When something seems phishy: cybersecurity tips
We all get them, whether at home or at work, through email, text, or our social media accounts. They appear to be from a family member, friend, vendor, or client. They seem innocent enough, asking you to check in on an order, share a photo, verify personal information, or just click a link.
Don’t.
As legitimate as these communications can appear, they aren’t always coming from the source you think. Cyber hackers have gotten increasingly good at mimicking legitimate emails and texts from companies, acquaintances, and even co-workers. After all, they have a vested interest in getting you or your employees to breach your company’s cybersecurity protections and provide private data or inadvertently download malware, or ransomware, onto your device — and more likely onto your company’s server.
5 Cybersecurity tips for employers to defend your data
But just because hackers have improved their digital design and writing skills doesn’t mean you don’t have ways to defend yourself and your company against phishing and hacking attempts. Here are some best practices to help keep your — and your company’s — data secure.
Always verify the sender
With emails, it only takes a few seconds to hover over the sender’s signature block to reveal their email address.
Pause and ask yourself whether the requested action seems legitimate. Would the CEO really reach out to you and ask you to buy e-gift cards, forward sensitive client data to him while on vacation, or wire money as a personal request? If you have any doubts, verify the colleague, vendor, or client’s address or website independently and email your contact at their known address and ask if they sent this to you.
For phone calls and texts, especially those requesting urgent action, similarly, verify that the number is legitimate before responding.
Watch out for bad grammar
Typos are still a tip-off that something might be phishy. While we all make them, corporate communications go through so many rounds of reviews, that misspellings and numerous grammatical errors are uncommon. Though hackers are getting better at proofing, being as judgmental as your eighth-grade English teacher can save you from a regrettable click-through.
Build up your cybersecurity policies
Have and enforce password policies that align with the latest guidance from the National Institute of Standards and Technology (NIST) and other cybersecurity specialists.
That includes requiring minimum password lengths of at least eight characters. Prioritize length over complexity — longer is better. Use phrases or sentences that are easy to remember. If you can, also incorporate multi-factor authentication. It’s one of the strongest protections you or your company can use to prevent accounts from being compromised.
Use cybersecurity technology to your advantage
Apply software patches as soon as they come out. Consider presetting your computer to ensure that those patches update automatically as soon as they are available. This is especially helpful if you’re an employer.
Communication is key
If you’re an employer, communicating online etiquette to employees clearly and reminding them of it often is important.
For instance, many may not realize that they should not be downloading files, such as fonts they may need, or free software, without requesting permission from your IT department first. But you can put in firewalls that will prevent them from being able to do so.
And should something unfortunate happen, consider if you should share some of the details on a company-wide basis so that everyone is aware of the attempted breach. It helps make the precautions you ask employees to take even more credible.
The best defense for individuals and companies of all sizes is to keep your collective guard up by being hyper-vigilant to suspicious communications.