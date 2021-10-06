Authored by Gal Ringel, Co-Founder and CEO at Mine

Cybercrimes are on the rise in the post-pandemic world. These are the steps retail investors can take to stay ahead and protect their data in 2022.

Cybercrimes and the risks for retailers

Cybersecurity may have been a concern decades before the digital acceleration, but the damage caused by cyber crimes has come at too significant a cost for the global economy. According to research by Cybersecurity Ventures, worldwide cybercrime costs have hit $6 trillion annually at the start of 2021, and damages related to cybercrimes are projected to hit $10.5 trillion annually by 2025. In addition to losses tied to business interruption and financial resources, the damages themselves include the loss of data, intellectual property, productivity and reputational damage.

The effect of data privacy and breaches can be massive on retail companies, as there is a direct correlation between these issues and the long-term relationship between customers with the brands. Consumers that share sensitive data, such as financial and identification data, are prone to more risks. Meanwhile, online retail is also very dependent on their online brand reputation, which can be really hurt by breaches.

It is also a part of the reason why investors should take a closer look at investing (and urge their existing portfolio companies) at companies that are proactive about their customers’ data privacy and protection and have implemented strategies like data minimization, which refers to minimalistic data collection policies. This might seem counterintuitive at first, as a lot of data is often collected for sales/advertising/marketing optimization purposes and market research. But, this can protect them from brand damage in the future. As no company can truly protect itself against data breaches, collecting an excess of consumers’ data will put the company and the customer at less risk.

Authorities are stepping in

Retail investors are not exempt from cyber preparedness, as all individuals and entities are fair game in the eyes of cybercriminals.

Beyond the data protection regulations like the GDPR and CCPA, which are aimed at the protection of consumer data, the SEC entered two initiatives to address cyber-based threats and protect retail investors: a Cyber Unit to focus on targeting cyber-related misconduct and the establishment of a retail strategy task force to implement initiatives that directly affect retail investors. The Cyber looks into events such as market manipulation schemes, hacks, blockchain-related violations, misconduct in the dark web, and cyber-related threats to trading platforms and other critical market infrastructure. The Retail Strategy Task Force has a reputation of cracking down on cases involving fraud targeting retail investors, and it is all done in an effort to protect market participants.

Complicated passwords are not enough

Despite the impact of the teams over at the SEC, they are hardly all-seeing and all-knowing. Since the pandemic began, the FBI reported a 300 percent increase in reported cybercrimes. In the case of the finance industry, the average cost of a data breach is $5.85 million, but it takes financial services businesses an average of 233 days to detect and contain a data breach. This is precious time when it comes to a brand’s reputation.

This places a series of responsibilities back in the hands of the retail investors to thwart the infiltration efforts of cybercriminals that are looking to conduct a data breach.

From phishing to malware to ransomware—countless factors can lead to a multitude of data breaches. The approaches are also just as ever-evolving as technologies themselves are. Some of the main factors that retail investors are increasingly mindful of include stolen and lost devices, which can lead to a chain of attacks straight from the investor’s accounts and personal attacks. The latter can involve the human factor, which branches out of social engineering tactics. Personal attacks can also include exploiting weak passwords and using fake websites and forms to commit payment fraud.

However, it takes more than complicated passwords with uppercase letters, numbers, and punctuation marks for retail investors to protect their data online.

Tips for retail investors to help safeguard accounts

There are many additional measures that are recommended for retail investors that will collectively minimize the risks of cybercriminals accessing both personal and financial account information. These measures also apply to VCs, as they can just as well apply to their portfolio companies.

Be aware of red flags

Now more than ever, retail investors must be more alert for suspicious activities such as sketchy correspondence, distribution of unfamiliar links, and anything else that might indicate a possible phishing scam. They should delete services that aren’t actively being used to minimize the risk of personal information being leaked.

Keep a lean digital footprint

The more data you have scattered around the web, the more exposed you are to digital risks. Make sure you only provide your data to apps and companies that provide you with value. Once you’re done using a service, make sure to delete your data from these services.

Steer clear from malicious links

Phishing attempts are getting increasingly sophisticated, and instead of clicking links from emails, or downloading attachments, it is best to go straight to the website, or app of financial firms, to manually access relevant pages or confirm the authenticity of the information that was shared in the email.

Switch from single to multi-factor authentication

Yes, it can be a hassle, especially for retail investors that frequently travel or switch between devices, but this hassle is preferable over identity theft. The enablement of multi-factor authentication will add an extra layer of protection in the event that account passwords ever do get stolen.

Improve the security of computer systems

Security hardware and software packages go a long way for anyone who engages in online financial transactions. As such, it is important to be up-to-date on the software and set up the necessary configurations for automatic updates.

Avoid public/shared hotspots, computers, and devices

Public and shared computers and devices may contain software that captures login information, which is why they are not recommended for accessing financial accounts. In instances where doing so is unavoidable, it is recommended to delete the "Temporary Internet Files" or "Cache" and clear the "History" after logging out of all accounts. Public Wi-Fi (in areas such as airports, hotels, and restaurants) is also not recommended for such use, as security settings are typically reduced for easier user accessibility.

2022 will certainly bring about new challenges and concerns for retail investors who need extra steps to protect their data online. However, there’s no time like today to become more proactive about our data security and minimize digital risks.

About the Author

Gal Ringel, Co-Founder and CEO at Mine, is an accomplished leader combining a rare background in technology (cybersecurity - including six years in the 8200 Elite Intelligence Corps, captain rank), entrepreneurship, and Venture Capital (with 4.5 years and 20+ investments with Nielsen and Verizon Ventures). Ringel brings strategic thinking and unique business skills to his role as CEO, the same skills that awarded him the #1 spot in the Forbes 30 under 30 in 2017.

