In support of Cybersecurity Awareness Month, we asked experts from across our organization to share their top tips for staying safe online. The consensus? Simple steps that might feel tedious in the moment (like enabling multi-factor authentication, avoiding auto-saving personal information online, and staying alert to phishing attempts) can make a big difference. See what they recommend, then take a few minutes to pass the tips along to your family and friends.
Did you know October is Cybersecurity Awareness Month? Led by the Cybersecurity and Infrastructure Security Agency (CISA) and the National Cybersecurity Alliance (NCA), this annual campaign is a nationwide effort to help people take control of their digital lives.
This year’s theme, “Stay Safe Online,” centers on four simple steps anyone can take to stay secure. Here at Allstate Identity Protection, we’re proud to be part of the movement.
Understanding cybercrime and its impact
Cybercrime refers to any criminal activity involving a computer, network, or connected device. And it’s not just a headline; cybercrime is a fast-growing threat that affects millions of people every year.
The numbers paint a stark picture:
In 2024, the FBI’s Internet Crime Complaint Center (IC3) logged more than 859,000 complaints, with losses topping $16 billion—a 33 percent jump from the year before. The biggest offenders were phishing, extortion, and personal data breaches.
Investment scams, especially those tied to cryptocurrency, accounted for over $6.5 billion in losses, according to the FBI.
The Federal Trade Commission (FTC) reported another $12.5 billion in consumer fraud losses, with identity theft making up over 1.1 million reports.
With cybercrime on the rise, the need for strong cybersecurity (the practice of protecting your data, devices, and systems from unauthorized access or misuse) rises with it.
Cybersecurity tips from the experts
Secure your online accounts and devices
Your online accounts and devices are like digital front doors, and they’re often the first place cybercriminals try to break in. By locking them down, you’re not just protecting yourself, you’re also protecting your family, friends, and anyone connected to you.
“When it comes to protecting your online identity, the landscape is evolving fast,” says Dongmin Liu, Director of Emerging Product at Allstate Identity Protection. “For years, two-factor authentication using passwords and SMS codes was considered best practice. But today, passkeys are redefining what secure and user-friendly authentication looks like.”
“Another area that’s often overlooked is your personal data exposure. Even with strong authentication, your identity is vulnerable if your private information is constantly circulating online,” says Liu.
With that in mind, here are three ways to strengthen your digital accounts:
Use strong, unique passwords—or better yet, a passkey or password manager. Passkeys are eliminating passwords entirely, relying on cryptographic keys stored on your device and verified through biometrics or PIN. Major platforms like Google, Apple, and Microsoft have already adopted passkeys, and many global websites now support them, too.
Know where your data lives online. Data broker sites gather personal information from public records and your online activity, then sell it to businesses and individuals for things like marketing or background checks. That’s why it’s smart to take control. A data removal tool (like one coming soon to select Allstate Identity Protection plans in 2026) can help scrub your personal details from these public sources. And don’t forget to check your social media privacy settings—many people share more than they realize, and that info can be used against you.
Keep software up to date. Software updates aren’t always just cosmetic; they often include important security patches. Whether you're using a Mac or Windows device, make sure automatic updates are turned on so you stay protected.
Shield your personal information when browsing and shopping online
When our members call us about a possible case of identity theft, our customer care team is the first line of defense.
With that in mind, we asked Michael Ware, Customer Care Specialist at Allstate Identity Protection, to share what he’s learned on the front lines of fraud.
“Everyday actions like shopping or browsing online can leave your money and personal information exposed,” Ware says. “But simple measures can minimize the risk.”
Be cautious on public Wi-Fi. The Wi-Fi offered in coffee shops, airports, libraries, or other public places is usually not as secure as the Wi-Fi in your home. In some cases, criminals may be able to infect your device with malware or see what you do online—which can leave personal information exposed. “I advise people to save sensitive transactions for home,” Ware says. (Here’s a tip: If you must use public Wi-Fi, turn on a VPN first—like the one included in select Allstate Identity Protection plans).
Don’t save payment information online. When you’re shopping online, use guest checkout. “You want to avoid creating an account if that means the company will store your financial information,” explains Ware. Large retailers and corporations are vulnerable to security breaches, so while saving payment info may be convenient at the moment, the best bet is to limit the data you share and save.
Recognize and avoid phishing
Next, we reached out to Vera Tolmachoff, Senior Restoration Manager at Allstate Identity Protection. Tolmachoff’s team of restoration specialists help our members untangle even the trickiest cases of identity theft.
Her number one tip, given all she’s seen in the trenches?
Be aware of phishing. These fraudulent messages, designed to steal your money or personal information, can lead to identity theft—but if you know the red flags, you’ll have a leg up.
Be suspicious of urgent requests. Scammers might pressure you to act fast to avoid a fee or threaten to close your account if you don’t share money or personal information. Know that legitimate businesses won’t contact you this way. “If you receive an unsolicited, urgent request, stay calm and don’t respond,” Vera advises.
Look out for blurry images and typos. Phishing messages are often designed to look like they’re coming from a trusted source such as a bank, credit card, or retailer—but look closely. Blurry images and slight misspellings all point to phishing.
Think twice before clicking on attachments or links. Don’t click or open anything or enter your information unless you're absolutely sure a message is from a trusted source. Quick tip: hover your mouse over a link to see the full URL. If it doesn’t look right, delete the email and move on.
Phishing scams involving fake package delivery notices are increasingly common, too. These messages are often sent via email or text and will appear to come from legitimate carriers—like USPS or FedEx—with claims there's a delivery issue or an unpaid fee. They typically include a link to "resolve" the problem, which can lead to malicious sites.
"If you weren’t expecting a package, especially from a sender, the safest course of action is to ignore the message or return the item to sender,” says Tolmachoff.
Protect yourself, then pay it forward
Cybersecurity is everyone’s responsibility, so let’s all do our part to protect ourselves and others online. We recommend taking a few minutes to up your own defenses and encouraging loved ones to do the same.
And if you’re an Allstate Identity Protection member, remember you’re never alone. Our team of specialists is ready to help you respond to threats, recover from identity theft, and stay ahead of risks.