Best Practices to Secure your Online Presence

The COVID-19 pandemic has caused a major shift in how we do things. Our homes have essentially become offices, students have had to perform distance learning, and in-person payments have now become digital transactions.

The unifying element here is that we are all spending more time online, and while there are benefits to embracing this change, there are also some risks. This is why maintaining a secure and safe online environment is very important when mitigating cyber threats.

This was one of the key takeaways at the recent Domestic Financial Institutions Conference (DFIC), which was jointly hosted by the Central Bank of Barbados and the Financial Services Commission.

In this edition of the virtual series, representatives from Barbados’ financial sector and the Barbados chapter of the Information Systems Security Association (ISSA) discussed the topic “Managing Cybersecurity Threats in the Financial Sector”.

One key takeaway from the discussion was that while financial institutions have measures in place to safeguard their systems and protect their customers, people must also take ownership of their security, and outlined ways customers can protect themselves when conducting online transactions.

Citing a recent breach at an online retailer that resulted in many of its customers’ credit cards being compromised, the panellists noted that this was because the cyber criminals were able to access customers’ personal and credit card information that had been stored in the company’s records.

For this reason, Jason Downey, Vice President of the Barbados Chapter of the ISSA, advised customers to "avoid saving credit card and personal information on websites and browsers."

Fellow panellist Patricia Rowe-Seale, Director of Enterprise Security, Fraud and Supplier Risk Management at CIBC FirstCaribbean International Bank concurred and used herself as an example, noting that she uses the same retailer, but that her credit card wasn’t breached as she never stores her credit card information on any site.

Speaking more broadly, Ryan Greaves, Chief Technology Officer at the City of Bridgetown Co-operative Credit Union said that some merchants online may not be doing what is needed to ensure that the customer’s data is secure. He said, “during the pandemic, a lot of businesses developed an online presence quickly, and in many instances without doing the proper checks.”

Downey expanded on this point, stating it is extremely easy for anyone to set up an e-commerce website and make it look realistic. Therefore, he advised customers to be sceptical and research the online retailers they intend to do business with to ensure they are legitimate.

Framing the discussion about protecting yourself in a different way, Rowe-Seale said, “If you were walking down Broad Street and someone stopped you saying that you had won a car and asking you to give them your ID and house keys, you would dismiss them immediately.” She advised customers to take the same due care with unsolicited emails and those with links attached claiming that they have won something, as this may be a way for cybercriminals to trick them into giving up personal information.

While it may be challenging to recognise a scam or detect a lie because there's so much going on around us, the key here is to always be sceptical and use the avenues available to you to ensure you are well-equipped with the knowledge to identify a phishing scam if it does occur. Phishing is a common type of cyber-attack that uses fraudulent communications that appear to come from a reputable source, usually with the goal of obtaining sensitive information or compromising the victim's device.

With the increase in digitisation and the move to online services, Rowe-Seale believes that while commercial banks and other entities must do their part, there is still a responsibility on the national level to educate the public.

“In the cyber security chain, human beings are unfortunately the weakest link, yet they also have the capacity to be the strongest link, but they can only become the strongest link if there is continuous education on a national level.”