The Internet has become the new arena where banks, investors, small businesses and individuals do business on a daily basis, from acquiring stocks to a book. In fact, in Spain e-commerce grew by 36% in 2020 and mobile payments by 15%, according to data from the market research company eMarketer. A trend that has accelerated the digitization of banking: 60% of financial institutions already have 6 out of 10 of their customers digitized, according to a survey carried out by the Funcas Financial Digitization Observatory.

All of this has also led to an increase in cyber attacks and virtual fraud, such as the theft of personal data. (vishing) or the identity theft of third parties (phishing). Eloi Font, a lawyer specialized in Digital and Technological Law, affirms that it is important to be aware that the Internet is an environment where it is easier to commit a crime and disappear without a trace. “People are not as demanding in the virtual world as they are in the physical world. Sometimes overly confidential, intimate and personal information is trusted and shared. If control mechanisms are not implemented, the risk of negative consequences is very high ”, he explains. Creating certain habits, most cybersecurity experts point out, is the beginning to avoid falling victim to hackers.

The first step to be protected is to safely access the website where we are going to carry out a procedure, be it that of our financial institution or that of any online store. Font, partner of the Font Advocats law firm, which advises companies on cybersecurity and prevention issues, indicates that it is important to type the address in the top bar of the browser and avoid the use of search engines. The reason is that, among the results, there may be those of malicious ads or links that confuse the Internet user.

It is also important to check if the web address has a good security protocol, that is, if the https code appears at the beginning of the URL: the letter ‘s’ indicates that it is a secure page. “There are many websites that have not yet updated this security protocol, some of recognized prestige. If it does not have it, you are entering their website through a URL whose gateway is not very secure “, explains Font.

The second commandment is not share personal and confidential information on the network with strangers, especially when we register in web stores or service platforms. “The most important thing is to give only the strictly necessary data and avoid filling in the optional fields of the record. When you provide information and distribute it over the Internet, there may be cybercriminals who capture it and impersonate your identity, ”Font says. The biggest problem, says the specialist, is that this type of virtual impersonation is not typified in the criminal code and judicially it is complex to prosecute the crime.

Also important not provide our data (account numbers, cards, addresses, passwords, etc.) even if requested by our entity through an email or SMS, since it is very possible that someone is impersonating our bank to commit fraud.

Password theft is another of the most common cybercrimes. Which is why knowing how to create and protect our passwords is a fundamental habit. Ideally, keys should be long (at least eight characters long) and contain numbers and letters (both uppercase and lowercase). And a key step: renew frequently. The problem, says Font, is that nowadays we use passwords to access a multitude of websites and platforms, and normally people tend to use the same password for all these websites. “People have one or two, three at the most. And of course, when you are using the same one for so many services, the risk increases. The ideal is to have a password manager, a device or system in which we can store all of them and when we need to introduce a specific one, this device does it automatically in a safe way ”, Font advances. These programs can be downloaded from the official pages of the creators of those programs or from mobile application stores, either for free or for a small amount.

It is useless to take these first precautions if, once on the network, we download any file (a photo, song, document) without knowing its real origin. “This can lead to the entry of a virus, which can render the device inoperative. Even a cybercriminal you can encrypt it and then ask for a financial ransom to get it back, ”says Font. In addition to being careful with the type of downloads we make, it is convenient to have a good antivirus to help stop the entry of these hackers on our devices. “We do not give importance to it but, do not many of us hesitate to have a good alarm in our house? It is the same: to have a good antivirus is the best alarm in the virtual world”, Emphasizes the expert.

It is not only necessary to have an antivirus, but also to have it updated. This extends to the operating system of any of our devices, and to digital banking applications. Each update not only adds new functionality, but also incorporates improvements in security conditions and fixes bugs from the previous version.

Another of the most common mistakes is making online purchases and even accessing our internet banking service when we are connected to a public Wi-Fi network. When it is open, we do not know if someone may be spying on our devices. One tool, Font specifies, is to have the security mechanism of our mobile activated by default so that it warns us if we are connected to an unsecured line. “Sometimes we neither enable it nor are we aware that it can be enabled,” says the expert.

Messages have spread for decades spam, that is, spam emails or SMS with advertising or that seek to scam the recipient. Typically virtual mailboxes automatically detect and dispose of them, but in recent years hackers have been looking for ways to bypass that filter and mislead users. “These scams are becoming more sophisticated and real. We have seen some very high amounts, of even 500,000 euros in companies where a hacker posed as a regular supplier who asked for a payment to be made to process an order ”, says Font. What this expert recommends is, even if there are no suspicions, confirm the information and call the person or entity that supposedly wrote the message.

In addition to the https code that should appear at the beginning of the web address, it is important to review other issues. The first is if the address bar shows a padlock and that, if we click on it, a menu with the security certificate appears of the page. This must meet two conditions: be issued by the company of the site where we are and not be expired. It is also helpful to look closely at the address itself; sometimes it can be a fake website. If we see that there are spelling mistakes or it is in another language, it is very likely that it is a malicious website.

Like passwords, credit cards can also be stored in managers to protect data and passwords. On the other hand, the use of prepaid cards is an alternative to make secure purchases online. However, Font recalls that most banks they invest a lot of money in cyber security and that there is no need to fear using this direct payment system as long as the points of this decalogue are followed.

And finally, we must always log out of the applications that we use to browse the web: social media platforms, online stores, virtual banking applications, and so on. “It is also important to turn off the laptop or lock the mobile. Normally we close the session and this can leave the door open to cybercriminals ”, says Font. One option is to activate the automatic disconnection to ensure that the mobile or laptop locks after several minutes of non-use.