Clicking on a link or attachments in emails from what appear to be known senders.
So much of our correspondence, business and personal, is by electronic means. A colleague may contact you about scheduling a meeting. Or, perhaps you receive an email alert from your bank about activity on your account. It includes a link and asks you to log in and confirm account information. In either of those cases, you have received an email from what appears to be a legitimate and familiar source. But is it real?
The best policy is to verify the content before trusting it. Did the language in that email from your colleague seem different than how they normally sound? Maybe the email from your bank had its logo, but the content was not as usual. Did it sound unprofessional or contain misspelled words? Think twice before you click on anything. Once you’ve clicked that link or attachment—it’s too late. Considering calling that colleague and asking this that email, about the meeting, was actually from them. If you’re concerned about the email from your bank, open a new browser and log on to the account directly. If there are any notifications about your account, you’ll see those once you’re logged in.
Failing to report suspicious activity to your IT department.
If you are receiving suspicious phishing or spam emails, your coworkers are likely receiving them as well. Reporting this to your IT department or cybersecurity officer should be the first action you take to prevent a breach. Groups looking to hack into your institution’s systems are more likely to get through if they have targeted everyone in the company with a blast email. It only takes one person clicking on the wrong link for hackers to gain full access. This is powerful leverage against your institution, and they often demand ransom payments.
The sooner you report suspicious activity to your technology experts, the sooner they can take measures to both alert employees and prevent future content from reaching employee inboxes. It’s also important to note that while a specific attack may get addressed quickly and resolved, there will most certainly be another one down the road. Hackers understand there is tremendous financial value to acquiring your institution’s data, and they’re relentless in new ways of gaining access to confidential information. This is why staff must remain alert and vigilant at all times. It also emphasizes the importance of incorporating cybersecurity training and measures into your operations.
Using the same password for your personal and work accounts.
It’s so easy to remember your pet’s name or the make of your first car. So, you may use that password for all your personal accounts, apps, and social media platforms. However, this may not be the best option for accessing accounts at work. It a good policy to keep work and personal separate. While you should also strongly consider using different passwords for each of your personal accounts, for business activity, you should always use completely different protocols for your logins and passwords. This is a must-do to protect against a data breach.
The media frequently reports on different customer platforms being breached and all user login and password data getting exposed on the dark web. Once hackers have your login and password, they can use bots to go from one website to the next, in seconds, trying your information to see if they can get into a valid account. If you’ve used the same password for all your accounts, you’re even more at risk. Now magnify that if you have used the same passwords for your business activity. It’s easy to see how quickly that can snowball. Now is the time to check all your online access and updates those usernames and passwords.
Storing a list of your passwords in a document on your PC.
Websites continue to increase the complexity of username and password requirements. It’s not uncommon for a website to require 12+ characters, of varying types, and a combination of upper and lower letters. It’s tempting to create a list of them and save it on your computer. That way it’s handy when you can’t remember one of them. But what if hackers gain access to your computer, and you don’t know you’ve been breached? You’ve, essentially, handed them the playbook for retrieving all your information. They will access accounts and vanish before you even know what’s happened.
There is an easy way to avoid this scenario – don’t store your passwords on your computer. When creating passwords for your business accounts, consider utilizing a formula. This allows you to have a different password for each business account by applying a method to how you arrive at the password for each individual account. This is just one solution you can put in place – there are many other methods you can utilize to protect not only your passwords but also all your critical business data.