Privacy and Compliance Won't Get Easier in 2020

Top Trends in Fraud and Privacy Protection

You know the old expression, “The more things change, the more they stay the same.” Well, in the world of identity theft, privacy protection, and cybersecurity, things are changing at a dizzying pace! And 2020, it seems, will bring many new risks along with the new year. From “deep fakes” to spoofing drones, we need to be prepared for all of it.

Here are seven trends to be aware of this coming year:

• Mobile scams: As phones replace desktops for online communication and shopping, cybercriminals are moving more and more to “smishing” (text-based phishing) and “vishing” (voice-call phishing) to target consumers for identity theft and other scams. A compromised phone is also a gateway for hackers to infiltrate your network.
• Attacks through the IoT: From GPS fleet tracking devices to industrial controllers to the smart refrigerator in your break room, connected devices put your business at increasing risk. Hackers attack smart devices an average of 5,233 times per month to spy on people and organizations, to take control of systems, or harness their computing power for distributed denial-of-service (DDoS) attacks. Connected cameras are among the most common targets of IoT attacks. So, ironically, your security cameras may be anything but secure.
• Attacks using drones.: Experts also expect that identity thieves will use widely available spoofing devices attached to drones to steal personal information from people using unsecured public Wi-Fi networks.
• E-skimming: Criminals will increasingly steal financial account credentials by e-skimming from mobile point-of-sale systems in event venues and other public places. In fact, e-skimming is even easier than credit card skimming because they don’t have to install a physical skimmer device and risk being detected.
• More account takeovers: Account takeover fraud has grown exponentially over the past several years and will continue to grow, aided by criminal tactics like stealing financial credentials via spoofer-equipped drones or mobile point-of-sale systems.
• Criminal use of AI: AI will be used increasingly for cyber defense, but it is fast becoming a serious threat to privacy. You’ve read the news stories about AI creating algorithmic “echo chambers” on social media, and AI bias in facial recognition and other crime-fighting systems. Now experts predict that AI will be harnessed to create “deep fakes” for everything from hostile state actors influencing elections to hyper-realistic phishing campaigns against corporate employees and consumers.
• More privacy regulation: It will be a big year for new privacy laws. The California Consumer Privacy Act (CCPA) went into effect on January 1^st, 2020. Connecticut, Minnesota, and New Mexico. Hawaii, New York, Pennsylvania, and Rhode Island have laws in the works which will go into effect on legislative approval, and experts expect that a sweeping Federal privacy law will be introduced in Congress this coming year.

All of these trends can be disruptive to your business, your customers, and your employees.

Here’s a checklist to help weather the turbulence:

• If you haven’t implemented two-factor authentication for customer- or employee-facing mobile apps and online portals, do it now. Using device biometrics or texting a PIN code can help combat the effects of phishing/smishing/e-skimming/spoofing to help prevent account takeover fraud and other unauthorized access.
• If you provide public Wi-Fi access, be on the lookout for technology options such as Hotspot 2.0 to help secure your networks. And require your employees to use a VPN when they log into your systems remotely.
• Demand security when buying connected devices, from security cameras to environmental controllers. IoT manufacturers have been slow to build security into their products, making them an easy back door for hackers to get into home and business networks. If the business community starts using its buying power to demand security, device makers will have to listen.

Finally, as always, realize that data breaches and identity theft will happen despite your best efforts, so be ready to respond. Have your incident response plans in place, have expert services in place to handle breach notification in compliance with all the new laws, and consider providing identity protection proactively for your customers and employees. Contact us to jumpstart your privacy and identity protection plan or try out our free Dark Web scan to see if your own personal info is for sale.

Happy New Year and good privacy to all!