You’ve probably heard the word “phishing” as it related to cybersecurity, but how familiar are you with what it actually is? There are a lot of ways that cybercriminals utilize phishing to gain access to your network and sensitive data, but the basic definition of phishing is that it is a type of cyberattack that installs malware or ransomware on your computer through a malicious link contained in an email.
The email might look like it’s coming from someone you know or have a subject line or content that seems urgent. But as soon as you click on a link in that email, the hackers have access to your computer, and all of your personal data.
Here are some tips from CISA, the Cybersecurity and Infrastructure Security Agency:
- When in doubt, contact the sender of the email via phone to verify that they did in fact send the email to you.
- Be wary of emails that address you generically, such as “hello bank customer.” Chances are, that’s not your bank. Another example would be an email that appears to be urgent, or sent from an executive at your company, requesting personal information from you to help with a project. There has also been a significant rise in emails that appears to be from the World Health Organization or the CDC containing important COVID-19 information, and once they are clicked on, the hackers have access to medical data and other sensitive information.
- Keep your personal data protected and avoid sharing a lot of personal information on social media networks. The more data you put out there about yourself, the more that hackers can use to fool you. If you tend to post on social media about your pets or your spouse, for example, do not use their names as passwords. It’s easy to guess which makes it easy for hackers to access all of your information. So, if you know you’re going to want to post pictures of your dog or cat cuddled up with you, or those adorable pictures of your kids playing, just make sure you don’t use their names as part of your password.
- Make sure you’re using complex passwords (long phrases, upper and lowercase letter, numbers, and symbols should all be part of it), and try not to use the same password for everything. Applications such as LastPass are also an excellent way to generate complex passwords and keep all of these passwords secure from unauthorized access. You should also be enabling multi-factor authentication, or MFA, to create an additional barrier to accessing your sensitive data. On a company level, having a clear and specific password policy for employees will ensure that customer data and other sensitive information is protected. We recommend requiring users to change their passwords at regular intervals (i.e. every 90 days), and requiring that they use complex passwords that do not match previous ones they have used.
- Finally, make sure your antivirus software and firewall are consistently up to date. Every layer of protection helps.
At the end of the day, hackers are going to do anything they can to try and compromise your data. But staying vigilant and knowing what to look for are your best weapons for keeping your network and sensitive information safe and secure. To learn more and ensure that your data and business are protected against cybercrime, contact the cybersecurity experts at TAG Solutions today!