Cybersecurity has become a topic of immense discussion. Yet today it does not receive the place it deserves at the table. Leaders still believe that what has happened to countless others will not happen to them. We hear this a lot…”It always affects someone else. It can’t happen to me.” Well, the statistics don’t lie. The number of hacks and identity thefts have gone up over 500% in the last six years. That’s just counting those that are reported to the US Cybersecurity Agency. It is estimated that in 2015 there were over one million actual cyber incidents in the US alone. Keep in mind, we have seen that one incident can affect over 100 million people. These dire numbers are likely to climb in 2016. Yes, the problem is going to get worse before it gets better.
As a leader, you play a critical role in your organization’s cybersecurity as well as that of your constituents and employees. While the role of CISO
Here are some important strategies to help you understand the ways hackers will attempt to steal your organization’s data or your personal information and how you can take steps to protect yourself and your company.
Phishing and Spoofing Emails. These are the most obvious yet most successful points of entry for cyber criminals. These are emails disguised as those from legitimate organizations, such as a bank, that attempt to deceive you into clicking on a link, opening attachments, or giving away sensitive personal information. You should begin protecting your email inbox as you do your bank account. These schemes are only becoming more prevalent and harder to spot.
Avoid clicking on links in emails. If you believe the email is legitimate go to the site and log on directly. Whatever notification or service offering referenced in the email, if valid, will be available on the company’s website.
Never open email attachments. If you are receiving emails from retailers, note that they typically will not send emails with attachments. If there is any doubt, contact the retailer directly and ask whether the email with the attachment was sent from them.
In your email application, turn off the option to automatically download attachments. This allows you an extra layer of protection. This will come in handy if you accidentally click on an attachment. We can all use a reminder to think twice before downloading files.
Passwords are an issue for most people. Too often many resort to putting them in a spreadsheet or a post-it note…don’t do it! You must come up with a better strategy to keep your passwords safe. It’s important to set secure passwords and don’t share them with anyone.
Avoid using common words, phrases, or personal information, and update passwords regularly. Many people use passwords that are based on personal information and are easy to remember. However, this also makes it easier for an attacker to guess or crack them. Although intentionally misspelling a word (“lyghte” instead of “light”) may offer some protection against dictionary attacks, an even better method is to rely on a series of words and use memory techniques, or mnemonics, to help you remember how to decode it. For example, instead of the password “pigskin,” use “IlTpfb” for “[I] [l]ike [T]o [p]lay [f]oot[b]all.” Using both lowercase and capital letters adds another layer. Your best method is to use some combination of numbers, special characters, and both lowercase and capital letters. Change the same example we used above to “Il!2pFb.” and see how much more complicated it has become just by adding numbers and special characters.
Another method is to take short phrase or word and add numbers and special characters. Then add the website to the end. Here’s an example: Take the word Summer and the year 1990. My special character is # So my base password would be Summer1990#, then I add the website to the end in all caps. For Facebook, Summer1990#FB. For LinkedIn, Summer1990#LI.
Multifactor authentication. Some websites offer the option of adding an additional step, typically a code sent to a cell phone number, to login to an account. It takes a little extra time but certainly adds an additional layer of security.
Keep your operating system, browser, anti-virus and other critical software up to date. Security updates and patches are available for free from major companies. Although patching can be annoying and doesn’t always seem to be the most pressing need, there’s a reason these software companies send them out. It’s because the vulnerabilities are very, very real.
Verify the authenticity of requests from companies or individuals by contacting them directly. If you are asked to provide personal information via email (and anything beyond basic information should definitely peak your concern), you can independently contact the company directly to verify this request. Sometimes it helps to just pick of the phone. If something looks fishy, it probably is.
Pay close attention to website URLs. Malicious websites sometimes use a variation in common spelling or a different domain (for example .net instead of .com) to deceive unsuspecting computer users. Actions on the web leave a footprint, so you must be careful.
Understand and learn to avoid social engineering techniques. Social engineering is a process of deceiving individuals into providing personal information to seemingly trusted agents who turn out to be malicious actors. If contacted over the phone by someone claiming to be a retailer or collection agency, do not give out your personal information. This has definitely been a problem this tax season, as many have been on the end of fraudulent calls from actors pretending to be the IRS. Yesterday, the Federal Trade Commission (FTC) issued an alert on tech-support themed telephone scams. In these scams, fraudulent callers claim to be from legitimate technical support organizations offering to fix computer problems that don’t exist. The FTC rightly warned users to never give control of their computers to anyone calling and offering to “fix” a problem.
When you receive a call asking for personal information, ask whomever is on the other end of the line to provide you their name and a call-back number. Then verify if the call back number is legitimate. Just because they may have some of your information does not mean they are legitimate!
Protect your personal data with the upmost diligence, and don’t give it to anyone unless you are 100% positive it is safe.
As you should be aware by now, even the most secure computer networks are in danger of being attacked. Hopefully, your personal information or data is never stolen in a cyber attack. Remember the attack on Target. It was a planned attack targeted at a specific company. The retail industry, above other industries, is the target of attacks because it possesses useful financial data that cyber criminals desire. One-third of all Americans will be affected by this recent data theft. Until retail corporations upgrade their cyber security protection, take the steps above to remain proactive. And don’t forget, cash is still accepted everywhere!
Recently, the director of the FBI related a story to a television news magazine about how you should feel when you are online. We all have to be on edge, he said. Think of it like walking to your car at a very large mall late at night. Your car is in a dimly lit area and way in the back of an empty lot. While you’re walking, you will likely be looking over your shoulder and behind you. Your blood pressure will probably rise until you get to the safety of your car. That’s the way we need to feel when we are online: always on edge and closely monitoring our surroundings.
Proper education can be the difference in avoiding a cyber attack and becoming a victim of a breach. Often all it takes is one mistake, and your entire network is compromised. This is why it’s imperative to train your entire organization, and every team member, on cybersecurity best practices. We offer public and private cybersecurity courses that teach the latest in techniques and protection. For a look at our current course schedule, please visit FPOV.com/edu
About the Author
Scott Brady is the VP of Marketing and Education at FPOV. He has over 25 years of sales and operational management experience in a variety of diverse industries. He oversees FPOV’s education arm, which delivers a wide array of public and private courses designed to educate executives on optimizing their organizations’ digital domain.