malware into your phone and other devices in an attack called Juice Jacking.
How to mitigate: Always carry and use your own charging adapter and USB cable to ensure you have a mobile charging option. Consider purchasing a high-capacity portable power bank that can charge your devices without relying on an available outlet.
Your surroundings
* Personal information
* Passwords
* Financial data
Threats: Criminals may also try to steal your information in-person when you least expect it. While you work on your laptop or phone or access an ATM terminal, criminals may try to Shoulder Surf to get a glimpse at your data.
How to mitigate: Consider purchasing a privacy screen filter that limits the field of view of your screens. Always maintain a password on your devices and lock them when you are finished. Occasionally look to your sides and behind you to ensure that nobody is glimpsing over your shoulder.
Sharing your trip
* Personal information
* Contacts
* Location
Threats: Your family and friends can't wait to hear about your travel adventures, but cyber criminals also what to know what you're up to. Information that you share online is valuable to criminals interested in Social Engineering their way into your accounts or Cyberstalking you to know when your home is unoccupied.
How to mitigate: Be mindful of what you share online, limiting information around travel dates, destinations, and who you are traveling with. Provide detailed travel information with your advisors and family before you leave. Share travel photos and stories only after you return from your trip.
Definitions
Bring Your Own Device (BYOD) Policy. Corporate policy that allows employees to use personal devices for business use. Business emails, documents, and systems may be accessible using employees' personal computers, laptops, or phones.Cyberstalking. The use of information available on the internet, including social media sites, to monitor, harass, or attack a victim.
Distributed Denial of Service (DDoS) Attack. When multiple compromised computer systems attack a target, such as a server or website, and cause a denial of service for its users. Customers of victims may be unable to communicate or interface with the victim during the duration of the attack.
Dual Approval Control. A process control in which two independent parties must separately confirm the validity and accuracy of a request before final execution. One example is a wire verification callback, in which one service associate receives the request and another service associate confirms the details with the client before execution.
Dumpster Diving. When an individual sifts through the contents of a residential, commercial, or other source of garbage or recycling to find items of value.
HR Portal Takeover. When attackers steal employees' credentials and reroute direct deposit paychecks to the scammers' own accounts.
Impersonation Attack. An attack in which a scammer pretends to be a trusted individual, business, or entity to manipulate a victim into sharing personal information or make an illegitimate payment.
Internet of Things (IoT). A networking capability that enables devices in your home, such as speakers, cameras, or televisions, to send and receive data.
Juice Jacking. An attack in which a scammer passes malware to or steals information from a victim's device by modifying the USB port in public charging stations.
Mail Theft. When an individual opens, interferes with, or steals mail intended for another. Criminals often try to access mail left unattended in unsecured mailboxes.
.
Man in the Middle (MITM) Attack. An attack in which an individual gains access to a network and monitors or manipulates traffic passing between a server and an endpoint.
Phishing. An attack that uses social engineering tactics to manipulate victims into divulging sensitive information. Typically occurring through fraudulent emails, texts, or messaging services, the attack may encourage victims to open malicious links and attachments or access a fake website to collect personal or financial data.
Ransomware. The use of malicious software (also known as malware) that, when downloaded to a computer, encrypts files, so they can no longer be accessed - or locks down the operating system entirely. Once the machine has been infected, users receive a message that instructs them to pay a ransom or risk losing their files permanently.
Remote Access. An attack in which a victim is manipulated into downloading software that enables the attacker to take control of the victim's computer. With full control, the attacker may install malware, steal files and information, or incapacitate the victim's computer.
Rogue Apps. Mobile apps that appear safe or official but actually function as malware. Once installed, these apps may corrupt or steal the information stored on your phone and may use your phone permissions to track your activity.
Shadow IT. The growing number of solutions or systems that employees are purchasing or using at work without the permission or knowledge of the IT department.
Shoulder Surfing. The practice of looking over someone's shoulder while they are using an ATM, writing a check, or using a personal device.
SIM Swap Attack. When a scammer uses social engineering to trick a phone carrier into activating the victim's phone number on a device in the scammer's possession. This is typically done to gain access to devices used in two-factor authentication.
Social Engineering. Attacks that focus on user behaviors and habits to manipulate victims into providing access to computers, devices, or accounts. Popular tactics include phishing, clickbait, social media, fake software updates, and geo-targeting.
SQL Injection. A common code injection attack that enables criminals to execute SQL statements on databases through a web application interface, enabling them to access and sometimes modify sensitive data.
Baiting. A passive attack in which a criminal leaves a USB device unattended in public, hoping a victim will plug it into a personal device. Upon injection, the USB device may inject malicious code, such as Ransomware, or execute hidden commands to send personal information and files to the criminal.
Vendor Compromise. An event in which a vendor's accounts or systems have been compromised via a cyberattack. Businesses working with the vendor may have customer or other sensitive information taken in the attack.
Vendor Impersonation. When an attacker solicits unsuspecting businesses for fake invoice payments or client information using compromised vendor systems or fraudulent email accounts.
Virtual Private Network (VPN). An encrypted connection to a network that masks data sent to and from a device. Information such as IP address and location are also hidden, increasing anonymity as you browse online.
Whaling. A form of phishing that targets corporate leaders and wealthy or high-profile individuals. The fraudster has invested time to learn about their target to appear as legitimate as possible.
Evil Twin Network. An open wireless network created by an attacker to monitor or manipulate unsuspecting users' traffic or to install malware. These networks are often given names that copy or imitate networks you would expect to see in that location (Airport Wi-Fi, Coffee Shop Wi-Fi, etc.).
Quiz
You receive a phone call about fraud on your account. The caller asks you to confirm your SSN. What should you do?.Option 1. Give the caller your information immediately so they can help.
Option 2. Hang up and call the company’s known number to confirm the authenticity of the call.
Option 3. Ask for identification, like employee ID, to confirm the authenticity of the call.
Option 4. Give the caller your credit card number - it’s safer than your SSN.
The correct answer is Option 2: If you have any suspicions, hang up right away. If original call is legitimate, the company can help you when you call back.
You receive an email at work with an urgent subject line from an unfamiliar address. What should you do?.
Option 1. Open the attachment to investigate. Your device is protected with the latest anti-virus software.
Option 2. Look for obvious phishing giveaways, like an alphanumeric-named attachment. If there are none, it’s safe.
Option 3. Report the suspicious email as phishing or spam.
Option 4. Ignore the email. You don’t want to get a legitimate sender into trouble.
The correct answer is Option 3: It is always better to be safe, even if you have anti-virus software. Do not open suspicious emails. Instead, report the email to your Internet Service Provider or your employer’s IT or Information Security Department.
Which is not an effective way to mitigate risks associated with your home network or Wi-Fi?.
Option 1. Set up a unique password with WPA2 encryption.
Option 2. Install a Virtual Private Network (VPN).
Option 3. Update the administrative password to your router.
Option 4. Keep the default Wi-Fi network name to protect anonymity.
The correct answer is Option 4: Default Wi-Fi network names can tell scammers the brand of router you’re using, highlighting potential exploits that could enable unauthorized access to your network and your data.
As a valued client, we take protecting you, your family and your business from potential risks very seriously. We make every effort to protect your sensitive information by maintaining an Enterprise Information Security Program. However, we can’t be everywhere you are. Explore this site to learn how to identify and manage cyber risks at home, in the office, or on the go.
Protecting your information is one of our top priorities.
At M&T Bank and Wilmington Trust, we maintain a comprehensive Enterprise Information Security Program, which includes:
• Multiple Layers of Security and Defense
• Strict Policies and Standards
• Information Security Awareness Program
If you are ever concerned that your account has been compromised, please contact your Wealth Advisor or call us:
M&T: 1.800.724.2440
Wilmington Trust: 1.800.982.4620
The wealthy: A target for cyberattacks
28% of ultra-high net worth families, family offices, and family businesses have suffered a cyberattack in the past.
Businesses beware of data breaches
76% of small and medium U.S. businesses experienced a cyberattack in 2018-2019.
Cyberattacks hurt the bottom line
It cost U.S. companies an average of $8.2 million per data breach in 2019.
Customers are taking their business elsewhere
36% of data breach expenses are from lost business – the largest contributor to the overall cost that companies must pay.
Email is the main channel for phishing and malware delivery
50% of people check email on their phones first, thinking it’s safe. Not so. You are exposed to the risks of phishing and malware, regardless of the device you use.
* Personal information
* Privacy
* Access to you
Threats: There are risks for all members of the family who use devices connected to the internet. Children are particularly prone to malware risks from “free media” sites, and all family members could be victims of Cyberstalking or Social Engineering attacks if they share too much information about themselves online. Criminals can use simple personal information on social media as clues to answer common security questions and hack into your account.
How to mitigate: Educate your family on safe cyber practices, including limiting the information they share on social networks. Update your privacy settings on social network accounts to the most private options, especially for public facing accounts. Encourage family members to be weary of sites promising “free” access to movies and other media, as these sites could be trying to access their devices.
Connected devices
* Privacy
* Network activity
* Audio and video recordings
Threats: Connected devices can make life more convenient, but they also increase risk. Every non-computer device that accesses a network using Internet of Things (IoT) technology, such as cameras or smart speakers, creates an entry point a hacker can use to access your network. Furthermore, these devices can collect and store data, even creating audio recordings of your home.
How to mitigate: Keep devices connected to your network up-to-date and reset their default passwords. Change the settings in your devices to automatically delete recordings on a regular cycle. Enable or install a Virtual Private Network (VPN) on your router to encrypt data shared between IoT devices.
Mail and trash
* Personal information
* Contacts
* Payment history
Threats: Criminals can also access your information in low-tech ways. They can retrieve documents, such as credit card bills, bank statements, and insurance statements, through Dumpster Diving or Mail Theft. These documents could tell criminals about your account information, but also travel and payment history, personal information, and contacts who could be used for Impersonation tactics.
How to mitigate: Shred all sensitive documents before disposing. Never leave outgoing mail in your mailbox - instead take it directly to the post office.
Computer
* Personal information
* Passwords
* Device security
Threats: Your computer is your gateway to the internet, but it also retains a plethora of sensitive information and documents that cybercriminals want to get their hands on. They may try to steal your passwords with Phishing or Whaling attempts, take control of your computer with Ransomware or Remote Access, or acquire your sensitive information when they hack your accounts.
How to mitigate: Do not respond to urgent emails requesting personal information and proceed with caution before opening emails with provocative subject lines. Do not click embedded hyperlinks or open attachments if you do not trust the sender. Never share passwords, login credentials, or any authentication information with others. Do not save personal or financial information in browsers, websites, or social networks. Back up all important files to cloud storage or an external drive on a regular basis. Update your computer with the latest security patches and install antivirus/anti-spam software.
Phone calls
* Personal information
* Account information
* Personal assets
Threats: Criminals are increasingly calling targets directly, pretending to be well known institutions such as the IRS or a wireless carrier, to gain access to accounts and personal information. Impersonation tactics tend to target vulnerable individuals with high urgency situations, such as false claims of account access, unauthorized charges, and even hostage scenarios.
How to mitigate: If you have doubts regarding the source of the call, hang-up immediately and call the company from a known number to confirm their authenticity. Never provide account information, credit card numbers, or other forms of payment such as gift-card numbers to satisfy the demands of the scammer. Do not agree to meet with the individual in person.
Home Networks and Wi-Fi
* Personal information
* Privacy
* Network activity
Threats: Home networks are a necessity in today’s always-connected world, but it can be a prime entry point for cyber criminals to directly monitor your digital activity. Criminals who to take over your network may monitor or manipulate your online activity via a Man in the Middle (MITM) attack.
How to mitigate: Update the administrative password to your router and ensure that your firewall is enabled. Give your Wi-Fi network name, or Service Set Identifier (SSID), a unique identifier and hide its broadcast. Set up a unique password with WPA2 encryption. For an extra layer of encryption, consider installing a Virtual Private Network (VPN) on your router, which will hide your true IP address and protect the connected devices on your home network. Never share your network password with individuals you do not trust.
* Customer information
* Credentials
* Systems access
Threats: Every employee in your organization represents an entry point for a cybercriminal to gain access to your business data. Non-technological issues, such as hiring practices and employee education, as well as technological issues, such as Bring Your Own Device (BYOD) Policies and Shadow IT, all make your employees vulnerable to outside actors.
How to mitigate: Conduct background checks during the hiring process. Establish a clear, regular education program for employees on cyber risks, how to identify an attack, and mitigation strategies. Consider eliminating BYOD policies to limit exposure to employee devices and potential negligence. Limit your employees’ installation capabilities to approved applications and create an IT oversight process to oversee downloads and file sharing.
Vendors
* Customer information
* Business assets
* Reputation
Threats: Vendors are under attack as businesses increasingly grow relationships with third parties to expand their capabilities. If the vendor does not have a robust security program in place, businesses may find themselves at risk of experiencing Vendor Impersonation or Vendor Compromise.
How to mitigate: Complete a thorough cybersecurity review of a new vendor during onboarding, ensuring that they have mitigation and response plans, protections for your customers' data, as well as cyber insurance. Remain vigilant with vendor communications and requests for payment by confirming email addresses, phone numbers, and billing information.
Mail and trash
* Customer information
* Account information
* Vendor information
Threats: Criminals don’t always need to use technology to get sensitive information. They can pull documents containing internal or confidential information through Dumpster Diving, Mail Theft, or by breaking into your business.
How to mitigate: Provide shredding bins for your employees to destroy sensitive documents and provide locked drawers for documents required overnight. Create a mail intake, distribution, and output process that ensures physical letters and documents are not left unmonitored.
Infrastructure
* Customer information
* Business continuity
* Reputation
> Threats: Whether it’s an external or internal agent, some cyber criminals may directly attack your systems to access sensitive information or disrupt your business. Distributed Denial of Service (DDoS) attacks and SQL Injections are two common attacks that put your data and business continuity at risk.
How to mitigate: Consider implementing real-time monitoring tools to help identify and combat a live DDoS. Establish a comprehensive business continuity and incident response plan. Ensure that your business has input validation controls to sanitize unauthorized user inputs aimed at your data.
Employee processes
* Customer information
* Business assets
* Reputation
Threats: An organization’s processes can mitigate or add risk, especially where money and personal information are concerned. Organizations without well documented authentication and verification procedures may be at risk to cyber criminals requesting unauthorized payments or information.
How to mitigate: Establish clear controls for confirming vendor or executive payment requests, such as Dual Approval, to ensure that any requests are authentic and directed to the correct accounts. Educate employees on ways to identify fraudulent requests and implement regular testing to reinforce learnings.
Credentials
* Customer information
* Employee information
* Files and documents
Threats: Just like at home, cyber criminals are looking for ways to steal your and your employees' credentials to access critical systems. Phishing and Ransomware are common attack methods to gain access to your data, and once criminals are in, they may try to initiate unauthorized payments via an HR Portal Compromise.
How to mitigate: Do not respond to emails requesting personal information and proceed with caution before opening emails. Do not click embedded hyperlinks or open attachments if you do not trust the sender. Never share passwords, login credentials, or any authentication information with others. Back up all important files to cloud storage or an external drive on a regular basis. Update your business's devices and systems with the latest security patches and install antivirus/anti-spam software. Limit access to critical systems to only those that need it for their role and responsibilities.
* Personal Information
* Passwords
* Device security
Threats: Phones, just like computers, can also be prone to threats from cyber criminals. Rogue Apps and application permissions can give criminals access to your phone and surroundings, while new threats like SIM Swapping can enable criminals to activate a duplicate of your phone anywhere in the world.
How to mitigate: Only download apps from trusted sources, such as the Google Play or Apple App store. Be careful when downloading apps from companies you don't know and be selective when granting permissions to new apps. Regularly delete apps you no longer use and review the permissions of the apps that you retain. Install a mobile anti-virus application for your phone. Maintain a strong password and passcode with your wireless carrier and consider the option of limiting your account's ability to add a new device in a brick-and-mortar store, in which identification is required.
Open networks
* Personal information
* Network activity
* Passwords
Threats: It's important to be cautious about what activities you engage in while connected to an unprotected and open Wi-Fi network, like those without passwords found in airports and coffee shops. Criminals may hijack an existing network or trick users into connecting to an Evil Twin Network to skim data as a Man in the Middle (MITM). They may even manipulate your traffic to access your personal information, such as data from online shopping and banking.
How to mitigate: Never input personal details or other sensitive information when browsing the internet on an unsecured Wi-Fi network. Consider subscribing to a reputable Virtual Private Network (VPN) service accessible to your phone, which will encrypt data passed through public Wi-Fi and mitigate the risk of having your information stolen.
USB devices
* Passwords
* Device security
* Files and documents
Threats: It’s important to be cautious about what you plug into your devices, especially in public settings. Cybercriminals may try to Bait an unsuspecting individual into plugging an unfamiliar, malware-spreading USB drive into a computer.
How to mitigate: Never insert an unfamiliar USB device or drive or hard drive into any of your devices. Limit or eliminate the use of thumb drives to store documents or other sensitive information, avoiding any potential confusion with unattended devices.
Charging your devices
* Passwords
* Device security
* Files and documents
Threats: Public USB charging stations are a convenient way to charge your mobile device, but cyber criminals may use this shared resource to transfer malware into your phone and other devices in an attack called Juice Jacking.
How to mitigate: Always carry and use your own charging adapter and USB cable to ensure you have a mobile charging option. Consider purchasing a high-capacity portable power bank that can charge your devices without relying on an available outlet.
Your surroundings
* Personal information
* Passwords
* Financial data
Threats: Criminals may also try to steal your information in-person when you least expect it. While you work on your laptop or phone or access an ATM terminal, criminals may try to Shoulder Surf to get a glimpse at your data.
How to mitigate: Consider purchasing a privacy screen filter that limits the field of view of your screens. Always maintain a password on your devices and lock them when you are finished. Occasionally look to your sides and behind you to ensure that nobody is glimpsing over your shoulder.
Sharing your trip
* Personal information
* Contacts
* Location
Threats: Your family and friends can't wait to hear about your travel adventures, but cyber criminals also what to know what you're up to. Information that you share online is valuable to criminals interested in Social Engineering their way into your accounts or Cyberstalking you to know when your home is unoccupied.
How to mitigate: Be mindful of what you share online, limiting information around travel dates, destinations, and who you are traveling with. Provide detailed travel information with your advisors and family before you leave. Share travel photos and stories only after you return from your trip.
Cyberstalking. The use of information available on the internet, including social media sites, to monitor, harass, or attack a victim.
Distributed Denial of Service (DDoS) Attack. When multiple compromised computer systems attack a target, such as a server or website, and cause a denial of service for its users. Customers of victims may be unable to communicate or interface with the victim during the duration of the attack.
Dual Approval Control. A process control in which two independent parties must separately confirm the validity and accuracy of a request before final execution. One example is a wire verification callback, in which one service associate receives the request and another service associate confirms the details with the client before execution.
Dumpster Diving. When an individual sifts through the contents of a residential, commercial, or other source of garbage or recycling to find items of value.
HR Portal Takeover. When attackers steal employees' credentials and reroute direct deposit paychecks to the scammers' own accounts.
Impersonation Attack. An attack in which a scammer pretends to be a trusted individual, business, or entity to manipulate a victim into sharing personal information or make an illegitimate payment.
Internet of Things (IoT). A networking capability that enables devices in your home, such as speakers, cameras, or televisions, to send and receive data.
Juice Jacking. An attack in which a scammer passes malware to or steals information from a victim's device by modifying the USB port in public charging stations.
Mail Theft. When an individual opens, interferes with, or steals mail intended for another. Criminals often try to access mail left unattended in unsecured mailboxes.
.
Man in the Middle (MITM) Attack. An attack in which an individual gains access to a network and monitors or manipulates traffic passing between a server and an endpoint.
Phishing. An attack that uses social engineering tactics to manipulate victims into divulging sensitive information. Typically occurring through fraudulent emails, texts, or messaging services, the attack may encourage victims to open malicious links and attachments or access a fake website to collect personal or financial data.
Ransomware. The use of malicious software (also known as malware) that, when downloaded to a computer, encrypts files, so they can no longer be accessed - or locks down the operating system entirely. Once the machine has been infected, users receive a message that instructs them to pay a ransom or risk losing their files permanently.
Remote Access. An attack in which a victim is manipulated into downloading software that enables the attacker to take control of the victim's computer. With full control, the attacker may install malware, steal files and information, or incapacitate the victim's computer.
Rogue Apps. Mobile apps that appear safe or official but actually function as malware. Once installed, these apps may corrupt or steal the information stored on your phone and may use your phone permissions to track your activity.
Shadow IT. The growing number of solutions or systems that employees are purchasing or using at work without the permission or knowledge of the IT department.
Shoulder Surfing. The practice of looking over someone's shoulder while they are using an ATM, writing a check, or using a personal device.
SIM Swap Attack. When a scammer uses social engineering to trick a phone carrier into activating the victim's phone number on a device in the scammer's possession. This is typically done to gain access to devices used in two-factor authentication.
Social Engineering. Attacks that focus on user behaviors and habits to manipulate victims into providing access to computers, devices, or accounts. Popular tactics include phishing, clickbait, social media, fake software updates, and geo-targeting.
SQL Injection. A common code injection attack that enables criminals to execute SQL statements on databases through a web application interface, enabling them to access and sometimes modify sensitive data.
Baiting. A passive attack in which a criminal leaves a USB device unattended in public, hoping a victim will plug it into a personal device. Upon injection, the USB device may inject malicious code, such as Ransomware, or execute hidden commands to send personal information and files to the criminal.
Vendor Compromise. An event in which a vendor's accounts or systems have been compromised via a cyberattack. Businesses working with the vendor may have customer or other sensitive information taken in the attack.
Vendor Impersonation. When an attacker solicits unsuspecting businesses for fake invoice payments or client information using compromised vendor systems or fraudulent email accounts.
Virtual Private Network (VPN). An encrypted connection to a network that masks data sent to and from a device. Information such as IP address and location are also hidden, increasing anonymity as you browse online.
Whaling. A form of phishing that targets corporate leaders and wealthy or high-profile individuals. The fraudster has invested time to learn about their target to appear as legitimate as possible.
Evil Twin Network. An open wireless network created by an attacker to monitor or manipulate unsuspecting users' traffic or to install malware. These networks are often given names that copy or imitate networks you would expect to see in that location (Airport Wi-Fi, Coffee Shop Wi-Fi, etc.).
Option 1. Give the caller your information immediately so they can help.
Option 2. Hang up and call the company’s known number to confirm the authenticity of the call.
Option 3. Ask for identification, like employee ID, to confirm the authenticity of the call.
Option 4. Give the caller your credit card number - it’s safer than your SSN.
The correct answer is Option 2: If you have any suspicions, hang up right away. If original call is legitimate, the company can help you when you call back.
You receive an email at work with an urgent subject line from an unfamiliar address. What should you do?.
Option 1. Open the attachment to investigate. Your device is protected with the latest anti-virus software.
Option 2. Look for obvious phishing giveaways, like an alphanumeric-named attachment. If there are none, it’s safe.
Option 3. Report the suspicious email as phishing or spam.
Option 4. Ignore the email. You don’t want to get a legitimate sender into trouble.
The correct answer is Option 3: It is always better to be safe, even if you have anti-virus software. Do not open suspicious emails. Instead, report the email to your Internet Service Provider or your employer’s IT or Information Security Department.
Which is not an effective way to mitigate risks associated with your home network or Wi-Fi?.
Option 1. Set up a unique password with WPA2 encryption.
Option 2. Install a Virtual Private Network (VPN).
Option 3. Update the administrative password to your router.
Option 4. Keep the default Wi-Fi network name to protect anonymity.
The correct answer is Option 4: Default Wi-Fi network names can tell scammers the brand of router you’re using, highlighting potential exploits that could enable unauthorized access to your network and your data.
Protecting your information is one of our top priorities.
At M&T Bank and Wilmington Trust, we maintain a comprehensive Enterprise Information Security Program, which includes:
• Multiple Layers of Security and Defense
• Strict Policies and Standards
• Information Security Awareness Program
If you are ever concerned that your account has been compromised, please contact your Wealth Advisor or call us:
M&T: 1.800.724.2440
Wilmington Trust: 1.800.982.4620
The wealthy: A target for cyberattacks
28% of ultra-high net worth families, family offices, and family businesses have suffered a cyberattack in the past.
Businesses beware of data breaches
76% of small and medium U.S. businesses experienced a cyberattack in 2018-2019.
Cyberattacks hurt the bottom line
It cost U.S. companies an average of $8.2 million per data breach in 2019.
Customers are taking their business elsewhere
36% of data breach expenses are from lost business – the largest contributor to the overall cost that companies must pay.
Email is the main channel for phishing and malware delivery
50% of people check email on their phones first, thinking it’s safe. Not so. You are exposed to the risks of phishing and malware, regardless of the device you use.
At home
Family, children, and elderly* Personal information
* Privacy
* Access to you
Threats: There are risks for all members of the family who use devices connected to the internet. Children are particularly prone to malware risks from “free media” sites, and all family members could be victims of Cyberstalking or Social Engineering attacks if they share too much information about themselves online. Criminals can use simple personal information on social media as clues to answer common security questions and hack into your account.
How to mitigate: Educate your family on safe cyber practices, including limiting the information they share on social networks. Update your privacy settings on social network accounts to the most private options, especially for public facing accounts. Encourage family members to be weary of sites promising “free” access to movies and other media, as these sites could be trying to access their devices.
Connected devices
* Privacy
* Network activity
* Audio and video recordings
Threats: Connected devices can make life more convenient, but they also increase risk. Every non-computer device that accesses a network using Internet of Things (IoT) technology, such as cameras or smart speakers, creates an entry point a hacker can use to access your network. Furthermore, these devices can collect and store data, even creating audio recordings of your home.
How to mitigate: Keep devices connected to your network up-to-date and reset their default passwords. Change the settings in your devices to automatically delete recordings on a regular cycle. Enable or install a Virtual Private Network (VPN) on your router to encrypt data shared between IoT devices.
Mail and trash
* Personal information
* Contacts
* Payment history
Threats: Criminals can also access your information in low-tech ways. They can retrieve documents, such as credit card bills, bank statements, and insurance statements, through Dumpster Diving or Mail Theft. These documents could tell criminals about your account information, but also travel and payment history, personal information, and contacts who could be used for Impersonation tactics.
How to mitigate: Shred all sensitive documents before disposing. Never leave outgoing mail in your mailbox - instead take it directly to the post office.
Computer
* Personal information
* Passwords
* Device security
Threats: Your computer is your gateway to the internet, but it also retains a plethora of sensitive information and documents that cybercriminals want to get their hands on. They may try to steal your passwords with Phishing or Whaling attempts, take control of your computer with Ransomware or Remote Access, or acquire your sensitive information when they hack your accounts.
How to mitigate: Do not respond to urgent emails requesting personal information and proceed with caution before opening emails with provocative subject lines. Do not click embedded hyperlinks or open attachments if you do not trust the sender. Never share passwords, login credentials, or any authentication information with others. Do not save personal or financial information in browsers, websites, or social networks. Back up all important files to cloud storage or an external drive on a regular basis. Update your computer with the latest security patches and install antivirus/anti-spam software.
Phone calls
* Personal information
* Account information
* Personal assets
Threats: Criminals are increasingly calling targets directly, pretending to be well known institutions such as the IRS or a wireless carrier, to gain access to accounts and personal information. Impersonation tactics tend to target vulnerable individuals with high urgency situations, such as false claims of account access, unauthorized charges, and even hostage scenarios.
How to mitigate: If you have doubts regarding the source of the call, hang-up immediately and call the company from a known number to confirm their authenticity. Never provide account information, credit card numbers, or other forms of payment such as gift-card numbers to satisfy the demands of the scammer. Do not agree to meet with the individual in person.
Home Networks and Wi-Fi
* Personal information
* Privacy
* Network activity
Threats: Home networks are a necessity in today’s always-connected world, but it can be a prime entry point for cyber criminals to directly monitor your digital activity. Criminals who to take over your network may monitor or manipulate your online activity via a Man in the Middle (MITM) attack.
How to mitigate: Update the administrative password to your router and ensure that your firewall is enabled. Give your Wi-Fi network name, or Service Set Identifier (SSID), a unique identifier and hide its broadcast. Set up a unique password with WPA2 encryption. For an extra layer of encryption, consider installing a Virtual Private Network (VPN) on your router, which will hide your true IP address and protect the connected devices on your home network. Never share your network password with individuals you do not trust.
In the office
Employees* Customer information
* Credentials
* Systems access
Threats: Every employee in your organization represents an entry point for a cybercriminal to gain access to your business data. Non-technological issues, such as hiring practices and employee education, as well as technological issues, such as Bring Your Own Device (BYOD) Policies and Shadow IT, all make your employees vulnerable to outside actors.
How to mitigate: Conduct background checks during the hiring process. Establish a clear, regular education program for employees on cyber risks, how to identify an attack, and mitigation strategies. Consider eliminating BYOD policies to limit exposure to employee devices and potential negligence. Limit your employees’ installation capabilities to approved applications and create an IT oversight process to oversee downloads and file sharing.
Vendors
* Customer information
* Business assets
* Reputation
Threats: Vendors are under attack as businesses increasingly grow relationships with third parties to expand their capabilities. If the vendor does not have a robust security program in place, businesses may find themselves at risk of experiencing Vendor Impersonation or Vendor Compromise.
How to mitigate: Complete a thorough cybersecurity review of a new vendor during onboarding, ensuring that they have mitigation and response plans, protections for your customers' data, as well as cyber insurance. Remain vigilant with vendor communications and requests for payment by confirming email addresses, phone numbers, and billing information.
Mail and trash
* Customer information
* Account information
* Vendor information
Threats: Criminals don’t always need to use technology to get sensitive information. They can pull documents containing internal or confidential information through Dumpster Diving, Mail Theft, or by breaking into your business.
How to mitigate: Provide shredding bins for your employees to destroy sensitive documents and provide locked drawers for documents required overnight. Create a mail intake, distribution, and output process that ensures physical letters and documents are not left unmonitored.
Infrastructure
* Customer information
* Business continuity
* Reputation
> Threats: Whether it’s an external or internal agent, some cyber criminals may directly attack your systems to access sensitive information or disrupt your business. Distributed Denial of Service (DDoS) attacks and SQL Injections are two common attacks that put your data and business continuity at risk.
How to mitigate: Consider implementing real-time monitoring tools to help identify and combat a live DDoS. Establish a comprehensive business continuity and incident response plan. Ensure that your business has input validation controls to sanitize unauthorized user inputs aimed at your data.
Employee processes
* Customer information
* Business assets
* Reputation
Threats: An organization’s processes can mitigate or add risk, especially where money and personal information are concerned. Organizations without well documented authentication and verification procedures may be at risk to cyber criminals requesting unauthorized payments or information.
How to mitigate: Establish clear controls for confirming vendor or executive payment requests, such as Dual Approval, to ensure that any requests are authentic and directed to the correct accounts. Educate employees on ways to identify fraudulent requests and implement regular testing to reinforce learnings.
Credentials
* Customer information
* Employee information
* Files and documents
Threats: Just like at home, cyber criminals are looking for ways to steal your and your employees' credentials to access critical systems. Phishing and Ransomware are common attack methods to gain access to your data, and once criminals are in, they may try to initiate unauthorized payments via an HR Portal Compromise.
How to mitigate: Do not respond to emails requesting personal information and proceed with caution before opening emails. Do not click embedded hyperlinks or open attachments if you do not trust the sender. Never share passwords, login credentials, or any authentication information with others. Back up all important files to cloud storage or an external drive on a regular basis. Update your business's devices and systems with the latest security patches and install antivirus/anti-spam software. Limit access to critical systems to only those that need it for their role and responsibilities.
On the go
Phone* Personal Information
* Passwords
* Device security
Threats: Phones, just like computers, can also be prone to threats from cyber criminals. Rogue Apps and application permissions can give criminals access to your phone and surroundings, while new threats like SIM Swapping can enable criminals to activate a duplicate of your phone anywhere in the world.
How to mitigate: Only download apps from trusted sources, such as the Google Play or Apple App store. Be careful when downloading apps from companies you don't know and be selective when granting permissions to new apps. Regularly delete apps you no longer use and review the permissions of the apps that you retain. Install a mobile anti-virus application for your phone. Maintain a strong password and passcode with your wireless carrier and consider the option of limiting your account's ability to add a new device in a brick-and-mortar store, in which identification is required.
Open networks
* Personal information
* Network activity
* Passwords
Threats: It's important to be cautious about what activities you engage in while connected to an unprotected and open Wi-Fi network, like those without passwords found in airports and coffee shops. Criminals may hijack an existing network or trick users into connecting to an Evil Twin Network to skim data as a Man in the Middle (MITM). They may even manipulate your traffic to access your personal information, such as data from online shopping and banking.
How to mitigate: Never input personal details or other sensitive information when browsing the internet on an unsecured Wi-Fi network. Consider subscribing to a reputable Virtual Private Network (VPN) service accessible to your phone, which will encrypt data passed through public Wi-Fi and mitigate the risk of having your information stolen.
USB devices
* Passwords
* Device security
* Files and documents
Threats: It’s important to be cautious about what you plug into your devices, especially in public settings. Cybercriminals may try to Bait an unsuspecting individual into plugging an unfamiliar, malware-spreading USB drive into a computer.
How to mitigate: Never insert an unfamiliar USB device or drive or hard drive into any of your devices. Limit or eliminate the use of thumb drives to store documents or other sensitive information, avoiding any potential confusion with unattended devices.
Charging your devices
* Passwords
* Device security
* Files and documents
Threats: Public USB charging stations are a convenient way to charge your mobile device, but cyber criminals may use this shared resource to transfer malware into your phone and other devices in an attack called Juice Jacking.
How to mitigate: Always carry and use your own charging adapter and USB cable to ensure you have a mobile charging option. Consider purchasing a high-capacity portable power bank that can charge your devices without relying on an available outlet.
Your surroundings
* Personal information
* Passwords
* Financial data
Threats: Criminals may also try to steal your information in-person when you least expect it. While you work on your laptop or phone or access an ATM terminal, criminals may try to Shoulder Surf to get a glimpse at your data.
How to mitigate: Consider purchasing a privacy screen filter that limits the field of view of your screens. Always maintain a password on your devices and lock them when you are finished. Occasionally look to your sides and behind you to ensure that nobody is glimpsing over your shoulder.
Sharing your trip
* Personal information
* Contacts
* Location
Threats: Your family and friends can't wait to hear about your travel adventures, but cyber criminals also what to know what you're up to. Information that you share online is valuable to criminals interested in Social Engineering their way into your accounts or Cyberstalking you to know when your home is unoccupied.
How to mitigate: Be mindful of what you share online, limiting information around travel dates, destinations, and who you are traveling with. Provide detailed travel information with your advisors and family before you leave. Share travel photos and stories only after you return from your trip.
Definitions
Bring Your Own Device (BYOD) Policy. Corporate policy that allows employees to use personal devices for business use. Business emails, documents, and systems may be accessible using employees' personal computers, laptops, or phones.Cyberstalking. The use of information available on the internet, including social media sites, to monitor, harass, or attack a victim.
Distributed Denial of Service (DDoS) Attack. When multiple compromised computer systems attack a target, such as a server or website, and cause a denial of service for its users. Customers of victims may be unable to communicate or interface with the victim during the duration of the attack.
Dual Approval Control. A process control in which two independent parties must separately confirm the validity and accuracy of a request before final execution. One example is a wire verification callback, in which one service associate receives the request and another service associate confirms the details with the client before execution.
Dumpster Diving. When an individual sifts through the contents of a residential, commercial, or other source of garbage or recycling to find items of value.
HR Portal Takeover. When attackers steal employees' credentials and reroute direct deposit paychecks to the scammers' own accounts.
Impersonation Attack. An attack in which a scammer pretends to be a trusted individual, business, or entity to manipulate a victim into sharing personal information or make an illegitimate payment.
Internet of Things (IoT). A networking capability that enables devices in your home, such as speakers, cameras, or televisions, to send and receive data.
Juice Jacking. An attack in which a scammer passes malware to or steals information from a victim's device by modifying the USB port in public charging stations.
Mail Theft. When an individual opens, interferes with, or steals mail intended for another. Criminals often try to access mail left unattended in unsecured mailboxes.
.
Man in the Middle (MITM) Attack. An attack in which an individual gains access to a network and monitors or manipulates traffic passing between a server and an endpoint.
Phishing. An attack that uses social engineering tactics to manipulate victims into divulging sensitive information. Typically occurring through fraudulent emails, texts, or messaging services, the attack may encourage victims to open malicious links and attachments or access a fake website to collect personal or financial data.
Ransomware. The use of malicious software (also known as malware) that, when downloaded to a computer, encrypts files, so they can no longer be accessed - or locks down the operating system entirely. Once the machine has been infected, users receive a message that instructs them to pay a ransom or risk losing their files permanently.
Remote Access. An attack in which a victim is manipulated into downloading software that enables the attacker to take control of the victim's computer. With full control, the attacker may install malware, steal files and information, or incapacitate the victim's computer.
Rogue Apps. Mobile apps that appear safe or official but actually function as malware. Once installed, these apps may corrupt or steal the information stored on your phone and may use your phone permissions to track your activity.
Shadow IT. The growing number of solutions or systems that employees are purchasing or using at work without the permission or knowledge of the IT department.
Shoulder Surfing. The practice of looking over someone's shoulder while they are using an ATM, writing a check, or using a personal device.
SIM Swap Attack. When a scammer uses social engineering to trick a phone carrier into activating the victim's phone number on a device in the scammer's possession. This is typically done to gain access to devices used in two-factor authentication.
Social Engineering. Attacks that focus on user behaviors and habits to manipulate victims into providing access to computers, devices, or accounts. Popular tactics include phishing, clickbait, social media, fake software updates, and geo-targeting.
SQL Injection. A common code injection attack that enables criminals to execute SQL statements on databases through a web application interface, enabling them to access and sometimes modify sensitive data.
Baiting. A passive attack in which a criminal leaves a USB device unattended in public, hoping a victim will plug it into a personal device. Upon injection, the USB device may inject malicious code, such as Ransomware, or execute hidden commands to send personal information and files to the criminal.
Vendor Compromise. An event in which a vendor's accounts or systems have been compromised via a cyberattack. Businesses working with the vendor may have customer or other sensitive information taken in the attack.
Vendor Impersonation. When an attacker solicits unsuspecting businesses for fake invoice payments or client information using compromised vendor systems or fraudulent email accounts.
Virtual Private Network (VPN). An encrypted connection to a network that masks data sent to and from a device. Information such as IP address and location are also hidden, increasing anonymity as you browse online.
Whaling. A form of phishing that targets corporate leaders and wealthy or high-profile individuals. The fraudster has invested time to learn about their target to appear as legitimate as possible.
Evil Twin Network. An open wireless network created by an attacker to monitor or manipulate unsuspecting users' traffic or to install malware. These networks are often given names that copy or imitate networks you would expect to see in that location (Airport Wi-Fi, Coffee Shop Wi-Fi, etc.).
Quiz
You receive a phone call about fraud on your account. The caller asks you to confirm your SSN. What should you do?.Option 1. Give the caller your information immediately so they can help.
Option 2. Hang up and call the company’s known number to confirm the authenticity of the call.
Option 3. Ask for identification, like employee ID, to confirm the authenticity of the call.
Option 4. Give the caller your credit card number - it’s safer than your SSN.
The correct answer is Option 2: If you have any suspicions, hang up right away. If original call is legitimate, the company can help you when you call back.
You receive an email at work with an urgent subject line from an unfamiliar address. What should you do?.
Option 1. Open the attachment to investigate. Your device is protected with the latest anti-virus software.
Option 2. Look for obvious phishing giveaways, like an alphanumeric-named attachment. If there are none, it’s safe.
Option 3. Report the suspicious email as phishing or spam.
Option 4. Ignore the email. You don’t want to get a legitimate sender into trouble.
The correct answer is Option 3: It is always better to be safe, even if you have anti-virus software. Do not open suspicious emails. Instead, report the email to your Internet Service Provider or your employer’s IT or Information Security Department.
Which is not an effective way to mitigate risks associated with your home network or Wi-Fi?.
Option 1. Set up a unique password with WPA2 encryption.
Option 2. Install a Virtual Private Network (VPN).
Option 3. Update the administrative password to your router.
Option 4. Keep the default Wi-Fi network name to protect anonymity.
The correct answer is Option 4: Default Wi-Fi network names can tell scammers the brand of router you’re using, highlighting potential exploits that could enable unauthorized access to your network and your data.
WTU Form Handler