As a result of an increased work-from-home environment in the past year, attacks from cyber criminals have spiked to new levels of frequency, sophistication, and targeted customization. These attacks are aimed at both businesses as well as individuals. The stakes range from your activity data to bank account/credit card breaches. We have noticed first-hand and increase in phishing emails, and emails alerting us to faxes sent that “require” hitting a link to review. We are sure we are not alone in seeing this increase in cyber threats. Please take a few minutes to read through our suggestions on how to stay ahead and remain confident in your cyber security practices.
Best Practices for You, Your Business & Your Family
- Do not email statements or documents with personally identifiable information (i.e. social security numbers or account numbers)
- Be vigilant about emails received, does it sound like the sender based on the email address
- Don’t click ad links – go directly to websites
- Scan your outgoing email folder for suspicious activity
- WiFi – If not needed, turn it off, and mind what networks you connect to
- Bluetooth – If not being used, turn it off
- Use phrases instead of words for passwords
- Change your passwords every three months
- Do not use the same password for multiple websites and log-ins.
- Change default passwords to routers, printers, TV’s, anything that connects to internet
- Change your security questions. For example, consider selecting security questions where the answers cannot be googled or found on social media
- Add a second type of authentication on your accounts, many institutions are offering this… just ask
- Make sure home computers are patched and kept up to date
- Ensure that home PC’s are protected against malware and viruses with real AV protection
Many of us enjoy taking our laptop or mobile device down to our local coffee shop, grabbing a cup of our favorite brewed beverage and sitting down to surf the web. Free WiFi is a luxury we have come to expect at these establishments, airports, on commuter vehicles or in our favorite stores.
Most WiFi networks that are created for home and business uses are password-protected and encrypted. However, most public WiFi hotspots are set up strictly for convenience – not security.
When you are using an unprotected public hotspot, whatever you do online while connected to the internet is wide open for viewing by hackers and other various perpetrators. That means your messages, emails, banking and shopping information, and every login under the sun is an open book to anyone who knows how to intercept your wireless connection!
In addition to electronically eavesdropping on you, hackers can also set up a network honeypot to entice you to connect to it, thinking you are connecting to the usual free wireless hotspot. Hackers will give this access point an inviting label so users will feel comfortable accessing it. Such an access point might be named “Starbucks Free Wi-Fi” or “Target Guest WiFi.”
If you see an access point with a name such as these while you are blowing the foam off of your cappuccino or trying on that new blouse, you’re liable to connect without a second thought.
The easiest way to ensure you don’t fall victim to connecting to a fake hotspot is to ask an employee what the name of the hotspot is and think twice about connecting if it isn’t password protected.
Fostering a Workplace Culture of Security
Security is not only the responsibility of a company’s IT department—employees are the first line of defense.
- Establish clear expectations among employees.
- Continuously raise awareness through ongoing education and examples.
- Communicate developments with other cyber-attacks in the news.
- Make it engaging by simulating phishing at random times.
- Consider working with cybersecurity experts to put strong protection in place, letting you focus on your core business.
Related to cyber security, we have been hearing from friends, family and news reports that phone scams are on the rise. If you receive a call from a family member or friend from an unknown number, please use caution and do not give personal or financial information until you can confirm it is that person. We suggest ending the call and reaching out to them through the phone number with which you are familiar.
Basic Security Terminology
There are many terms we hear used when discussing the topic of Cyber Security. The following is an abbreviated glossary to help you make sense of “what exactly are they talking about?”
- Phishing – Is disguising as a trustworthy entity in an electronic communication with the intent to obtain sensitive information such as usernames, passwords, and credit card details (and, indirectly, money), often for malicious reasons.
- Spoofing – Is the forgery of an email header so that the message appears to have originated from someone or somewhere other than the actual source
- Virus – A type of malicious software program that, when executed, replicated by reproducing itself or infecting other computer programs by modifying them.
- Malware – Any software used to disrupt computer or mobile operations, gather sensitive information, gain access to private computer systems, or display unwanted advertising
- Trackers – Practice of tracking web and mobile app users on the Internet. Including browsing history, email interactions, and website visit behavior.
- Scripts – Malicious code or web script designed to create system vulnerabilities leading to backdoors, security breaches, as well as information and data theft.
- Cookies & Super Cookies – A cookie is a message given to a browser by a web server in a text file message. A super cookie is designed to permanently store on a user’s computer. Generally more difficult to detect and remove.
- Ransomware – Extremely volatile malicious software designed to block access to a computer system until a sum of money is paid.
Check out these resources from Charles Schwab for more in-depth education:
- Fraud Encyclopedia: https://si2.schwabinstitutional.com/si2/published/direct/public/file/p-10532374
- Strengthening your firm’s Cybersecurity: https://www.schwab.com/public/file/P-9341133
As always, please feel welcome to contact Sandy Cove Advisors if you have any questions or would like to further discuss any of these cyber security measures.