One of the quickest and least expensive ways to help protect your business from unwanted viruses, malware, and other cyber threats is to educate your team on safe internet practices. And while we always recommend companies have a quality antivirus software, a quality firewall, and a backup and disaster recovery solution, these best internet practices can help you avoid frustration and financial loss caused by cyber attacks.
The three biggest threats people likely come into contact with out on the web are:
- Viruses and malware: even with the advancement in computer security and anti-virus software, viruses can still get on your computer if you’re not practicing safe internet use.
- Hacking: Hacking is when someone obtains your login information–usually from a remote location–and uses it to their advantage, which often means they’re after your credit card or banking information. There are a variety of hacking tactics out there.
- Phishing: according to the Merriam Webster online dictionary, phishing is a scam by which an Internet user is duped (as by a deceptive e-mail message) into revealing personal or confidential information which the scammer can use illicitly. These scams have evolved and many of them are more advanced than the classic “Nigerian prince” scam. Newer scams may come as an email claiming to be from your credit card company, a nonprofit organization, or even another employee within your company, so be on the lookout for suspicious emails and always go directly to the source if you have reason to suspect phishing.
How to stay safe:
- Don’t download anything (software, PDFs, attachments, etc.) from a website unless you’re sure it’s from a secure, trustworthy site–encryption is key here and it’s easy to spot. Up in the search bar, a website will either have a padlock, or it will say “Not Secure.” If, for whatever reason, your browser doesn’t display the padlock, you can tell if a site is secure by looking at the HTTP before the “www.” HTTP is not secure, but HTTPS is. The “S” stands for secure.
- Similarly, avoid downloading email attachments if you’re not sure they’re from a trusted user.
- Don’t buy anything or input any information into a site that isn’t secure. Just like you shouldn’t download anything from an unsecured site, you shouldn’t trust an unsecured site with your information. The company may be legitimate, but if the site isn’t safe, it makes it easier for hackers to get your information. Encryption makes it harder for anyone to access your information online.
- Use a different password for every account. If your login password is the same for your gmail account and your credit card account, this is very bad for safety. According to the password security report: 83% of people use the same password for multiple account logins including work email, online banking accounts, social media, and so on. Hackers most times use programs to break into accounts, meaning they have advanced methods of not only gaining access to your passwords, but gaining access to your other accounts using those passwords. We have another post dedicated to the “dos and don’ts” of passwords, linked here.
It also isn’t a good idea to save passwords to your browser. But if you feel like it’s too late for that warning, there is a way to check if your passwords are safe if you’ve saved them to Google Chrome or Mozilla Firefox.
- If you’re going to use public wi-fi or a public network, don’t use it to buy things, and PLEASE log out of accounts for websites that have sensitive information. Public wi-fi means that anyone can see what you’re doing, and opening an incognito window doesn’t actually protect you from this. Incognito windows just mean that your browser won’t save cookies or passwords in that window, so it’s better utilized for letting a friend access his or her email from your computer than it is to keep your internet activity private from hackers and scammers.
- Be aware of phishing tactics. If an email seems unusual or unsolicited, don’t click on any links within the email. Scammers will oftentimes create a website that looks nearly identical to a credit card or a bank or even Amazon’s website so that when you attempt to login, they’re gathering your login information. If you suspect an issue with any of your accounts, the safest course of action is to call the number on the back of your card or bank statement or go to the website directly. Do not click on email links. Legitimate companies are very good at letting customers know from their account homepage if there is an issue.
If everything appears fine with your account, you may want to report the email to the company, as many large companies will have a department that handles phishing, or you can report it as phishing within the email itself, so that similar emails will be sent to spam in the future. To do this, most email platforms have a “more options” menu within the email, generally located near the reply button. The menu will either look like three dots, or a drop-down arrow. Clicking the icon will open the menu where you can select the option “Report as Phishing.”
Criteria of most phishing emails:
- The email may not address you by your name, it’ll say “customer,” “client,” “Sir/Madam,” or something similar. Some phishing scams will have your name, so you can’t rely on this criterion alone, but it’s a good thing to check for. (For your information, if Amazon is emailing you about your account, they will ALWAYS use the name that you filled in for the account, not “customer” or “client.”)
- The email address will not be from the website it’s claiming to be from. Some scammers get pretty close to real addresses, but you can usually tell it’s a fake if you just read through it.
- There will likely be typos throughout the email.
- Phishing emails generally word their messages to sound urgent and they often promise some harsh course of action if there is no reply. Most companies you’ll have contact with will treat their customers better than that.
- The link they want you to click on will not go to an official site, even if it looks like it does, scammers are masters of redirect links and will redirect you to their own site, then they will likely redirect you again, after they’ve collected your information, to the real site so that you’re none the wiser about your information being gathered.
Bonus tips for staying safe:
- If the website for your own business isn’t secure, talk to your website designer or manager about getting an SSL certificate for your site.
- The Cybersecurity & Infrastructure Security Agency has a resource for securing your web browser if you want more in-depth internet security information.
- Beware of scammy ads. It’s generally never a good idea to click on ads that commonly appear on the side of a webpage, like those often seen on articles and blog posts. Scammers may purchase legitimate ad space to cause harm to your computer. If you click on an ad that leads to spam, the site you arrive at may download malicious code onto your PC. You can install an adblocker plugin which will eliminate these ads in the first place, and/or you can make sure that you are using a quality firewall and antivirus software.
If your company is ready to take its cyber security to the next level, VIP is happy to help. And with our tech support, you won’t be left on hold for hours and you’ll always talk to a real person. To contact us, click here
, and to learn more about our small business solutions, click here